Re: CGI remote_user versus user_name
Dan Muey [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
CGI's remote_user()
rturns $ENV{'REMOTE_USER'};
While
sub user_name {
my ($self) = self_or_CGI(@_);
return $self-http('from') || $ENV{'REMOTE_IDENT'} ||
$ENV{'REMOTE_USER'}; }
SO if I'm trying to get the login name I should use user_name
since it will return REMOTE_USER or REMOTE_IDENT
A web server usually ties the REMOTE_USER environment variable to 'Basic
Authorization' (that is the technical term). This is implemented via apache
in many ways, but the one people are probably most familiar with is
.htaccess.
This type of authorization scheme is 0% secure without SSL.
My question is:
What is $self-http('from') ?
Is it possible/likely that $self-http('from') or
REMOTE_IDENT will have a value that is not their
authentication username while REMOTER_USER might be but it
will never get to REMOTE_USER since one of the others are defined?
I ask because In Perl in aNutshell it's says user_name() is
unreliable but doesn't say that about remote_user.
'From' is an old http client header that some browsers sent to the server.
It usually stored the email address of the account running the client.
Obviously, nowadays probably all browsers consider it insecure to send the
users email, so that header is usually skipped.
No takers huh? Ok, I'll shorten it ;p
Any opinions trying to get the Authentication User Name from CGI this way:
my $user = remote_user() || user_name();
I would not use the user_name() function. remote_user() returns the string
typed in to the 'User Name:' labeled text box when that window pops up and
you access a resource protected by Basic Authorization.
Todd W.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGI remote_user versus user_name
CGI's remote_user()
rturns $ENV{'REMOTE_USER'};
While
sub user_name {
my ($self) = self_or_CGI(@_);
return $self-http('from') || $ENV{'REMOTE_IDENT'} ||
$ENV{'REMOTE_USER'}; }
SO if I'm trying to get the login name I should use
user_name since it
will return REMOTE_USER or REMOTE_IDENT
A web server usually ties the REMOTE_USER environment
variable to 'Basic Authorization' (that is the technical
term). This is implemented via apache in many ways, but the
one people are probably most familiar with is .htaccess.
This type of authorization scheme is 0% secure without SSL.
My question is:
What is $self-http('from') ?
Is it possible/likely that $self-http('from') or REMOTE_IDENT will
have a value that is not their authentication username while
REMOTER_USER might be but it will never get to REMOTE_USER
since one
of the others are defined?
I ask because In Perl in aNutshell it's says user_name() is
unreliable
but doesn't say that about remote_user.
'From' is an old http client header that some browsers sent
to the server. It usually stored the email address of the
account running the client. Obviously, nowadays probably all
browsers consider it insecure to send the users email, so
that header is usually skipped.
No takers huh? Ok, I'll shorten it ;p
Any opinions trying to get the Authentication User Name
from CGI this
way:
my $user = remote_user() || user_name();
I would not use the user_name() function. remote_user()
returns the string typed in to the 'User Name:' labeled text
box when that window pops up and you access a resource
protected by Basic Authorization.
Todd W.
Thanks for the info Todd, I figured that From was possibly an email
address but couldn't image what server would Send the address to everybody!
Thanks for your clarification and pointers!
Have a good one!
Dan
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
CGI remote_user versus user_name
CGI's remote_user()
rturns $ENV{'REMOTE_USER'};
While
sub user_name {
my ($self) = self_or_CGI(@_);
return $self-http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'};
}
SO if I'm trying to get the login name I should use user_name since it will return
REMOTE_USER or REMOTE_IDENT
My question is:
What is $self-http('from') ?
Is it possible/likely that $self-http('from') or REMOTE_IDENT will have a value that
is not their authentication username while REMOTER_USER might be but it will never get
to REMOTE_USER since one of the others are defined?
I ask because In Perl in aNutshell it's says user_name() is unreliable but doesn't say
that about remote_user.
TIA
Dan
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGI remote_user versus user_name
CGI's remote_user()
rturns $ENV{'REMOTE_USER'};
While
sub user_name {
my ($self) = self_or_CGI(@_);
return $self-http('from') || $ENV{'REMOTE_IDENT'} ||
$ENV{'REMOTE_USER'}; }
SO if I'm trying to get the login name I should use user_name
since it will return REMOTE_USER or REMOTE_IDENT
My question is:
What is $self-http('from') ?
Is it possible/likely that $self-http('from') or
REMOTE_IDENT will have a value that is not their
authentication username while REMOTER_USER might be but it
will never get to REMOTE_USER since one of the others are defined?
I ask because In Perl in aNutshell it's says user_name() is
unreliable but doesn't say that about remote_user.
No takers huh? Ok, I'll shorten it ;p
Any opinions trying to get the Authentication User Name from CGI this way:
my $user = remote_user() || user_name();
If I'm thinking right that would give me the best chance of getting the Auth name
if there is one and if there is none then $user would be empty right?
What is $self-http('from') in the CGI user_name function above?
TIA
Dan
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
