[csw-maintainers] Non-Maintainer Uploads (NMUs)

Peter FELECAN pfelecan at opencsw.org
Mon Aug 12 15:16:28 CEST 2013


"Maciej (Matchek) Bliziński" <maciej at opencsw.org> writes:

> 2013/8/12 Peter FELECAN <pfelecan at opencsw.org>:
>> Returning to the REMOTE_USER not being defined, after a cursory look at
>> other people having issues with that it seems that even if the
>> environment variable is not provided, there is a possibility to obtain
>> the remote user from the "authorization" header, see
>> http://stackoverflow.com/questions/8495229/remote-user-not-being-set-by-apache2
>> but maybe this is also modified by the proxy.
>
> Normally the authorization header is stripped, unless you configure
> Apache to specifically include it. The security concern is that you
> expose the auth password to the script while you don't need to.

Indeed. How about a rewrite? What are the other environment variables
accessible to the script?
-- 
Peter


More information about the maintainers mailing list