On Fri, March 18, 2005 6:24 am, LacaK said: > When I try to use "HTTP Digest Authorization" using code like : > > Header( "HTTP/1.0 401 Unauthorized"); > Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\", > opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\""); > > browser returns in HTTP request Authorization header like this one : > Digest username="lacak", realm="www.myrealm.com", qop="auth", > algorithm="MD5", uri="/devel/phpinfo.php", > nonce="5e8ac9b033001458fc5380d8a88325a2", nc=00000004, > cnonce="c9495e4af19fa6b08eb045f32e6ced79", > response="fbd8f86b45334202b2cac380f29d9706" > > When PHP runs as apache module with safe_mode=off > > I can read this header using apache_request_headers() function > > But when safe_mode=On, > then apache_request_headers() returns no Authorization (this is documented > behavior) > > Is this bug or exists other way how access Authorization header ? > Can anyone help ? > How to report this to php developers, to fix this problem ? I could be *WAAAAAY* wrong, but I thought nobody ever bothered with Digest Auth because, errrr. It's not better/safer than HTTP Auth? You might as well go with SSL if you go to that much trouble? Not enough browsers support it? Okay, so clearly I don't remember why I thought this. Google for "PHP HTTP Digest Authentication" and see what turns up... But don't be surprised if the answer is "Not supported" -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
