2013/8/12 Peter FELECAN <pfele...@opencsw.org>: > Returning to the REMOTE_USER not being defined, after a cursory look at > other people having issues with that it seems that even if the > environment variable is not provided, there is a possibility to obtain > the remote user from the "authorization" header, see > http://stackoverflow.com/questions/8495229/remote-user-not-being-set-by-apache2 > but maybe this is also modified by the proxy.
Normally the authorization header is stripped, unless you configure Apache to specifically include it. The security concern is that you expose the auth password to the script while you don't need to. Maciej _______________________________________________ maintainers mailing list maintainers@lists.opencsw.org https://lists.opencsw.org/mailman/listinfo/maintainers .:: This mailing list's archive is public. ::.
