* Todd Finney ([EMAIL PROTECTED]) [010112 13:00]:
> At 12:07 PM 1/12/01, Blue Lang wrote:
> >On Fri, 12 Jan 2001, J. J. Horner wrote:
> > > I'm also toying with the idea of allowing each script
> > to have a DEBUG=1
> > > option enabled in a handler so that as long as it is
> > the script owner,
> > > verified by uid, trying to set the DEBUG=1 parameter in
> > a URL, the full
> > > debug information is sent to a browser
> >
> >Erm.. I'm not sure how you're going to verify the uid of a
> >remote user,
> >unless you mean mapping an IP to each cgi-wrapped UID.
>
> I don't see how you'd do it based on uid, either, but you
> could certainly do something based upon REMOTE_ADDR.
>
Why do you think it would be hard to return AUTH_REQUIRED if the
DEBUG=1 param is in the URL? Granted, the browser issues involved won't
make it the best solution, but no worse than passwords are already. Someone
would have to be using a machine where a valid uid/passwd are in browser cache,
or someone would have to know a valid uid/password.
My guess is that if I can get it to return AUTH_REQUIRED if DEBUG=1,
then display the debugging information once the 401 is settled, this may
be a useful handler.
My main worry is how I'm going to produce the best debugging information
without requiring scripts to be rewritten. As it is, CF displays debugging
information based on IP. I can mimic the code from cgiwrap to find what I
would like to send, and I can probably find a way to send the best debugging
and error reporting to the debugging uid's browser.
Sorry, I'm going to take this off list now.
If you are interested in discussing this, send to my email.
JJ
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
