At 13:37 16-10-01, you wrote: >First, a must, you need to edit the file config.ini in the >d\sambar50\config\ >folder and change in the [http] section > >Perl Executable = d:/perl/bin/perl.exe
ok >CGI Extensions = *.cgi *.pl NOT ok and a security issue!! http://localhost/syshelp/config.htm: "This parameter identifies the file extension(s) that should be executed as CGI applications. Any file in the Documents Directory or aliased document directory with a file extension matching the defined CGI Extensions are treated as CGI applications. The defaults are: *.pl and *.cgi." Note the 'documents directory'. This means, that anybody with the ability to upload a file to your documents directory or an alias, can execute CGI, which implies that you need to check and keep checking every upload form on your server. >About CGI Extensions, you can create your own >extension like *.felicia as long as you let me finish that: as long as you put them in the /cgi-bin/ directory or a script-aliased directory as defined in mappings.ini. >and you must create an association in the file options in >windows explorer like you associate MP3 files to >WINAMP player. No need at all. The things you're describing are for the lazy and insecure. Nuttin' wrong with being lazy, it's the combination of Win98 AND insecure serving which troubles me. Tod actually wrote a VERY good page on CGI, which explains __exactly__ how to overcome the afore mentioned problems: http://localhost/syshelp/cgi.htm : "All scripts found in the CGI and WinCGI directories must be executable applications with the exception of documents of type: .txt .htm or .html. These document types are recognized as text and are not executed, however, all other document types should be served out of the Documents Directory. " ... "The Sambar Server attempts to discover the interpreter for the CGI using the following search path (in order): � .pl, .bat and .exe file extensions are associated with by the Sambar Server using their pre-defined interpreters. � Look for an interpreter on the first line of the file (#! syntax) � Look for a File Association with the extension " ... Stderr By default, stderr output is not returned to the browser from the execution of the script. The server can return stderr output in addition to stdout output by editing the config/config.ini file and and setting the CGI stderr parameter to true. >May I suggest using "isapi" by editing the file >"mappings.ini"(also in d\sambar50\config\) and adding the >line: > >[isapi] >*.cgi *.pl *.felicia= d:/perl/bin/perlis.dll Again - this maps ALL files ANYWHERE to perl. I agree that the same thing applies to php, but at least with php you can set some safe_mode parameters to disallow certain functions. Further more, perl is much more dangerous then php, since it can write to your registry. >Then, you don't even need to add the path line on top: >#!d:/perl/bin/perl -w As outlined above: The .pl is mapped to the perl selected in config.ini by default. For .cgi this is a different story. I agree, that sometimes the documentation is a little vague, but IMHO this isn't one of them. ----- Original Message ----- >From: "feliciahk" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Tuesday, October 16, 2001 6:15 AM >Subject: Re: [sambar] How to use CGI ? > > > > Thanks, > > > > I have installed activePerl from activestate and it is working fine from >Dos > > Prompt, It shows all the kinds of errors, no problem at all. > > > > When I installed sambar, I noted that by default, perl is found in one of > > its subfolder. > > > > > Just install Perl an change the path to the perl interpreter in a > > > windows style ... > > > > I would appreciate if members could teach me step by step how to change >the > > "path" or whatever so that if my perl script has an error, the types of > > error is shown in the browser MSIE. > > > > Using win98, > > my activePerl = d:\perl > > my sambar = d:\sambar50 > > > > Sigh !!! Very frustrating trying to figure out. > > Thanks. > > > > > > > > ----- Original Message ----- > > From: Oliver P. <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, October 16, 2001 5:33 PM > > Subject: Re: [sambar] How to use CGI ? > > > > > > > DId you have installed perl on your webserver ???? > > > If so you have to change the location of your perl interpreter. > > > The line you have send is for unix machines .... > > > Just install Perl an change the path to the perl interpreter in a > > > windows style ... You can get a good perl interpreter from > > > activestate > > > > > > cu > > > > Hi, > > > > > > > > I am a newbie and have just installed sambar on my windows98. I > > > installed it > > > > to test my perl script offline using MS Internet explorer. > > > However I noted > > > > if there is an error on my script, it does not show what kind > > > of errors even > > > > though my perl script have > > > > the following lines :- > > > > > > > > #!/usr/bin/perl -w > > > > use CGI::Carp qw(fatalsToBrowser); > > > > > > > > What must I do / install? > > > > > > > > Thanks in Advance. > > > > > > > > > > > > _________________________________________________________ > > > > Do You Yahoo!? > > > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > > > > > > > > ----------------------------------------------------------------- > > > --------------- > > > > For unsubscription of this list send an email to > > > [EMAIL PROTECTED] with email > > > > data containing unsubscribe emailadd sambar > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------------- > > ------ > > > For unsubscription of this list send an email to [EMAIL PROTECTED] >with > > email > > > data containing unsubscribe emailadd sambar > > > > > > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Get your free @yahoo.com address at http://mail.yahoo.com > > > > -------------------------------------------------------------------------- >------ > > For unsubscription of this list send an email to [EMAIL PROTECTED] with >email > > data containing unsubscribe emailadd sambar > >-------------------------------------------------------------------------------- >For unsubscription of this list send an email to [EMAIL PROTECTED] with >email >data containing unsubscribe emailadd sambar ____________________________________________________ </MELVYN> void wakeup() { for(long int cuppajava;drink();cuppajava++); } -------------------------------------------------------------------------------- For unsubscription of this list send an email to [EMAIL PROTECTED] with email data containing unsubscribe emailadd sambar
