ID: 8827 Updated by: jmoore Reported By: [EMAIL PROTECTED] Old-Status: Open Status: Closed Bug Type: Apache related PHP Version: 4.0.4pl1 Assigned To: Comments: This is the expected behaviour now. HTTP_RAW_HEADERS holds the same information anyway. - James Previous Comments: --------------------------------------------------------------------------- [2001-04-17 04:53:29] [EMAIL PROTECTED] I am currently running with safe_modes enabled but the password is still retrievable via the PHP_AUTH_PW variable when using external authentications. Thanks! --------------------------------------------------------------------------- [2001-04-16 06:41:11] [EMAIL PROTECTED] This is now the expected behaviour due to various problems with being able to verify if there are other mecanisms. If you really dont want this to happen run in safe mode or manually patch your mod_php4.c and uncommect the line && auth_type(r) this is a very buggy fix for various reasons when other mod_auth_* systems decline authentication it will onyl work when they accept. - James --------------------------------------------------------------------------- [2001-01-21 01:41:08] [EMAIL PROTECTED] Under Apache-1.3.14 w/ php4.0.4pl1 and using auth_ldap for external authentication to an ldap server, PHP_AUTH_PW stores the password of the user that authenticates successfully. This did not occur in earlier versions of php3 and php4 and creates a problem for websites that require external authentication before accessing and the services that are provided within the websites are run by different parties as this will result in other parties getting hold of the user's password. php.ini used is similar to that which came with the php-4.0.4pl1 distribution and no settings that are changed is related to authentication. php is compiled using the following parameters :- ./configure --with-apache=/usr/src/apache_1.3.14 --with-mysql=/usr --with-dbase=yes --enable-sysvshm=yes --enable-sysvsem=yes --with-config-file-path=/usr/lib --with-system-regex=no --enable-safe-mode=yes --with-exec-dir=/usr/bin --enable-track-vars=yes --enable-magic-quotes=yes --enable-memory-limit=yes --with-ldap=/usr --with-imap=/usr --enable-ftp --with-t1lib --with-ndbm --with-db --------------------------------------------------------------------------- ATTENTION! Do NOT reply to this email! To reply, use the web interface found at http://bugs.php.net/?id=8827&edit=2 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
