[thelist] Security concerns on this...
Edwin Martin
edwin at bitstorm.org
Wed May 12 03:48:43 CDT 2004
Walter Torres wrote:
> What's the drawback on this block on each page?
>
> if
> (!isset($_SERVER['PHP_AUTH_USER'])||!isset($_SERVER['PHP_AUTH_PW']))
> {
> header('WWW-Authenticate: Basic realm="My Realm"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Authorization required';
> header("location: err_page.php");
> }
>
> Never mind the fact it doesn't really chaeck for valid info, this is
> just a crude demo.
You shouldn't put an echo before an header-call. There is
not even need for the echo, because you're redirecting the
browser. Just remove the echo.
BTW. It's also not polite to send e-mail to the list marked
as important.
Edwin Martin.
More information about the thelist
mailing list