Mark Reed wrote:
> I have an Apache 2.2.8 server all set up with mod_authnz_ldap to
> authenticate via LDAP user/password pairs. It's all SSL to the web
> server, SSL between the web server and LDAP, so it's pretty secure
> even though it's Basic auth. By the time the PHP script runs, the
> user has already authenticated and the PHP code can trust the value of
> PHP_AUTH_USER.
>
> So, how can I NOT have PHP_AUTH_PW set? I'd kinda rather not have
> people's passwords just hanging around in $_SERVER for code to do
> whatever it wants with it.
>
>

Unless someone hacks your server, it isn't a problem. But if someone
hacks the server, you have more important things to worry about.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================