Re: CGI scripts permissions
"Octavian Rasnita" <[EMAIL PROTECTED]> wrote in message 002901c2abd3$c17cdcb0$[EMAIL PROTECTED]">news:002901c2abd3$c17cdcb0$[EMAIL PROTECTED]... > Yes I know these, but ... it seems there is no solution. > > 1. The web server is not in the same group with me, and if it will be made > to stay in the same group with me, the other users that have web pages on > that server will need to be added to that group. > > 2. I saw that I need to give read permission also for a script to work, not > only execute permissions. > > The only solution would be to run the Apache server with my user, but I > don't know how to do that. > How is this possible? You need a host that runs some type of setuid wrapper around the CGI program. heres something I noted for the group awhile back: http://groups.google.com/groups?threadm=3DACCC0E.7010903%40uakron.edu Todd W. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts permissions
I can't do that because I am not the root of that server. I am just a simple user like all other users and I don't wantthem see my files. Thank you. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] - Original Message - From: "Richard KHOO Guan Chen" <[EMAIL PROTECTED]> To: "Octavian Rasnita" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, December 25, 2002 3:24 AM Subject: Re: CGI scripts permissions I assume you are connecting to a database? CGIs should have 500 permission and SHOULD NOT contain the password. Instead write a perl module which return the database_handle and put that together with the other modules (/usr/lib/perl5/5.8.0/). Then just call the module in your CGI script. Regards Richard KHOO Guan Chen On Tue, 24 Dec 2002, Octavian Rasnita wrote: > Hello all, > > Please tell me what file permissions should I use for a CGI script. > > I don't want others users from that server to view the content of my scripts > because they contain passwords for MySQL databases. > If I chmod 755 the scripts, the other users will also be able to see the > files. > > Can I deny other users to see the content of the cgi-bin directory (chmod > 700) and chmod 755 only the files? > Or, ... do I have other options? > > Thank you. > > Teddy, > Teddy's Center: http://teddy.fcc.ro/ > Email: [EMAIL PROTECTED] > > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts permissions
Yes I know these, but ... it seems there is no solution. 1. The web server is not in the same group with me, and if it will be made to stay in the same group with me, the other users that have web pages on that server will need to be added to that group. 2. I saw that I need to give read permission also for a script to work, not only execute permissions. The only solution would be to run the Apache server with my user, but I don't know how to do that. How is this possible? In other cases, the security of CGI scripts is 0. Thank you. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] - Original Message - From: <[EMAIL PROTECTED]> To: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, December 24, 2002 7:56 PM Subject: RE: CGI scripts permissions This is going to depend somewhat on your setup, mainly what user the web server is running as and what group it might be in. You could probably set your script to be 710 if your web server is in the same group as you but not the same user as you. Or if you go to 711, then anyone can execute the script but not read it, except for the owner which may be what you want. The same essentially applies to teh directory, if the web server (owner/group) can't read the directory then it can't execute the script, so setting the directory to 700 with the web server running under a different owner/group will mean the script can't be run in a cgi context. So determine whether the web server is running as the same user as you, if so you can limit it to 700, if it is running as a different user in the same group, then 710 should do the trick, if it is a different user and group then you are looking at 711. There is a chance though I didn't think this was the case that the script also has to be readable, in which case you are looking at 750 or 755. 1st digit = user 2nd digit = group 3rd digit = all 1 = execute 2 = write 4 = read sum the permission values, 7 = (4+2+1) = read, write, execute 6 = read, write 5 = read, execute 4 = read 3 = write, execute 2 = write 1 = execute http://danconia.org On Tue, 24 Dec 2002 18:09:52 +0200, "Octavian Rasnita" <[EMAIL PROTECTED]> wrote: > Hello all, > > Please tell me what file permissions should I use for a CGI script. > > I don't want others users from that server to view the content of my scripts > because they contain passwords for MySQL databases. > If I chmod 755 the scripts, the other users will also be able to see the > files. > > Can I deny other users to see the content of the cgi-bin directory (chmod > 700) and chmod 755 only the files? > Or, ... do I have other options? > > Thank you. > > Teddy, > Teddy's Center: http://teddy.fcc.ro/ > Email: [EMAIL PROTECTED] > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts permissions
No, I don't have a problem with the web page visitors but with the other users that have accounts on that server. They could use Telnet or SSH to view the files and directories. They can see all my files if they have 755 permissions. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] - Original Message - From: "Rene Verharen" <[EMAIL PROTECTED]> To: "Beginners-CGI List" <[EMAIL PROTECTED]> Sent: Tuesday, December 24, 2002 7:44 PM Subject: Re: CGI scripts permissions Hi, At 24-12-2002 18:09 +0200, Octavian Rasnita wrote: >Please tell me what file permissions should I use for a CGI script. chmod 755 >Can I deny other users to see the content of the cgi-bin directory (chmod >700) and chmod 755 only the files? Put a index.cgi in your cgi-bin directory that routes the users to your homepage. I did this whith all my directories with no index.html in it. >> Begin index.cgi #!/usr/local/perl $detour = '/somedirectorie/welcom.html'; print "Location: $detour\n"; print "Content-Type: text/html\n"; print "\n"; >> End of index.cgi Any comments are welcome. Kind regards, Rene Verharen Please DO NOT reply to me personally. I'll get my copy from the list. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts permissions
I assume you are connecting to a database? CGIs should have 500 permission and SHOULD NOT contain the password. Instead write a perl module which return the database_handle and put that together with the other modules (/usr/lib/perl5/5.8.0/). Then just call the module in your CGI script. Regards Richard KHOO Guan Chen On Tue, 24 Dec 2002, Octavian Rasnita wrote: > Hello all, > > Please tell me what file permissions should I use for a CGI script. > > I don't want others users from that server to view the content of my scripts > because they contain passwords for MySQL databases. > If I chmod 755 the scripts, the other users will also be able to see the > files. > > Can I deny other users to see the content of the cgi-bin directory (chmod > 700) and chmod 755 only the files? > Or, ... do I have other options? > > Thank you. > > Teddy, > Teddy's Center: http://teddy.fcc.ro/ > Email: [EMAIL PROTECTED] > > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
loadable object error
I have a perl script which will work on my home computer, however, when I upload the script to the hosting site I recieve an error concerning a "loadable object" in GD.pm. I assume this is because there is some module missing on the hosting site. How do I determine what that is? Here is the error, if anyone has seen this and can help me it would be great, thank you. _ Content-type: text/html Software error: Can't locate loadable object for module GD in @INC (@INC contains: d:/Perl/lib d:/Perl/site/lib .) at d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl line 8 Compilation failed in require at d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl line 8. BEGIN failed--compilation aborted at d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl line 8. For help, please send mail to this site's webmaster, giving this error message and the time and date of the error. HTTP/1.1 200 OK Content-type: text/html [Tue Dec 24 17:31:00 2002] d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl: Can't locate loadable object for module GD in @INC (@INC contains: d:/Perl/lib d:/Perl/site/lib .) at d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl line 8 [Tue Dec 24 17:31:00 2002] d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl: Compilation failed in require at d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl line 8. [Tue Dec 24 17:31:00 2002] d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl: BEGIN failed--compilation aborted at d:\html\users\toddshifflettcom\html\cgi-bin\cheetosShowAlbum.pl line 8. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Hello i need some help
Hello, i have a program developed in perl but i need a script to make the program find a hidden value in a html text document. Ex: ... it would read the txt with the html source code and show the third line value.. for ex: print EF3854 without the ''. I have a program that uses the post method, but it needs some keys and values...that value changes all the time so i need it to search it from an .txt(key.txt) file and them send it to the prog so it can do the Post..etc.. the part of the prog is: var rawfile = key.txt (THIS WILL BE THE HTML SOURCE TXT FILE) get url http://www.berny.com/Scripts/ENTERMSG.asp?group=&kkey=&pass_id=213453 var 2wayproc = perl key.pl (THIS WOULD BE THE SCRIPT TO FIND THE HIDDEN VALUE) subst KEY6 2wayread field pass_id = 213453 field msg_id = 2666295 field key5 = 4 field 11 = $$KEY6$$ (THIS WOULD BE THE KEY I NEED) var Referer = http://www.berny.com/Scripts/ENTERMSG.asp?group=&kkey=&pass_id=213453 post url http://www.berny.com/Scripts/ENTERMSG.asp print a msg foi impressa thanks , i really need this help...i tried everything but i could not make it work...it seems to be a simple script to get a value from a txt file... _ MSN Hotmail, o maior webmail do Brasil. http://www.hotmail.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IF statments -- ORs short circuit too
--- Michael Kelly <[EMAIL PROTECTED]> wrote: > Only and's short-circuit. Or's test every argument by necessity. Mike, In just about every Perl script that has to read from or write to a file, you will see a line similar to the following: open (MYFILE, "myfile.txt") or die "Can't open myfile.txt: $!\n"; This is an conditional statement using an "or". If your statement was correct, both the open clause and the die clause would be executed and the program would never get beyond this point. But what actually happens in most instances is that the open statement succeeds and returns a value that evaluates to true. An or statement is true if at least one of its clauses is true. So if the open clause is true, Perl does not bother checking the other clause, the die statement is skipped over, and the program continues running. RobR __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGI scripts permissions
This is going to depend somewhat on your setup, mainly what user the web server is running as and what group it might be in. You could probably set your script to be 710 if your web server is in the same group as you but not the same user as you. Or if you go to 711, then anyone can execute the script but not read it, except for the owner which may be what you want. The same essentially applies to teh directory, if the web server (owner/group) can't read the directory then it can't execute the script, so setting the directory to 700 with the web server running under a different owner/group will mean the script can't be run in a cgi context. So determine whether the web server is running as the same user as you, if so you can limit it to 700, if it is running as a different user in the same group, then 710 should do the trick, if it is a different user and group then you are looking at 711. There is a chance though I didn't think this was the case that the script also has to be readable, in which case you are looking at 750 or 755. 1st digit = user 2nd digit = group 3rd digit = all 1 = execute 2 = write 4 = read sum the permission values, 7 = (4+2+1) = read, write, execute 6 = read, write 5 = read, execute 4 = read 3 = write, execute 2 = write 1 = execute http://danconia.org On Tue, 24 Dec 2002 18:09:52 +0200, "Octavian Rasnita" <[EMAIL PROTECTED]> wrote: > Hello all, > > Please tell me what file permissions should I use for a CGI script. > > I don't want others users from that server to view the content of my scripts > because they contain passwords for MySQL databases. > If I chmod 755 the scripts, the other users will also be able to see the > files. > > Can I deny other users to see the content of the cgi-bin directory (chmod > 700) and chmod 755 only the files? > Or, ... do I have other options? > > Thank you. > > Teddy, > Teddy's Center: http://teddy.fcc.ro/ > Email: [EMAIL PROTECTED] > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts permissions
Hi, At 24-12-2002 18:09 +0200, Octavian Rasnita wrote: Please tell me what file permissions should I use for a CGI script. chmod 755 Can I deny other users to see the content of the cgi-bin directory (chmod 700) and chmod 755 only the files? Put a index.cgi in your cgi-bin directory that routes the users to your homepage. I did this whith all my directories with no index.html in it. >> Begin index.cgi #!/usr/local/perl $detour = '/somedirectorie/welcom.html'; print "Location: $detour\n"; print "Content-Type: text/html\n"; print "\n"; >> End of index.cgi Any comments are welcome. Kind regards, Rene Verharen Please DO NOT reply to me personally. I'll get my copy from the list. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CGI scripts permissions
Hello all, Please tell me what file permissions should I use for a CGI script. I don't want others users from that server to view the content of my scripts because they contain passwords for MySQL databases. If I chmod 755 the scripts, the other users will also be able to see the files. Can I deny other users to see the content of the cgi-bin directory (chmod 700) and chmod 755 only the files? Or, ... do I have other options? Thank you. Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IF statments
"David Gilden" <[EMAIL PROTECTED]> wrote in message
news:r01050400-1023-E78ABED6164811D78F0D0003935B6868@[192.168.1.5]...
