Item10029: High Security Risk warning should not depend on HTTP_USER
Priority: Enhancement
Current State: No Action Required
Released In: n/a
Target Release: n/a
Applies To: Engine
Component: Configure
Branches:
Not all LoginManagers use the HTTP_USER environment var. Looks like
configure
checks for that and displays a "High security Risk" warning on top of the screen. Might probably be handled smarter.
--
OliverKrueger - 16 Nov 2010
I'm not sure this is true. Configure calls
$Foswiki::query->auth_type()
which from what I can find calls CGI::auth_type() because of the @ISA. Where is HTTP_USER accessed, or has this issue been fixed sometime somewhere. I don't even find anywhere in core where HTTP_USER is accessed.
--
GeorgeClark - 25 Mar 2012
Maybe this item is just too old. Have to re-check.
--
OliverKrueger - 26 Mar 2012
The title of this item was not well chosen by me. But too long ago to remember what I actually stumbled upon. Closing.
--
OliverKrueger - 31 Mar 2012