Message125374
I'm still baffled. How does this matter to anything?
The HTTP headers you describe would end up in an HTTP_REMOTE_USER environment variable, with no impact on REMOTE_USER. REMOTE_USER could only be set by an actual web server, not via an HTTP header.
So I don't get how this is a security issue, or even a bug at all. |
|
Date |
User |
Action |
Args |
2011-01-04 22:31:38 | pje | set | recipients:
+ pje, Alex.Raitz |
2011-01-04 22:31:38 | pje | set | messageid: <1294180298.85.0.396148215626.issue10751@psf.upfronthosting.co.za> |
2011-01-04 22:31:31 | pje | link | issue10751 messages |
2011-01-04 22:31:31 | pje | create | |
|