I am glad it helped! One handy option is to make a few copies of that
script each for different level of access. Eg. one q1.pl which allows
SQL SELECTs only, other q2.pl that allows UPDATEs and INSERTs, yet
another q3.pl which allows even more control over the database (DROPs,
CREATE's, etc). Just make sure passwords are different and the regular
expression in "unless" clause is updated with all the corresponding
suspicious patterns to prevent:
unless ($q=~m/pattern1_to_prevent|pattern2_to_prevent|etc.../i)
All the best!
Viktoras
Tereza Snyder wrote:
Well, that victory was short-lived. The next day I couldn't get it to
work again, and the security hole was preying on my conscience, so I
decided to try one of the above suggestions. It took hours of research
and failure to get a working cgi-bin on the server (Oh how I hate
server administration! the only thing worse is working with an admin
who won't let you do anything!). Finally both the Perl script and a
Rev 3.5 cgi were saying hello, but the Perl script was already
accessing the database so, considering the short timeline, I went with
Viktoras' Perl solution, rather than be tempted into complexity. I'm
hopeful that it will meet my needs in this project as the final
deadline draws near.
I'll be employing Trevor's advice next time when I really spread my
wings (maybe) in this internet thingy.
Thank you again,
t
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution