Re: [PHP] Authorization header is missing from apache_request_headers() array
On Fri, March 18, 2005 6:24 am, LacaK said: When I try to use HTTP Digest Authorization using code like : Header( HTTP/1.0 401 Unauthorized); Header( WWW-Authenticate: Digest realm=\www.myrealm.com\, opaque=\opaque\, nonce=\nonce\, stale=\false\, qop=\auth\); browser returns in HTTP request Authorization header like this one : Digest username=lacak, realm=www.myrealm.com, qop=auth, algorithm=MD5, uri=/devel/phpinfo.php, nonce=5e8ac9b033001458fc5380d8a88325a2, nc=0004, cnonce=c9495e4af19fa6b08eb045f32e6ced79, response=fbd8f86b45334202b2cac380f29d9706 When PHP runs as apache module with safe_mode=off I can read this header using apache_request_headers() function But when safe_mode=On, then apache_request_headers() returns no Authorization (this is documented behavior) Is this bug or exists other way how access Authorization header ? Can anyone help ? How to report this to php developers, to fix this problem ? I could be *WAY* wrong, but I thought nobody ever bothered with Digest Auth because, e. It's not better/safer than HTTP Auth? You might as well go with SSL if you go to that much trouble? Not enough browsers support it? Okay, so clearly I don't remember why I thought this. Google for PHP HTTP Digest Authentication and see what turns up... But don't be surprised if the answer is Not supported -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authorization header is missing from apache_request_headers() array
Richard Lynch wrote: I could be *WAY* wrong, but I thought nobody ever bothered with Digest Auth because, e. It's not better/safer than HTTP Auth? HTTP Basic Authorization send login:password in clear text (only base64 encoded) so it can be 'eavesdropped' in HTTP Digest Authorization password is hashed md5(...) co can not be direct readed. Digest is more secure than Basic and was developed as replacement of Basic You might as well go with SSL if you go to that much trouble? Yes SSL is solution, but when ISP does not support it ... ? Not enough browsers support it? I have tested it with IE5.x, FireFox 1, Opera 7 and all works OK Okay, so clearly I don't remember why I thought this. Google for PHP HTTP Digest Authentication and see what turns up... But don't be surprised if the answer is Not supported -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Authorization header is missing from apache_request_headers() array
Hello, When I try to use HTTP Digest Authorization using code like : Header( HTTP/1.0 401 Unauthorized); Header( WWW-Authenticate: Digest realm=\www.myrealm.com\, opaque=\opaque\, nonce=\nonce\, stale=\false\, qop=\auth\); browser returns in HTTP request Authorization header like this one : Digest username=lacak, realm=www.myrealm.com, qop=auth, algorithm=MD5, uri=/devel/phpinfo.php, nonce=5e8ac9b033001458fc5380d8a88325a2, nc=0004, cnonce=c9495e4af19fa6b08eb045f32e6ced79, response=fbd8f86b45334202b2cac380f29d9706 When PHP runs as apache module with safe_mode=off I can read this header using apache_request_headers() function But when safe_mode=On, then apache_request_headers() returns no Authorization (this is documented behavior) Is this bug or exists other way how access Authorization header ? Can anyone help ? How to report this to php developers, to fix this problem ? Thank you LacaK. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
