[4480] in WWW Security List Archive
Question about User Identity (CGI scripting)
daemon@ATHENA.MIT.EDU (Jim Harmon)
Tue Feb 18 16:01:59 1997
Date: Tue, 18 Feb 1997 12:34:22 -0500
From: Jim Harmon <jim@telecnnct.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Hello all,
I have been tasked with implementing an Intranet Browsable problem
tracking system.
The system we're using is GNATS (GNU Activity Tracking System), with a
CGI program called WWWGNATS, a perl-based user interface.
As part of the security of this system, we've built our IntraNet on a
restricted user --say "homeboy".
Whenever I try to identify a user, the $ENV resolution of $REMOTE_USER
is "homeboy", not user "fred" or "charlie" or "alice".
Without getting into login scripts for our IntraNet, is there a way for
me to capture the user's real account name via his/her browser?
We have users on UNIX, NT, and Win95 running Netscape 3.0, and several
MACs running Netscape 3.0 or TCPConnect 2 or 4. All of them have the
correct system aliases for the users in the mail preferences/setups.
Is there a way to include or discover that information in the CGI
Script?
--
Jim Harmon The Telephone Connection
jim@telecnnct.com Rockville, Maryland
