|
|
Posted by Richard Lynch on 09/27/18 11:11
On Fri, March 18, 2005 6:24 am, LacaK said:
> When I try to use "HTTP Digest Authorization" using code like :
>
> Header( "HTTP/1.0 401 Unauthorized");
> Header( "WWW-Authenticate: Digest realm=\"www.myrealm.com\",
> opaque=\"opaque\", nonce=\"nonce\", stale=\"false\", qop=\"auth\"");
>
> browser returns in HTTP request Authorization header like this one :
> Digest username="lacak", realm="www.myrealm.com", qop="auth",
> algorithm="MD5", uri="/devel/phpinfo.php",
> nonce="5e8ac9b033001458fc5380d8a88325a2", nc=00000004,
> cnonce="c9495e4af19fa6b08eb045f32e6ced79",
> response="fbd8f86b45334202b2cac380f29d9706"
>
> When PHP runs as apache module with safe_mode=off
>
> I can read this header using apache_request_headers() function
>
> But when safe_mode=On,
> then apache_request_headers() returns no Authorization (this is documented
> behavior)
>
> Is this bug or exists other way how access Authorization header ?
> Can anyone help ?
> How to report this to php developers, to fix this problem ?
I could be *WAAAAAY* wrong, but I thought nobody ever bothered with Digest
Auth because, errrr.
It's not better/safer than HTTP Auth?
You might as well go with SSL if you go to that much trouble?
Not enough browsers support it?
Okay, so clearly I don't remember why I thought this.
Google for "PHP HTTP Digest Authentication" and see what turns up...
But don't be surprised if the answer is "Not supported"
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|