Author pje
Recipients Alex.Raitz, pje
Date 2011-01-04.22:31:31
SpamBayes Score 0.0196101
Marked as misclassified No
Message-id <1294180298.85.0.396148215626.issue10751@psf.upfronthosting.co.za>
In-reply-to
Content
I'm still baffled.  How does this matter to anything?

The HTTP headers you describe would end up in an HTTP_REMOTE_USER environment variable, with no impact on REMOTE_USER.  REMOTE_USER could only be set by an actual web server, not via an HTTP header.

So I don't get how this is a security issue, or even a bug at all.
History
Date User Action Args
2011-01-04 22:31:38pjesetrecipients: + pje, Alex.Raitz
2011-01-04 22:31:38pjesetmessageid: <1294180298.85.0.396148215626.issue10751@psf.upfronthosting.co.za>
2011-01-04 22:31:31pjelinkissue10751 messages
2011-01-04 22:31:31pjecreate