Re: A security problem
Hi Octavian, I would suggest that you use session management (I like CGI::Session but Apache::Session should also work) to store the private data about the current user rather than writing it to the second form. Good luck, William -- Lead Developer Knowmad Services Inc. || Internet Applications Database Integration http://www.knowmad.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using includes or exec to call a CGI
Have you checked that your web host allows include or exec methods in SSI's. This is frequently disabled as a security precaution. I actually have many include files being used on the web site. I also thought that there might be something about feeding headers to an HTML page that (obviously) already has headers. however when I commented out the headers in the cgi I got misconfiguration error, so that ain't it. this is something that should be very easy is becoming very frustrating. sigh Al -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: using includes or exec to call a CGI
On Fri, 25 Oct 2002 at 12:11, Al Hospers opined: have you looked at apache's documentation for mod_include? http://httpd.apache.org/docs/mod/mod_include.html AH:the cgi works fine when called in the browser as a url, here: AH: AH:http://66.186.192.77/cgi-bin/quotes/quotemaster.cgi? AH: AH:but when I embed it in the HTML it won't display. if I look at the AH:source AH:that comes back I see something like: AH: AH:div align=center class=quotesHeaderQuotes From the Edge/div AH:font color=#FF size=1 face=Arial AH:[an error occurred while processing this directive] AH:/font what is put in the httpd error log when this occurs? that information could be valuable. AH:here are the two methods I have tried: AH: AH:1) as a include in a shtml file: AH: AH:div align=centerQuotes From the Edge/div AH:font color=#FF size=1 face=Arial AH:!--#include AH:virtual=http://66.186.192.77/cgi-bin/quotes/quotemaster.cgi-- AH:/font from the mod_include documentation: Note that the comment terminator (--) should be preceded by whitespace to ensure that it isn't considered part of an SSI token. AH:2) as an exec in an shtml file AH: AH:div align=centerQuotes From the Edge/div AH:font color=#FF size=1 face=Arial AH:!--#exec cgi=http://66.186.192.77/cgi-bin/quotes/quotemaster.cgi?-- AH:/font from the mod_include documentation: The include virtual element should be used in preference to exec cgi. In particular, if you need to pass additional arguments to a CGI program, using the query string, this cannot be done with exec cgi, but can be done with include virtual, as shown here: !--#include virtual=/cgi-bin/example.cgi?argument=value -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using includes or exec to call a CGI
Have you checked that your web host allows include or exec methods in SSI's. This is frequently disabled as a security precaution. I actually have many include files being used on the web site. I also thought that there might be something about feeding headers to an HTML page that (obviously) already has headers. however when I commented out the headers in the cgi I got misconfiguration error, so that ain't it. this is something that should be very easy is becoming very frustrating. sigh Al -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
