Phillip J. Eby <p...@telecommunity.com> added the comment: I'm still baffled. How does this matter to anything?
The HTTP headers you describe would end up in an HTTP_REMOTE_USER environment variable, with no impact on REMOTE_USER. REMOTE_USER could only be set by an actual web server, not via an HTTP header. So I don't get how this is a security issue, or even a bug at all. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10751> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
