It seems reasonable that a CGI script should be know who it's talking to and
how they got authenticated. There is nothing to prevent a server performing an
initial level of access control when it decides whether to the start the
script (or indeed which script to start), but the script itself be able to
make it's own decisions, as well as using the info.
Peter Lister Email: p.lister@cranfield.ac.uk
Computer Centre, Cranfield University Voice: +44 234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK Fax: +44 234 750875
--- Go stick your head in a pig. (R) Sirius Cybernetics Corporation ---