[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

[MacPerl-WebCGI] Re: Re: replicating chmod command on a mac



Bruce,

During my lunch break I created a temporary fix.  By converting the 
command if for until, I was able to modify the way that perl checked 
the username and password (I learned for the first time last night 
that perl always assumes a statement is true under the if statement). 
But, I wanted to install an additional bit of security that I 
discovered I could not implement.  When I tried to print all of the 
$ENV variables I got:

GATEWAY_INTERFACE = CGI/1.1
HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, 
image/png, */*
HTTP_ACCEPT_CHARSET = iso-8859-1,*,utf-8
HTTP_ACCEPT_ENCODING = gzip
HTTP_ACCEPT_LANGUAGE = en
HTTP_CONNECTION = Keep-Alive
HTTP_HOST =
HTTP_PRAGMA = no-cache
HTTP_USER_AGENT = Mozilla/4.6 (Macintosh; I; PPC)
MACPERL = MacPerl Ä:
PERL5LIB =
REMOTE_ADDR =
REQUEST_METHOD = GET
SCRIPT_NAME = /cgi-bin/first.cgi
SERVER_NAME =
SERVER_PORT = 80
SERVER_PROTOCOL = HTTP/1.0
SERVER_SOFTWARE = MacHTTP/2.0
TMPDIR =
USER = Admin

If you look carefully, you'll notice that I missing the HTTP_REFERER 
variable.  Why am missing this variable?  Is there module that I need 
to be running in order to get it?

Thanks,
Tomer

>I _always_ include in my CGIs some way to handle a web request directly
>addressing the CGI. Visitors can always read your HTML source to find the
>name and path of a <FORM ...> action CGI script, so I assume that someone
>will do so. My scripts parse the action right at the start between how it
>executes when addressed the way it's intended and how it executes otherwise.
>
>Finally, you could just set it up so that directly addressing the CGI is
>the way you choose to have it execute normally, including the security
>steps. If a visitor can't pass the security steps, then the script rejects
>them and exits. I don't always like to present links directly to CGIs, but
>sometimes this is the best way to work it.


==== Want to unsubscribe from this list?
==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org