Comments on: HTTP Basic Authentication, A Tale of AtomPub, WordPress, PHP, Apache, CGI and SSL/TLS

By: website design

website design — Wed, 21 Jan 2009 11:19:53 +0000

“I have cookie problem with safari in wordpress” did any one have any more info on this topic? would be appreciated :~}

By: Branson Computer Repair

Branson Computer Repair — Wed, 19 Nov 2008 13:51:29 +0000

“….Apache does not pass the HTTP basic headers to CGI applications, so they never see them…”

So how do we work around this, for those of us who don’t have access to an IIS server?

I can’t get it figured out on my WP blog, and we i=even use WP as a CMS for iother types of web sites.

Can you please give me more inof on this matter? Thanks! I really appreciate it.

By: Jonathan Buhacoff

Jonathan Buhacoff — Tue, 18 Nov 2008 16:38:35 +0000

Someone wrote that the RewriteRule method of passing the Http Basic authorization string to the CGI application is “abusing” mod_rewrite. I disagree. Just glance at the mod_rewrite docs — it was obviously meant for much more than just URL aliasing, and method described above is a trivial usage of the module. Don’t expect Apache to change its CGI security behavior to make the password available by default, because such a change is likely to make many existing scripts less secure and that would be irresponsible. A line or two of configuration for those who need it is not so bad in comparison.

By: echo "hey, it works" > /dev/null

echo "hey, it works" > /dev/null — Tue, 07 Oct 2008 03:22:50 +0000

[...] And there’s a spoiler: it can’t be done :)A WSSE client will send an Authorization header which, as we know, will get dropped if Apache is passing the request off to a CGI, and a X-WSSE header that looks [...]

By: Arnstein

Arnstein — Wed, 30 Apr 2008 13:25:42 +0000

Ditto’ing Stephen – been hacking wp-app and .htaccess all day – unable to get it working on Dreamhost.

By: Stephen Paul Weber

Stephen Paul Weber — Fri, 25 Apr 2008 21:31:16 +0000

These two solutions are displayed everywhere you look for an answer to this problem – but I have never got either one to work on my host (Dreamhost).

By: matt

matt — Sun, 20 Apr 2008 02:08:42 +0000

I don’t think HTTP authentication in wordpress is a good idea. I’m sticking with the original cookies/session.

Do all secure sites use SSL/TSL?

By: echo "hey, it works" > /dev/null

echo "hey, it works" > /dev/null — Thu, 03 Apr 2008 00:38:04 +0000

[...] challenge.Solution: Provide a separate URL for the service document, probably /atom/service.PHP as a CGIWhen PHP is running as a CGI the HTTP Authorization header is not passed on to the script. Currently [...]

By: estetik

estetik — Fri, 28 Mar 2008 08:59:54 +0000

I don’t trust on HTTP basic authentication working in wordpress.

By: john

john — Fri, 28 Mar 2008 02:30:56 +0000

i think cookie is common problem in safari