Solved

Where from .......

Posted on 1998-02-04
3
153 Views
Last Modified: 2013-12-25
Is there a way for a CGI script to tell where it's called from. I mean a way that cannot be easily forged.
0
Comment
Question by:kazic
  • 2
3 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1831915
When the server runs the cgi script, it sets the environment variable SCRIPT_NAME to the path to the script.  This will tell you what name it was called with.  If you're interested in where (i.e. remote computer) it was called from, you can examine the REMOTE_HOST and REMOTE_ADDR environment variables.
0
 
LVL 1

Author Comment

by:kazic
ID: 1831916
OK, but can you tell me how the CGI script knows where it's called from ? Can you not forge that ?
0
 
LVL 32

Accepted Solution

by:
jhance earned 200 total points
ID: 1831917
Please be more specific about what you mean by "where it's called from ".  Do you mean which remote client computer it's called from?  Or do you mean which script was run?

In the case of the client computer, or REMOTE_HOST/REMOTE_ADDR, this is determined by the web server by getting the IP address of the incoming connection.  That is the REMOTE_ADDR.  It then tries to do a reverse DNS lookup on the IP address to get the REMOTE_HOST name.  Is is possible to "forge" these.  If you use a proxy server, your web server will report the proxy as the REMOTE_ADDR instead of the true client.  

In the case of the SCRIPT_NAME, this is provided by the web server as a part of it's running the script.  As long as you have properly secured the cgi-bin directories against unauthorized use, a user will not be able to run anything that is not authorized.

If I am missing your question here, why don't you post some additional information about what you are trying to do.  Perhaps if you described the situation you are having trouble with or are trying to protect against, it would help.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell script- running set owner command on multiple servers at once 7 76
User profile Size Report 3 83
ROBOFTP UNZIP 1 53
Renaming with batch file 4 39
In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
In this tutorial I will show you how to make a simple HTML bar chart with the usage of WhizBase, If you want more information about WhizBase please read my previous articles at http://www.experts-exchange.com/ARTH_5123186.html (http://www.experts-ex…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question