Re: Trouble with PHP server script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Lynch wrote:

On Sun, February 10, 2008 9:09 pm, Robert Cox wrote:
Is it possible to use the "$_SERVER['PHP_AUTH_USER'];" construct in a
URL
forwarded site?  I am trying to find the authorised user id so that I
can
access an SQL database with it.  Anyone got some ideas?

If you do a Location: with a FULL URL then the browser will forward
POST and I think AUTH data.

Auth info is not "passed on" as such. HTTP authentication details are applied to all URLs where the browser already knows them (i.e. on the same domain where they have already authenticated). The redirect does not have anything to do with this.

And I don't know where you're getting the idea that POST data is persisted when redirecting with the location header. This is certainly not the case in all browsers I've ever worked with. If it was then a fair number of scripts I've written over the years would not work correctly.

One security note for the OP: it's generally a bad idea for the user credentials for your website to be the same as those used to access the database. I can think of few ideas where it would make the slightest bit of logical sense and most of those involve web-based DB admin such as phpMyAdmin. You might want to rethink your design from a security point of view.

-Stut

--
http://stut.net/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux