Wow... I'm not clear on why this request involves 14 previous commits since last April. I only meant to request a single change to a single file. Maybe I need to rebase at some point...?
Anyway, I think this would be a nice feature to have so you could securely use this tool on a live web server. From what I understand, if either $_SERVER['REMOTE_USER'] is not empty or the key 'Authorization' exists in the array returned by apache_request_headers(), that should indicate successful HTTP authorization. Although it's possible that the server authenticated the user in a way that those values would not detect. Also, there could still be a way to spoof those values, but no method immediately comes to mind. What do you say?
Wow... I'm not clear on why this request involves 14 previous commits since last April. I only meant to request a single change to a single file. Maybe I need to rebase at some point...?
Check out the previous discussion.
Anyway, I think this would be a nice feature to have so you could securely use this tool on a live web server. From what I understand, if either
$_SERVER['REMOTE_USER']
is not empty or the key 'Authorization' exists in the array returned byapache_request_headers()
, that should indicate successful HTTP authorization. Although it's possible that the server authenticated the user in a way that those values would not detect. Also, there could still be a way to spoof those values, but no method immediately comes to mind. What do you say?