Re: Bug#402010: How to deal with #402010?
sean finney, 2008-04-05 11:59:31 +0200 :
[...]
>> RequestHeader set FooPassword very-secret-credentials
>
> i suspect php users will still be able to find that out, in the same
> way that they can read ssl private keys from the webserver's memory
> (you *did* know they can do that, right? :)
Erm, no, I didn't. Is that supposed to happen (by design), or is it
just a bug in the PHP interpreter? It sounds like a severe security
problem...
Roland.
--
Roland Mas
Au royaume des aveugles, il y a des borgnes à ne pas dépasser.
-- in Soeur Marie-Thérèse des Batignoles (Maëster)
Reply to: