Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:12941 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59263 invoked by uid 1010); 22 Sep 2004 21:26:30 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 59198 invoked from network); 22 Sep 2004 21:26:30 -0000 Received: from unknown (HELO mail.troja.net) (80.190.230.99) by pb1.pair.com with SMTP; 22 Sep 2004 21:26:30 -0000 Received: from localhost (localhost [127.0.0.1]) by mail.troja.net (Postfix) with ESMTP id 1830A851B; Wed, 22 Sep 2004 23:26:29 +0200 (CEST) Received: from mail.troja.net ([127.0.0.1]) by localhost (cyca [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 08158-08; Wed, 22 Sep 2004 23:26:27 +0200 (CEST) Received: from vega.php.net (port-212-202-180-29.dynamic.qsc.de [212.202.180.29]) (using SSLv3 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by mail.troja.net (Postfix) with ESMTP id 03CE784D6; Wed, 22 Sep 2004 23:26:25 +0200 (CEST) Message-ID: <6.1.2.0.0.20040922231944.041595f8@127.0.0.1> X-Sender: thetaphi.troja.net@bla X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0 Date: Wed, 22 Sep 2004 23:26:28 +0200 To: "Kamesh Jayachandran" , internals@lists.php.net In-Reply-To: <1095863649.14268.204915460@webmail.messagingengine.com> References: <1095863649.14268.204915460@webmail.messagingengine.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new at troja.net Subject: Re: [PHP-DEV] Why to have owner's uid of the file when WWW-Authenticate header? From: thetaphi@php.net (Uwe Schindler) Something additional to this: I am fixing bug #29805 (HTTP Authentication Issues in NSAPI). Copied from some other SAPIs I have done this by adding of the following line: if (!PG(safe_mode)) php_handle_auth_data(pblock_findval("authorization", rq->headers) TSRMLS_CC); The problem is: Apache disables this in safe mode only if some other authentication (like .htaccess) is active. In NSAPI you cannot check this, so I disabled the whole authentication in NSAPI. Other SAPIs do not check for safe mode. What is the background of disabling of passing the headers "Authentication" and the user/password pairs in it to the user? Is it a problem to simply give the user access to this information (even with safe mode) - If there is some authentication by .htaccess or something other it is normally from the same user that wrote the script. Uwe At 16:34 22.09.2004, you wrote: >Hi All, > >I want to know the reason behind the having the uid of the owner of the >file shown as a part of realm string the WWW-Authenticate when safe_mode >is enabled. > > >With regards >Kamesh Jayachandran > >-- >PHP Internals - PHP Runtime Development Mailing List >To unsubscribe, visit: http://www.php.net/unsub.php ----- Uwe Schindler thetaphi@php.net - http://www.php.net NSAPI SAPI developer Erlangen, Germany