Hi!
>> And if you don't run your virtual hosts as a spearate user, even with
>> suexec there is a very small vulnerability window to grab the
>> authentication data. That's why I understand the Apache people for not
>> passing the Authorization header by default.
>
> There is not such a small win
On 07/12/2008 12:14:21 AM +0200, Christian Seiler <[EMAIL PROTECTED]> wrote:
> Hi,
>
>> I compile my server binaries and never rely on pre-compiled versions; I
>> _never_ imagined using Apache without suexec which IMHO is a complete
>> nonsense and should be a default behavior. Finally I never
Hi,
> I compile my server binaries and never rely on pre-compiled versions; I
> _never_ imagined using Apache without suexec which IMHO is a complete
> nonsense and should be a default behavior. Finally I never imagined
> running any virtualhost with the Apache user. That way, running Apache
>
Hi
On 07/11/2008 11:10:56 PM +0200, Christian Seiler <[EMAIL PROTECTED]> wrote:
>> I have an application that I'd like to switch to mod_fcgid, but
>> unfortunately it doesn't work as I wanted it to. the (php) application
>> uses basic authentication (not in apache but in php) but the entered
Hi!
> I have an application that I'd like to switch to mod_fcgid, but
> unfortunately it doesn't work as I wanted it to. the (php) application
> uses basic authentication (not in apache but in php) but the entered
> information is definitely not sent down to the application with
> mod_fcgi
On Fri, 2008-07-11 at 20:16 +0200, Wolfgang Hennerbichler wrote:
> Hi people,
>
> I have an application that I'd like to switch to mod_fcgid, but
> unfortunately it doesn't work as I wanted it to. the (php) application
> uses basic authentication (not in apache but in php) but the entered
>
Hi people,
I have an application that I'd like to switch to mod_fcgid, but
unfortunately it doesn't work as I wanted it to. the (php) application
uses basic authentication (not in apache but in php) but the entered
information is definitely not sent down to the application with
mod_fcgid.