[rrd-users] Re: REMOTE_USER, I can trust...
Owen DeLong
owen at dixon.delong.sj.ca.us
Fri Mar 10 15:40:10 MET 2000
> On Thu, Mar 09, 2000 at 11:04:24PM +0000, Gilles Lamiral wrote:
> > Hello,
> >
> > > I cannot use the CGI variables, as I cannot trust them, but the
> > > REMOTE_USER, I can trust ...
> >
> > You can not trust REMOTE_USER more than a cgi variable.
> > Plus, REMOTE_USER is not set by most browsers.
>
> I thought REMOTE_USER was set by the webserver having broken that out
> from the authentication string.
>
You are correct. REMOTE_USER is set by the server and is based on the
authentication string. It is a trustworthy variable.
Form variables are not trustworthy, as they are easily set to arbitrary
values by any user with 1/2 a clue.
Owen
--
Unsubscribe mailto:rrd-users-request at list.ee.ethz.ch?subject=unsubscribe
Help mailto:rrd-users-request at list.ee.ethz.ch?subject=help
Archive http://www.ee.ethz.ch/~slist/rrd-users
More information about the rrd-users
mailing list