Apache Authentication and PHP
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Hi,
Apache user authentication results in two variables when used with PHP: $_SERVER[PHP_AUTH_USER] and $_SERVER[PHP_AUTH_PW].
I'm using the SSPI module to validate users against windows this results in the users windows password being non encrypted and exposed to PHP, is there any config setting to encrypt this password so it is not directly accessible to PHP?
I know the password isn't displayed after the PHP is processed but often $_SERVER is dumped to the PHP logs on a error. Password which should be secure have now got a chance of getting in to the wrong hands.
Nick
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
