[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#402010: How to deal with #402010?

sean finney, 2008-04-05 11:59:31 +0200 :


>> RequestHeader set FooPassword very-secret-credentials
> i suspect php users will still be able to find that out, in the same
> way that they can read ssl private keys from the webserver's memory
> (you *did* know they can do that, right? :)

Erm, no, I didn't.  Is that supposed to happen (by design), or is it
just a bug in the PHP interpreter?  It sounds like a severe security

Roland Mas

Au royaume des aveugles, il y a des borgnes à ne pas dépasser.
  -- in Soeur Marie-Thérèse des Batignoles (Maëster)

Reply to: