Great !
So we can except, that this patch wil be included in main distribution
of PHP (as core component) ?
Rui Hirokawa wrote:
> HTTP Digest Authorization is supported by PEAR::Auth_HTTP.
> But, as you said, it cannot be used when safe_mode = On.
>
> To solve this problem,
> I made a simple patch based on your suggestion based on php5 CVS HEAD.
> Applying this patch, we can access $_SERVER['PHP_AUTH_DIGEST'] ,
> which will be like,
> 'Digest username="taro", realm="php-users-digest",
> nonce="MTExMTkwNjQ2OA==399347e5e0e2688ede69bfe5e707e3a3",
> uri="/php/auth/test_digest_simple.php", algorithm=MD5,
> response="6ba162b80d63f8960c73405519cea861",
> opaque="b7d192a44e0da16cd180ebe85efb7c8f", qop=auth, nc=00000001,
> cnonce="082c875dcb2ca740"'.
>
> The Digest Authentication can be performed in Auth_HTTP using this
> server variable.
>
> Some utility function such as http_digest_params() to decode
> parameters from $_SERVER['PHP_AUTH_DIGEST'] will be also useful
> to make the authentication code.
>
> I hope apply this patch into CVS HEAD if there is no objection.
>
> Rui
>
> On Wed, 23 Mar 2005 08:44:14 +0100
> LacaK <[EMAIL PROTECTED]> wrote:
>
>
>>Hi everybody,
>>I am looking for somebody, who can implement HTTP Digest Authorization
>>in PHP.
>>A solution, that could be useful also for many PHP users. (is more
>>secure and so more usable than Basic authorization)
>>
>>"HTTP Basic Authorization" sends password only base64 encoded, and may
>>be easily stolen.
>>but
>>"HTTP Digest Authorization" sends password 'md5 hashed', so for other
>>script it is much more harder to steal or gain it.
>>
>>Wouldnエt it be possible to add in PHP support the Digest Authorization
>>for example in a form $_SERVER["PHP_AUTH_DIGEST"], where the header from
>>HTTP
>>Response would be added if 'Authorization: Digest ...' is used (similar
>>as the 'Authorization:
>>Basic ...' in $_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_PW"] even
>>when safe_mode=On)
>>
>>1.PHP must parse HTTP header.
>>2. When it finds Authorization: Basic then fill up
>>$_SERVER["PHP_AUTH_USER"] and $_SERVER["PHP_AUTH_PW"]
>>3. add next condition When it finds Authorization: Digest then fill
>>$_SERVER["PHP_AUTH_DIGEST"]
>>(I think, that it takes only few lines of source code . Modification in
>>init_request_info() function in mod_php4.c + ?)
>>
>>I appended short file, where this modification is marked.
>>
>>Thank you very much for your time and effort.
>>Please reply. Or advice me who I should contact.
>>Laco
>
>
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
