Do not use external authentication like ldap. jay On Thu, May 06, 2004 at 10:18:52AM +1000, Norman Gaywood wrote: > We have an FC1 system used by many people for many purposes. I would like > to stop my php users from stealing passwords using the php environment > var $_SERVER['PHP_AUTH_PW'] > > One way to do this seems to be to enable php's safe mode. The problem > with that is that it breaks squirrelmail. AFAICT, squirrelmail breaks > not because it uses $_SERVER['PHP_AUTH_PW'], but for other reasons caused > by safe mode. > > So the question is, does anyone know how to enable php safe mode and > keep squirrel mail working? > > Or, does anyone know how to disable $_SERVER['PHP_AUTH_PW'] in php > without enabling the full php safe mode.
