Re: CGI remote_user versus user_name
Dan Muey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] CGI's remote_user() rturns $ENV{'REMOTE_USER'}; While sub user_name { my ($self) = self_or_CGI(@_); return $self-http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; } SO if I'm trying to get the login name I should use user_name since it will return REMOTE_USER or REMOTE_IDENT A web server usually ties the REMOTE_USER environment variable to 'Basic Authorization' (that is the technical term). This is implemented via apache in many ways, but the one people are probably most familiar with is .htaccess. This type of authorization scheme is 0% secure without SSL. My question is: What is $self-http('from') ? Is it possible/likely that $self-http('from') or REMOTE_IDENT will have a value that is not their authentication username while REMOTER_USER might be but it will never get to REMOTE_USER since one of the others are defined? I ask because In Perl in aNutshell it's says user_name() is unreliable but doesn't say that about remote_user. 'From' is an old http client header that some browsers sent to the server. It usually stored the email address of the account running the client. Obviously, nowadays probably all browsers consider it insecure to send the users email, so that header is usually skipped. No takers huh? Ok, I'll shorten it ;p Any opinions trying to get the Authentication User Name from CGI this way: my $user = remote_user() || user_name(); I would not use the user_name() function. remote_user() returns the string typed in to the 'User Name:' labeled text box when that window pops up and you access a resource protected by Basic Authorization. Todd W. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGI remote_user versus user_name
CGI's remote_user() rturns $ENV{'REMOTE_USER'}; While sub user_name { my ($self) = self_or_CGI(@_); return $self-http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; } SO if I'm trying to get the login name I should use user_name since it will return REMOTE_USER or REMOTE_IDENT A web server usually ties the REMOTE_USER environment variable to 'Basic Authorization' (that is the technical term). This is implemented via apache in many ways, but the one people are probably most familiar with is .htaccess. This type of authorization scheme is 0% secure without SSL. My question is: What is $self-http('from') ? Is it possible/likely that $self-http('from') or REMOTE_IDENT will have a value that is not their authentication username while REMOTER_USER might be but it will never get to REMOTE_USER since one of the others are defined? I ask because In Perl in aNutshell it's says user_name() is unreliable but doesn't say that about remote_user. 'From' is an old http client header that some browsers sent to the server. It usually stored the email address of the account running the client. Obviously, nowadays probably all browsers consider it insecure to send the users email, so that header is usually skipped. No takers huh? Ok, I'll shorten it ;p Any opinions trying to get the Authentication User Name from CGI this way: my $user = remote_user() || user_name(); I would not use the user_name() function. remote_user() returns the string typed in to the 'User Name:' labeled text box when that window pops up and you access a resource protected by Basic Authorization. Todd W. Thanks for the info Todd, I figured that From was possibly an email address but couldn't image what server would Send the address to everybody! Thanks for your clarification and pointers! Have a good one! Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CGI remote_user versus user_name
CGI's remote_user() rturns $ENV{'REMOTE_USER'}; While sub user_name { my ($self) = self_or_CGI(@_); return $self-http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; } SO if I'm trying to get the login name I should use user_name since it will return REMOTE_USER or REMOTE_IDENT My question is: What is $self-http('from') ? Is it possible/likely that $self-http('from') or REMOTE_IDENT will have a value that is not their authentication username while REMOTER_USER might be but it will never get to REMOTE_USER since one of the others are defined? I ask because In Perl in aNutshell it's says user_name() is unreliable but doesn't say that about remote_user. TIA Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGI remote_user versus user_name
CGI's remote_user() rturns $ENV{'REMOTE_USER'}; While sub user_name { my ($self) = self_or_CGI(@_); return $self-http('from') || $ENV{'REMOTE_IDENT'} || $ENV{'REMOTE_USER'}; } SO if I'm trying to get the login name I should use user_name since it will return REMOTE_USER or REMOTE_IDENT My question is: What is $self-http('from') ? Is it possible/likely that $self-http('from') or REMOTE_IDENT will have a value that is not their authentication username while REMOTER_USER might be but it will never get to REMOTE_USER since one of the others are defined? I ask because In Perl in aNutshell it's says user_name() is unreliable but doesn't say that about remote_user. No takers huh? Ok, I'll shorten it ;p Any opinions trying to get the Authentication User Name from CGI this way: my $user = remote_user() || user_name(); If I'm thinking right that would give me the best chance of getting the Auth name if there is one and if there is none then $user would be empty right? What is $self-http('from') in the CGI user_name function above? TIA Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]