"Dan Muey" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> CGI's remote_user()
> rturns $ENV{'REMOTE_USER'};
> While
> sub user_name {
> my ($self) = self_or_CGI(@_);
> return $self->http('from') || $ENV{'REMOTE_IDENT'} ||
> $ENV{'REMOTE_USER'}; }
>
> SO if I'm trying to get the login name I should use user_name
> since it will return REMOTE_USER or REMOTE_IDENT
>
A web server usually ties the REMOTE_USER environment variable to 'Basic
Authorization' (that is the technical term). This is implemented via apache
in many ways, but the one people are probably most familiar with is
.htaccess.
This type of authorization scheme is 0% secure without SSL.
> My question is:
>
> What is $self->http('from') ?
> Is it possible/likely that $self->http('from') or
> REMOTE_IDENT will have a value that is not their
> authentication username while REMOTER_USER might be but it
> will never get to REMOTE_USER since one of the others are defined?
>
> I ask because In Perl in aNutshell it's says user_name() is
> unreliable but doesn't say that about remote_user.
'From' is an old http client header that some browsers sent to the server.
It usually stored the email address of the account running the client.
Obviously, nowadays probably all browsers consider it insecure to send the
users email, so that header is usually skipped.
> No takers huh? Ok, I'll shorten it ;p
> Any opinions trying to get the Authentication User Name from CGI this way:
> my $user = remote_user() || user_name();
I would not use the user_name() function. remote_user() returns the string
typed in to the 'User Name:' labeled text box when that window pops up and
you access a resource protected by Basic Authorization.
Todd W.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
