By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,722 Members | 1,874 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,722 IT Pros & Developers. It's quick & easy.

safemode and http authentication

P: n/a
hi,

I am concerned about the following statement in php doc on
http://www.php.net/manual/en/features.http-auth.php
----- sschippp -----
As of PHP 4.3.0, in order to prevent someone from writing a script
which reveals the password for a page that was authenticated through a
traditional external mechanism, the PHP_AUTH variables will not be set
if external authentication is enabled for that particular page and safe
mode is enabled. Regardless, REMOTE_USER can be used to identify the
externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'].

Configuration Note: PHP uses the presence of an AuthType directive
to determine whether external authentication is in effect.
----- sschnapp ------
I have to use safemode on, and I want to secure a set of pages (i.e.
single files, not a whole dir) with simple "basic" authentication
through a webbrowser.

Questions:

1.So what is in detail an "external authentication" - is it a
authentication through my browser or something else?!

2. If I understood it correct, above php 4.3 and safemode on
PHP_AUTH_USER and PHP_AUTH_PW will not be available - so how to check
for the right password within my script?! I am still using 4.3.1, so far
my script works, but under 4.3?!

thanks cal

Jul 16 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.