[Zope-Checkins] CVS: Zope/ZServer - FCGIServer.py:1.18

Wed, 14 Aug 2002 11:23:14 -0400

Update of /cvs-repository/Zope/ZServer
In directory cvs.zope.org:/tmp/cvs-serv4677

Modified Files:
	FCGIServer.py 
Log Message:
delete Authorization environment variable to prevent leakage of password
when using FastCGI


=== Zope/ZServer/FCGIServer.py 1.17 => 1.18 ===

--- Zope/ZServer/FCGIServer.py:1.17	Mon Apr 15 16:58:48 2002
+++ Zope/ZServer/FCGIServer.py	Wed Aug 14 11:23:14 2002
@@ -415,6 +415,7 @@
             # But first, fixup the auth header if using newest mod_fastcgi.
             if self.env.has_key('Authorization'):
                 self.env['HTTP_AUTHORIZATION'] = self.env['Authorization']
+		del self.env['Authorization']
 
             self.stdin.seek(0)
             self.send_response()



