Message 125374 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	pje
Recipients	Alex.Raitz, pje
Date	2011-01-04.22:31:31
SpamBayes Score	0.019610088
Marked as misclassified	No
Message-id	<1294180298.85.0.396148215626.issue10751@psf.upfronthosting.co.za>
In-reply-to

Content
I'm still baffled. How does this matter to anything? The HTTP headers you describe would end up in an HTTP_REMOTE_USER environment variable, with no impact on REMOTE_USER. REMOTE_USER could only be set by an actual web server, not via an HTTP header. So I don't get how this is a security issue, or even a bug at all.

I'm still baffled.  How does this matter to anything?

The HTTP headers you describe would end up in an HTTP_REMOTE_USER environment variable, with no impact on REMOTE_USER.  REMOTE_USER could only be set by an actual web server, not via an HTTP header.

So I don't get how this is a security issue, or even a bug at all.

History
Date	User	Action	Args
2011-01-04 22:31:38	pje	set	recipients: + pje, Alex.Raitz
2011-01-04 22:31:38	pje	set	messageid: <1294180298.85.0.396148215626.issue10751@psf.upfronthosting.co.za>
2011-01-04 22:31:31	pje	link	issue10751 messages
2011-01-04 22:31:31	pje	create