> I figured out that our webmaster took special care
> for passwords - we have AFS here and AFS passwords are
> often used to authenticate Web stuff.
> Therefore he somehow deletes PHO_AUTH_PW before my script
> gets executed.
> Sorry for the wrong bug - the real bug is that I need to
> be able to tell PHP not to reveal passwords already used
> by Apache for some kind of authentication.

But even if PHP tries to hide this, you can still get it straight from the
browser headers.  It will be in the Authentication header using trivial
base64 encoding.  A base64_decode() on the authentication header will
reveal the username and password.


PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to