cgi security aspects

2003-03-11 Thread Skorpion 
can you give me a pice of advice of security aspects creating cgi scripts
working with apache server on linux running 2.2.19 kernel - any backdoors i
should be aware of ?
is there any chance to get a root password via badly writen cgi script - i
used mysql and psql dbd pure perl modules with dbi 1.16 while somebody hack
my machine - maybe it wasn't via cgi but i am not so sure
thanks for help or any links
greg



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: cgi security aspects

2003-03-11 Thread Bob Showalter 
Skorpion wrote:
 can you give me a pice of advice of security aspects creating cgi
 scripts working with apache server on linux running 2.2.19 kernel -
 any backdoors i should be aware of ?

See the security resources on the CGI Meta-FAQ:

http://www.perl.org/CGI_MetaFAQ.html

 is there any chance to get a root password via badly writen cgi
 script - i used mysql and psql dbd pure perl modules with dbi 1.16
 while somebody hack my machine - maybe it wasn't via cgi but i am not
 so sure thanks for help or any links greg

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Images in memory

2003-03-11 Thread Luinrandir Hernsen 
I am writing in Perl, to create a web page.
The CGI calls on itself repeatedly as you move on the map.
I need to preload some small images in memory of the players computer.
Javascript has a way of doing this, but since the cgi calls on itself, if I
put the code in my cgi
the images would only be reloaded every time the cgi ran.

I have come up with two possiblities. Have a separate window open
(minimized) with the images being loaded on it but would the other
window be able to call on them???
or use a frame with the images loaded on a window in a frame that can't be
seen.

any ideas anyony? can perl load and call on images in the clients computer?
or do I have to find a way to do this in JS?

Thanks for your time Lou


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Net::LDAP.pm

2003-03-11 Thread Susan Aurand 
Hello,
Can anyone tell me why I am receiving an error can't locate Net/LDAP.pm in @ INC (@INC 
 includes
/usr/lib/perl5/5.6.1 etc, etc etc, etc.

Thanks - Susan


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Net::LDAP.pm

2003-03-11 Thread fliptop 
On Tue, 11 Mar 2003 at 11:49, Susan Aurand opined:

SA:Hello, Can anyone tell me why I am receiving an error can't locate
SA:Net/LDAP.pm in @ INC (@INC includes /usr/lib/perl5/5.6.1 etc, etc etc,
SA:etc.

is net::ldap installed?



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Net::LDAP.pm

2003-03-11 Thread markyoung 

 Can anyone tell me why I am receiving an error can't
 locate Net/LDAP.pm in @ INC (@INC  includes
 /usr/lib/perl5/5.6.1 etc, etc etc, etc.

Yes, this means that the module you are trying to use is
not installed in any of the directories that are in the INC
list.

The module may not be installed anywhere on the server where
your stuff is running.

The Perl Cookbook has a section that tells you how you can
install modules in your own directories on your hosting
server and then use the use lib library location
statement to include another library location that should
be searched for modules.

I've never quite gotten this to work.  The farthest I've
gotten is that the use Net::LDAP (as in your case) was
being found, but then some module reference within that
module would evidently not have been resolved.

So, what I'm providing you is probably not the complete
story about how to install your own modules.  But, maybe
someone else will respond.

Thanks,
Mark


 Thanks - Susan

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

passing page URL to SSI script

2003-03-11 Thread javamaster 
I am including the same CGI script as an SSI on several web pages. I 
need to know which page the script was run from (something like the 
javascript window.location variable). I want to be able to know if the 
script was executed from index.html, or contact.html, or products.html, 
etc. I cannot find anything and I was wondering if anyone had any ideas. 
Thanks.

Tim Brom
[EMAIL PROTECTED]


--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: passing page URL to SSI script

2003-03-11 Thread Peter Kappus 
If you're using Apache, you can read from the magical environment hash to
see what URL the script was called from.

try this:  $ENV{'REQUEST_URI'};

or print them all like so:
print $_ .   .$ENV{$_} . BR for(keys(%ENV));

I'm not sure how this behaves with other servers such as IIS, but it's
probably worth a look.

good luck,
-Peter K.



-Original Message-
From: javamaster [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 2:35 PM
To: [EMAIL PROTECTED]
Subject: passing page URL to SSI script


I am including the same CGI script as an SSI on several web pages. I 
need to know which page the script was run from (something like the 
javascript window.location variable). I want to be able to know if the 
script was executed from index.html, or contact.html, or products.html, 
etc. I cannot find anything and I was wondering if anyone had any ideas. 
Thanks.

Tim Brom
[EMAIL PROTECTED]



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]