Re: CGI/1.0: last call

Ari Luotonen ([email protected])
Sun, 5 Dec 93 13:40:08 +0100


> >> No, we found that the server had to parse some of the header anyway, and
> >> therefore did not make the header lines available to the script for
> >> implementation reasons. Is there something from the header you'd like to see
> >> that isn't in the spec?
> >
> > Yes, I want header line "authenticate" to have the password for the
> >username or an environemental variable with "username:password" uuencoded.
>
> Sorry, there is a bug ... it is header line "authorization" and not
> "authenticate".

No. Password should be kept inside the server for security reasons.
The environment variable REMOTE_USER is only defined if user has
successfully authenticated himself. This should be enough.

-- Cheers, Ari --