List:General Discussion« Previous MessageNext Message »
From:Vivek Khera Date:July 1 1999 2:32pm
Subject:RE: auth_mysql problem ... perhaps off topic
View as plain text  
>>>>> "NP" == Nigel Parker <nigel.parker@stripped> writes:

NP> -----Original Message-----
NP> From:	Bruno Matarollo [SMTP:bruno@stripped]
NP> Sent:	Wednesday, June 30, 1999 5:15 PM
NP> To:	mysql@stripped
NP> Subject:	auth_mysql problem ... perhaps off topic
NP> 	I have installed MySQL 3.22.22, Apache 1.3.6 and auth_mysql 2.20 I
NP> presume ... the last one available from the MySQL site... I could compile
NP> everything just fine... I can authenticate using users in the database...
NP> The problem I am having is that usually when doing an authentication you
NP> should have an env var like REMOTE_USER no? Well, I made up a small
NP> cgi-script taht prints up all the env vars, and when using auth_mysql I

Most common cause of this is that your cgi-bin directory is NOT
password protected.  Just because the page containing the form was
protected does not mean this one will be...

NP> don't have a var that states what user was validated... I mean, I need to
NP> know what user is logged in after a successful authentication...
NP> -------------------------------

NP> Surely auth_mysql will contain a function to return the authenticated user?

NP> Don't use REMOTE_USER environment variable.  It is so easy to fake...

Interesting claim.  Please explain why you think it is easy to fake
out the server from inserting REMOTE_USER.
Thread
auth_mysql problem ... perhaps off topicBruno Matarollo30 Jun
  • Re: auth_mysql problem ... perhaps off topicBenjamin Pflugmann1 Jul
RE: auth_mysql problem ... perhaps off topicNigel Parker1 Jul
  • RE: auth_mysql problem ... perhaps off topicVivek Khera1 Jul
RE: auth_mysql problem ... perhaps off topicNigel Parker1 Jul
  • RE: auth_mysql problem ... perhaps off topicVivek Khera1 Jul