Definition:
Compile-time definition
Usage example:
env CFLAGS="-Wall -DSECURITY_HOLE_PASS_AUTHORIZATION" ./configure
When user authentication is required to obtain access to a document,
the user credentials (username and password) are available to the
server. Ordinarily Apache only makes the username available to
mod_include and CGI scripts, keeping the password
secret. It can be configured to make the complete credential
details available (in the HTTP_AUTHORIZATION or
HTTP_PROXY_AUTHORIZATION environment variables),
but only by completely rebuilding the server with this
compile-time definition added (as shown in the example).
Warning: Enabling this feature is considered a security
risk, as scripts and documents can capture all aspects of the
user credentials. For example, your configuration may include
an authentication database that is accessible only by the server,
and not directly available to users. With this feature enabled,
any script that is flagged as needing authentication checks against
that database, even a user script, will be able to capture the
credentials. In the case of Basic authentication,
the password is available in cleartext.
Previous: RSRC_CONF
Next: SERVER_BUSY_DNS
Table of Contents
(Routines,
Structures,
Data Cells,
Constants)