[rrd-users] Re: REMOTE_USER, I can trust...

Owen DeLong owen at dixon.delong.sj.ca.us
Fri Mar 10 15:40:10 MET 2000

> On Thu, Mar 09, 2000 at 11:04:24PM +0000, Gilles Lamiral wrote:
> > Hello,
> > 
> >  > I cannot use the CGI variables, as I cannot trust them, but the
> >  > REMOTE_USER, I can trust ...
> > 
> > You can not trust REMOTE_USER more than a cgi variable.
> > Plus, REMOTE_USER is not set by most browsers.
> I thought REMOTE_USER was set by the webserver having broken that out
> from the authentication string.

You are correct.  REMOTE_USER is set by the server and is based on the
authentication string.  It is a trustworthy variable.

Form variables are not trustworthy, as they are easily set to arbitrary
values by any user with 1/2 a clue.


Unsubscribe mailto:rrd-users-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:rrd-users-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/rrd-users

More information about the rrd-users mailing list