Re: CGI and REMOTE_USER

Rob McCool (robm@ncsa.uiuc.edu)
Thu, 20 Jan 1994 15:22:16 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave_Raggett: "Re: Looking for a list of special characters supported by HTML"
Previous message: Lou Montulli: "Re: CCCC @ NJIT CMC/CSCW"
Maybe in reply to: Markus Stumpf: "CGI and REMOTE_USER"
Next in thread: M. Strata Rose: "Re: CGI and REMOTE_USER"

/*
* Re: CGI and REMOTE_USER
* written on Jan 19, 11:49am.
*
* I only object to the name. It should really be something like
* REMOTE_IDENT. We don't want to promote the fallacies that
* RFC931 gives you the username and, especially, that the information
* it gives you is useful for anything but audit information.

Hmmm, a good point. It is trivial to forge this information and LOGNAME
implies that the variable is really the remote username.

Okay, so how about REMOTE_IDENT? Anyone object to that?

* Along those lines, it should probably be base64 encoded since
* it could be binary.
*/

Why? I see nothing in the RFC which implies that it could be binary, in
fact, the reply is specified to be terminated by a CR/LF pair. Is there
something I'm not reading correctly? Similarly, rfc931.c uses fgets to read
the server's reply which would probably be munged horribly by binary output
from the server.

--Rob

Next message: Dave_Raggett: "Re: Looking for a list of special characters supported by HTML"
Previous message: Lou Montulli: "Re: CCCC @ NJIT CMC/CSCW"
Maybe in reply to: Markus Stumpf: "CGI and REMOTE_USER"
Next in thread: M. Strata Rose: "Re: CGI and REMOTE_USER"