Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Peter J. Holzer
November 23, 2008, 9:17 am
rate this thread
REMOTE_USER is set by the web server. You don't know how the web server
determined the remote user, so you cannot know whether it is secure.
Basic auth over an unencrypted connection is insecure, of course. Basic
auth over https cannot be sniffed on the network (but the user may have
a weak password, or a keylogger on his machine). Https with Public key
crypto where the private key is stored in key hardware token on the
user's side is very secure.
However, checking for REMOTE_USER is often futile: If the user wasn't
authenticated or isn't authorized to run the script, the script isn't
- » FAQ 8.35 How do I close a process's filehandle without waiting for it to complete?
- — Next thread in » PERL Discussions
- » Re: how to support delete of <directoryname> as well as <directoryname>/
- — Previous thread in » PERL Discussions