• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 163
  • Last Modified:

Where from .......

Is there a way for a CGI script to tell where it's called from. I mean a way that cannot be easily forged.
0
kazic
Asked:
kazic
  • 2
1 Solution
 
jhanceCommented:
When the server runs the cgi script, it sets the environment variable SCRIPT_NAME to the path to the script.  This will tell you what name it was called with.  If you're interested in where (i.e. remote computer) it was called from, you can examine the REMOTE_HOST and REMOTE_ADDR environment variables.
0
 
kazicAuthor Commented:
OK, but can you tell me how the CGI script knows where it's called from ? Can you not forge that ?
0
 
jhanceCommented:
Please be more specific about what you mean by "where it's called from ".  Do you mean which remote client computer it's called from?  Or do you mean which script was run?

In the case of the client computer, or REMOTE_HOST/REMOTE_ADDR, this is determined by the web server by getting the IP address of the incoming connection.  That is the REMOTE_ADDR.  It then tries to do a reverse DNS lookup on the IP address to get the REMOTE_HOST name.  Is is possible to "forge" these.  If you use a proxy server, your web server will report the proxy as the REMOTE_ADDR instead of the true client.  

In the case of the SCRIPT_NAME, this is provided by the web server as a part of it's running the script.  As long as you have properly secured the cgi-bin directories against unauthorized use, a user will not be able to run anything that is not authorized.

If I am missing your question here, why don't you post some additional information about what you are trying to do.  Perhaps if you described the situation you are having trouble with or are trying to protect against, it would help.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now