Hi!
>> And if you don't run your virtual hosts as a spearate user, even with
>> suexec there is a very small vulnerability window to grab the
>> authentication data. That's why I understand the Apache people for not
>> passing the Authorization header by default.
>
> There is not such a small win
Hi,
> I compile my server binaries and never rely on pre-compiled versions; I
> _never_ imagined using Apache without suexec which IMHO is a complete
> nonsense and should be a default behavior. Finally I never imagined
> running any virtualhost with the Apache user. That way, running Apache
>
Hi!
> I have an application that I'd like to switch to mod_fcgid, but
> unfortunately it doesn't work as I wanted it to. the (php) application
> uses basic authentication (not in apache but in php) but the entered
> information is definitely not sent down to the application with
> mod_fcgi
Hello!
> Thank you for your contribution, but IMHO this patch is not necessary
> because the problem comes from Apache not allowing the Authorization
> header to be added as an environment variable (Header => HTTP_HEADER
> transformation). See the httpd-2.2.4 source,server/util_script.c:173.
Hi,
If you use 'PassHeader Authorization' in order to allow FastCGI scripts
to access the Authentication data, an environment variable
'Authorization' containing the header will be created. But any script
that follows the CGI specification will expect a header 'Foo' to be
added as an environment v
