* Blue Lang ([EMAIL PROTECTED]) [010112 12:08]:
> On Fri, 12 Jan 2001, J. J. Horner wrote:
>
> > I'm also toying with the idea of allowing each script to have a DEBUG=1
> > option enabled in a handler so that as long as it is the script owner,
> > verified by uid, trying to set the DEBUG=1 parameter in a URL, the full
> > debug information is sent to a browser
>
> Erm.. I'm not sure how you're going to verify the uid of a remote user,
> unless you mean mapping an IP to each cgi-wrapped UID.
>
> Either way, you've got a lot of moving targets. I might hijack the custom
> error page handler in Apache and send a default error page unless the
> remote user is somehow authenticated.. But I don't think remote uid or IP
> are gonna be reliable.
>
Well, I was hoping that once the DEBUG=1 option is set, I could force a
login by returning AUTH_REQUIRED, and if the authenticated uid matches the uid
in the file ownership, the debugging information is sent. If not, the user
gets a standard 401 message.
But as I envision it now, I'd have to add something to the URL parser that looks
for DEBUG=1, and if present, sends to the special handler which does magic and
runs an strace on the script, or something. I haven't fleshed out all of the details,
but I'd like something similar to what Cold Fusion offers in its debugging options,
and what cgiwrapd offers with its cgiwrapd setup.
I'm just thinking right now.
Thanks,
JJ
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
