Solved

Where from .......

Posted on 1998-02-04
3
150 Views
Last Modified: 2013-12-25
Is there a way for a CGI script to tell where it's called from. I mean a way that cannot be easily forged.
0
Comment
Question by:kazic
  • 2
3 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1831915
When the server runs the cgi script, it sets the environment variable SCRIPT_NAME to the path to the script.  This will tell you what name it was called with.  If you're interested in where (i.e. remote computer) it was called from, you can examine the REMOTE_HOST and REMOTE_ADDR environment variables.
0
 
LVL 1

Author Comment

by:kazic
ID: 1831916
OK, but can you tell me how the CGI script knows where it's called from ? Can you not forge that ?
0
 
LVL 32

Accepted Solution

by:
jhance earned 200 total points
ID: 1831917
Please be more specific about what you mean by "where it's called from ".  Do you mean which remote client computer it's called from?  Or do you mean which script was run?

In the case of the client computer, or REMOTE_HOST/REMOTE_ADDR, this is determined by the web server by getting the IP address of the incoming connection.  That is the REMOTE_ADDR.  It then tries to do a reverse DNS lookup on the IP address to get the REMOTE_HOST name.  Is is possible to "forge" these.  If you use a proxy server, your web server will report the proxy as the REMOTE_ADDR instead of the true client.  

In the case of the SCRIPT_NAME, this is provided by the web server as a part of it's running the script.  As long as you have properly secured the cgi-bin directories against unauthorized use, a user will not be able to run anything that is not authorized.

If I am missing your question here, why don't you post some additional information about what you are trying to do.  Perhaps if you described the situation you are having trouble with or are trying to protect against, it would help.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This tutorial will give you a fast look what you can do with WhizBase. I expect you already know how to work with HTML at least, and that you understand the basics of the internet and how the internet works. WhizBase is a server-s…
I hope you'll find this tutorial useful and interesting. So let's try to extend Tcl with a new package.  For anyone more deeply interested please check out the book "Practical Programming in Tcl and Tk". It's really one of the best written books abo…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now