CGI/1.1 draft

ts ([email protected])
Wed, 16 Mar 1994 08:02:16 --100


> While Accept:, Content-Type: and Content-Length: are literally in
> the CGI variable space, only a munged version of Authorized: is
> there. How about changing that to "does not include Authorized:
> if server is doing the authentication on that script, otherwise
> is does." For a script with simple authorization requirements,
> the server can do the work. When the script gateways into something
> where server authentication is inappropriate or impossible
> (like an Oracle database), the writer can use an "nph-" script and
> do the authentication herself.
>

Why server authentication is impossible with an Oracle database ?

Actually, when I consult an Oracle database server make authentication and
call the script with the process uid of the authenticated user. Script use
only process uid (and no password) to open the database, i.e. (in Perl) :

&ora_login($database,'/','');

Script don't make authentication but check only the real access to the
database.

Guy Decoux