in reply to Re: Re: Calling script after htaccess authentification
in thread Calling script after htaccess authentification

$ENV{'REMOTE_USER'} cannot be spoofed. It is environment variable which is set by Apache on the basis of authorization results. If your Apache configuration is secure you can trust it.

--
Ilya Martynov (http://martynov.org/)

  • Comment on Re: Re: Re: Calling script after htaccess authentification

Replies are listed 'Best First'.
Re: Re: Re: Re: Calling script after htaccess authentification
by Xxaxx (Monk) on Jul 31, 2002 at 19:44 UTC
    IlyaM,
    Thanks for the encouraging news. I did some checking based on your input and found that the spoofing of REMOTE_USER has to do with some scripts relying on globals from CGI rather than looking directly at the ENV hash. I don't pretend to know the innards of what that means. I do know that I use the ENV variables directly and based on your comment and what I could find it appears to be solid.

    Thanks
    Claude

[reply]

In Section Seekers of Perl Wisdom