From: ed (edvulns5h.net)
Date: Sun Nov 05 2006 - 13:08:20 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 3 Nov 2006 18:13:40 -0800
"Anurag Agarwal" <anurag.agarwalyahoo.com> wrote:

> I was wondering if anyone could help me how I can find out the windows
> login of the user, accessing my website. I think i read it somewhere
> that it gets passed as a header information but i am not sure. If
> anyone of you guys can help me with this, i will really appreciate
> it.

ive never seen it in the headers, but i guess it could be part of ie's
headers, but i never use that so i dont know.

it might be part of ISA-Proxy server's headers, again i dont know
though.. i would suspect that it's quite unlikely.

you might want to try doing a tcpdump on your webserver and look at the
headers, or perhaps make some custom cgi to get the headers for you.

something like

$fp = fopen( "headlog.txt", "w" );
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
   fputs( $fp, "$header: $value\n" );
}
fclose($fp);

or likewise in whichever script language you use.

--
Regards, Ed :: http://www.s5h.net
:%s/\t/ /g :: proud unix system person
:%s/Open Source/Free Software/g

-------------------------------------------------------------------------
Sponsored by: Watchfire

AppScan delivers new remediation capabilities, key regulatory compliance
reporting, and productivity enhancements that dramatically improve,
automate and streamline users' ability to quickly find, remediate and
manage web application security vulnerabilities. Change the way you think
about application security testing - download AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTE
--------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]