Hi, > I am using Basic authentication on my school site. > It works as I want, but when I use php, I can read the password form > variable $php_auth_pw / $HTTP_SERVER_VARS["PHP_AUTH_PW"]. > I think it have a security problem when the student can read another one > password using php. > But I have no ideal how to protect it. > Is it the setting of apache or php?
why should this be a security problem? you can only read out your OWN user/password and not from others. And I think YOU already know YOUR own password, therefore it's not a secret. besides, you have to be able to run a php script within a protected area. Kind Regards, Daniel Lorch -- @echo "Hello, World"; -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
