[csw-maintainers] Non-Maintainer Uploads (NMUs)
Maciej (Matchek) Bliziński
maciej at opencsw.org
Mon Aug 12 15:04:50 CEST 2013
2013/8/12 Peter FELECAN <pfelecan at opencsw.org>:
> Returning to the REMOTE_USER not being defined, after a cursory look at
> other people having issues with that it seems that even if the
> environment variable is not provided, there is a possibility to obtain
> the remote user from the "authorization" header, see
> http://stackoverflow.com/questions/8495229/remote-user-not-being-set-by-apache2
> but maybe this is also modified by the proxy.
Normally the authorization header is stripped, unless you configure
Apache to specifically include it. The security concern is that you
expose the auth password to the script while you don't need to.
Maciej
More information about the maintainers
mailing list