[horde] An Easy Way For Client Cert Auth?

[Christian Felsing]

This is an environment variable from web server (e.g. Apache httpd), I
_hope_ that user cannot set them. Maybe a code injection can manipulate
this variables, so this method depends on Hordes security model as all
other login methods, too.

regards
Christian


Am 28.03.2013 14:39, schrieb Vilius Šumskas:
> Nice setup there. I'm just curious, won't $_SERVER["HTTP_SSL_CLIENT_S_DN_EMAIL"] be easy to fake from the client?