[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] CGI guru

Subject: [cobalt-users] CGI guru
From: "manitu" <manitu@xxxxxxxxxx>
Date: Tue Feb 22 02:06:26 2000

Hello all,

is there a cgi guru on this list ? I have a little security question and
perhaps someone can helpme. I am currently going to extend the Cobalt GUI in
order to have some additional features.

I have had a closer look to the way of how the authorization to the server
admin / site admin / personal admin pages work. They are only realized by
.htaccess files which require the respective groups / users and admin.

My question is the following. When a CGI that is located within a directory
protected by a .htaccess file is called (provided that the auth. was
successful), then the REMOTE_USER environment variable is set to the (linux)
username which the user did enter.

Does anybody know how secure this value is ? If the .htaccess file is
correct (I mean that the .htaccess files does use the linux user data and
not from a .htpasswd file), can I trust if the REMOTE_USER is set to "admin"
that it is the admin user ?

Manuel

Follow-Ups:
- Re: [cobalt-users] CGI guru
  - From: Robert Davis

Prev by Date: [cobalt-users] Name based hosting - RaQ3
Next by Date: RE: [cobalt-users] front page problem with RaQ2
Previous by thread: RE: [cobalt-users] Name based hosting - RaQ3
Next by thread: Re: [cobalt-users] CGI guru

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index