> Holiday greetings,
>
> I would like to be able to test for either of the two secret words
> but it seems to fail, what am I missing?
> Thanks
> Dave
>
>
> #!/usr/bin/perl
> use CGI qw/:standard/;
> use CGI::Carp qw(fatalsToBrowser);
> use strict;
>
> my $qs = $ENV{'QUERY_STRING'};
>
> my $secret_word = 'one';
> my $secret_word_guest = 'two';
>
> if (($qs ne $secret_word_guest) or ($qs ne $secret_word)) {
> print "Bad password";
> exit;
> }
>
Logic is a cool science in itself. You want to 'and' your operands, not
'or'.
'or' only evaluates its second operand if its left one is false.
lets say $qs eq 'one'.
so your conditional would look like:
if (('one' ne $secret_word_guest) or ($qs ne $secret_word)) {
which makes the left operand true, so you get unwanted behavior.
HTH,
Todd W.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: IF statments -- short circuit
On Mon, Dec 23, 2002 at 10:35:59AM -0600, David Gilden wrote:
> PERL 5.6
> OSX, Jaguar
>
> Goal, to check against two different passwords.
>
>
> I think my problem is the "or" is short 'circuited'
> is there a way for an IF statement to test for both
> values, so that either $secret_word or $secret_word_guest
> will be tested, (I am not looking for AND)
Only and's short-circuit. Or's test every argument by necessity.
> What should happen is that if $secret_word OR $secret_word_guest does not Match $qs
> Then it should print 'Fail'. It needs to check both!
It works exactly like you said. However, the way you're going about
testing the arguments seems a bit logically backwards, and that might be
messing you up. See comments:
#!/usr/bin/perl
my $qs = 'c';
my $secret_word = 'a';
my $secret_word_guest = 'b';
if ($qs !~ /$secret_word_guest|$secret_word/) {
# either the word didn't contain 'a' or it didn't contain 'b'.
# ONLY words that contain 'a' and 'b' will get through.
print "fail\n";
}
else{
# $qs contained neither 'a' nor 'b'.
print "go, ok\n";
}
This doesn't look like what you're trying to do. Additionally, your two
examples (with eq and =~, respectively) are not equivalent. Consider the
following examples:
my $test = 'a';
$test eq 'a';
# true
$test =~ /a/;
#true
$test = 'ab';
$test eq 'a';
# false -- test isn't "a"
$test eq 'b';
# false -- test isn't "b"
$test =~ /a/;
# true -- $test contains 'a'
$test =~ /b/;
# true -- $test contains 'b'
$test = 'wakka';
$test eq 'a';
# false
$test =~ /a/;
# true
Equality tests and regex matches are NOT the same thing. You can force
a regex to try to match the beginning and end of a string with ^ and $.
$test = 'wakka';
$test =~/^a$/;
# false, just like the 'eq' example
As for your example, I'd recommend cleaning it up like so:
#!/usr/bin/perl
my $qs = 'c';
my $secret_word = 'a';
my $secret_word_guest = 'b';
if ($qs =~ /$secret_word_guest|$secret_word/) {
print "pass\n";
}
else{
print "fail\n";
}
If $qs is 'c', this prints "fail". If it's 'a', it prints "pass"; if
it's 'b', it prints "pass". If it's "ab", "abba", etc, it also prints
"pass".
> Dave
Hope that wasn't too confusing to be of some help.
As was mentioned earlier, though, if you're checking a query string, you
really should 'use CGI;' and check against individual parameter values
in the query string.
perldoc CGI
--
Michael
[EMAIL PROTECTED]
http://www.jedimike.net/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
