[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl-WebCGI] replicating chmod command on a mac



>Bruce,
>
>During my lunch break I created a temporary fix.  By converting the
>command if for until, I was able to modify the way that perl checked
>the username and password (I learned for the first time last night
>that perl always assumes a statement is true under the if statement).
>But, I wanted to install an additional bit of security that I
>discovered I could not implement.  When I tried to print all of the
>$ENV variables I got:

Well, as I am not a pro for CGI, but I'm also not a newbie.  Here are a
couple suggestions and reasons.

1: Un*x servers have much more variables that are used in the %ENV hash.
For example..  below is the list of %ENV variables when used under MacPerl
& MacHTTP

2: http://www.teleport.com/cgi-bin/cgiwrap/tjudd/ShowEnv.cgi
   That's a Un*x server that will show all %ENV variables..  even the ones
that are passed like   ShowEnv.cgi?key1=value1;key2=value2

3: To my knowledge, HTTP_REFERRER is one of those unix %ENV things.  I'd
like to see the code you used for the generation of the script.  The script
you have doesn't have "HTTP_HOST" - which is the IP or the hostname of the
server it's running on.

>GATEWAY_INTERFACE = CGI/1.1
>HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
>image/png, */*
>HTTP_ACCEPT_CHARSET = iso-8859-1,*,utf-8
>HTTP_ACCEPT_ENCODING = gzip
>HTTP_ACCEPT_LANGUAGE = en
>HTTP_CONNECTION = Keep-Alive
>HTTP_HOST =
>HTTP_PRAGMA = no-cache
>HTTP_USER_AGENT = Mozilla/4.6 (Macintosh; I; PPC)
>MACPERL = MacPerl Ä:
>PERL5LIB =
>REMOTE_ADDR =
>REQUEST_METHOD = GET
>SCRIPT_NAME = /cgi-bin/first.cgi
>SERVER_NAME =
>SERVER_PORT = 80
>SERVER_PROTOCOL = HTTP/1.0
>SERVER_SOFTWARE = MacHTTP/2.0
>TMPDIR =
>USER = Admin
>
>If you look carefully, you'll notice that I missing the HTTP_REFERER
>variable.  Why am missing this variable?  Is there module that I need
>to be running in order to get it?
>
>Thanks,
>Tomer


Just my 2 cents worth.

Thanks.  --Tim

>>I _always_ include in my CGIs some way to handle a web request directly
>>addressing the CGI. Visitors can always read your HTML source to find the
>>name and path of a <FORM ...> action CGI script, so I assume that someone
>>will do so. My scripts parse the action right at the start between how it
>>executes when addressed the way it's intended and how it executes otherwise.
>>
>>Finally, you could just set it up so that directly addressing the CGI is
>>the way you choose to have it execute normally, including the security
>>steps. If a visitor can't pass the security steps, then the script rejects
>>them and exits. I don't always like to present links directly to CGIs, but
>>sometimes this is the best way to work it.
>
>
>==== Want to unsubscribe from this list?
>==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org




==== Want to unsubscribe from this list?
==== Send mail with body "unsubscribe" to macperl-webcgi-request@macperl.org