suphp: distinguish between script owner and process owner

This is a re-post of my mail to the suphp mailing list. Although the behaviour described here is a serious design issue, I've never got any feedback.

The attached patch is some kind of "proof of concept" to solve a security related problem I have with suPHP.

Problem: Run script with file/directory owner threatens the user's files.

Logout from HTTP auth using Apache

Since there is no mechanism defined to log the user out of a HTTP authenticated session you have to use a workaround. Most browsers forget their login data once they received a 403 response. The problem is, that the user have to return to the normal starting page manually.

Update 2017-02-22: It seems that this technique doesn't work anymore in recent Firefox and Chrome browsers.

Java: process http.proxyUser and http.proxyPassword

Some tutorials suggest to use the system properties http.proxyUser and http.proxyPassword to get proxy authentication, but that won't work since - in contrast to http.proxyHost and http.proxyPort - these properties will not be processed by Java's HttpURLConnection.

Other suggest to use a custom default Authenticator. But that's dangerous because this would send your password to anybody who asks.

VDR Client / Server mit automatischen Shutdown und Resume

Wichtiger Hinweis: Dieses "HowTo" ist in erster Linie als Erinnerung für mich selbst gedacht. Wenn ich jemand anderem damit ebenfalls helfen kann freue ich mich, aber aus zeitlichen Gründen kann ich im Moment nur sehr begrenzt Support geben.

Ich betreibe den yaVDR als Client/Server-Anwendung. Im Server befinden sich zwei DVB-S(2)-Karten, der Client im Wohnzimmer ist über das LAN angebunden.

Pages