Message5078
Hello Anthony,
At a quick glance it looks like this should work, but I have a question
about the headersToEnviron() function.
I am wondering if there are an security implications as a result of
converting all headers to environment variables? Would it be possible
for a client to craft a request with a custom header that could then
potentially lead to a particular environment variable being set that
could have unintended consequences?
If the headersToEnviron() function is only being used to ensure that the
one header specified by the WEB_UID_VARIABLE is set as an environment
variable, might it be better to convert only that one header to an
environment variable instead of all of them? or am I missing something
else in the use of the headersToEnviron() function? |
|
Date |
User |
Action |
Args |
2014-04-14 13:36:30 | jerrykan | set | messageid: <1397482590.45.0.386856058677.issue2550837@psf.upfronthosting.co.za> |
2014-04-14 13:36:30 | jerrykan | set | recipients:
+ jerrykan, ber, antmail |
2014-04-14 13:36:30 | jerrykan | link | issue2550837 messages |
2014-04-14 13:36:29 | jerrykan | create | |
|