[pca] RFE: pca-proxy.cgi without stored credentials
Martin Paul
martin at par.univie.ac.at
Mon Nov 16 11:27:49 CET 2009
Hi,
> Hm, how about making the username something like
>
> <SOA-Username>!<SOA-Password>
>
> Ie. seperate the username & password in the username "field" with something
> like a ! (or whatever...).
Won't help either - to make the HTTPD set REMOTE_USER, which could then
be used by the CGI, you need a ".htaccess" file, as far as I understand
it. The CGI itself can't force the HTTPD to do the authentication, as it
seems.
> While this might work, I find it ugly....
Yes, I wouldn't want to use that neither. As for other alternatives -
including e.g. "&soa=...." in the URL is insecure, and hacking with
cookies doesn't seem very attractive to me, too.
Martin.
More information about the pca
mailing list