This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pje
Recipients Alex.Raitz, pje
Date 2011-01-04.22:31:31
SpamBayes Score 0.0196101
Marked as misclassified No
Message-id <>
I'm still baffled.  How does this matter to anything?

The HTTP headers you describe would end up in an HTTP_REMOTE_USER environment variable, with no impact on REMOTE_USER.  REMOTE_USER could only be set by an actual web server, not via an HTTP header.

So I don't get how this is a security issue, or even a bug at all.
Date User Action Args
2011-01-04 22:31:38pjesetrecipients: + pje, Alex.Raitz
2011-01-04 22:31:38pjesetmessageid: <>
2011-01-04 22:31:31pjelinkissue10751 messages
2011-01-04 22:31:31pjecreate