I am not sure using the http protocol is the best way here. I think we don't really care about the uploader, we rather care about who rebuilt the package. Because he's the one who knows what modification was made.
So I think it makes more sense to put that information in the package (in pkginfo) at package build time, rather that trying to find it at upload time from the authorization layer (even if usually uploader = last package builder). Yann 2013/8/12 Peter FELECAN <pfele...@opencsw.org> > "Maciej (Matchek) BliziĆski" <mac...@opencsw.org> writes: > > > 2013/8/12 Peter FELECAN <pfele...@opencsw.org>: > >> Returning to the REMOTE_USER not being defined, after a cursory look at > >> other people having issues with that it seems that even if the > >> environment variable is not provided, there is a possibility to obtain > >> the remote user from the "authorization" header, see > >> > http://stackoverflow.com/questions/8495229/remote-user-not-being-set-by-apache2 > >> but maybe this is also modified by the proxy. > > > > Normally the authorization header is stripped, unless you configure > > Apache to specifically include it. The security concern is that you > > expose the auth password to the script while you don't need to. > > Indeed. How about a rewrite? What are the other environment variables > accessible to the script? > -- > Peter > _______________________________________________ > maintainers mailing list > maintainers@lists.opencsw.org > https://lists.opencsw.org/mailman/listinfo/maintainers > .:: This mailing list's archive is public. ::. >
_______________________________________________ maintainers mailing list maintainers@lists.opencsw.org https://lists.opencsw.org/mailman/listinfo/maintainers .:: This mailing list's archive is public. ::.
