hi, > And sensitive cleartext data like SQL passwords can always be passed > through environment variables. For instance, Apache has the 'Setenv' > directive to set this, and the httpd.conf file can be made only readable by > root.
Correct me if I'm wrong, but the documentation to mod_auth_external reads like this: By default, mod_auth_external passes the user's login and password to the external authentication program by putting them in environment variables called USER and PASS. On some versions of Unix (including SunOS and IRIX) any user logged onto the server can see these values by doing a "ps -e" command. http://www.unixpapa.com/mod_auth_external.html Maybe this is out of context, but according to that documentation, using environment variables for sensitive data is not a good idea -- although I cannot confirm this, as I do not have access to SunOS or IRIX. -daniel -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
