Hi,
Hm, how about making the username something like
<SOA-Username>!<SOA-Password>
Ie. seperate the username & password in the username "field" with something
like a ! (or whatever...).
Won't help either - to make the HTTPD set REMOTE_USER, which could then
be used by the CGI, you need a ".htaccess" file, as far as I understand
it. The CGI itself can't force the HTTPD to do the authentication, as it
seems.
While this might work, I find it ugly....
Yes, I wouldn't want to use that neither. As for other alternatives -
including e.g. "&soa=...." in the URL is insecure, and hacking with
cookies doesn't seem very attractive to me, too.
Martin.