Solved

Where from .......

Posted on 1998-02-04
3
151 Views
Last Modified: 2013-12-25
Is there a way for a CGI script to tell where it's called from. I mean a way that cannot be easily forged.
0
Comment
Question by:kazic
  • 2
3 Comments
 
LVL 32

Expert Comment

by:jhance
ID: 1831915
When the server runs the cgi script, it sets the environment variable SCRIPT_NAME to the path to the script.  This will tell you what name it was called with.  If you're interested in where (i.e. remote computer) it was called from, you can examine the REMOTE_HOST and REMOTE_ADDR environment variables.
0
 
LVL 1

Author Comment

by:kazic
ID: 1831916
OK, but can you tell me how the CGI script knows where it's called from ? Can you not forge that ?
0
 
LVL 32

Accepted Solution

by:
jhance earned 200 total points
ID: 1831917
Please be more specific about what you mean by "where it's called from ".  Do you mean which remote client computer it's called from?  Or do you mean which script was run?

In the case of the client computer, or REMOTE_HOST/REMOTE_ADDR, this is determined by the web server by getting the IP address of the incoming connection.  That is the REMOTE_ADDR.  It then tries to do a reverse DNS lookup on the IP address to get the REMOTE_HOST name.  Is is possible to "forge" these.  If you use a proxy server, your web server will report the proxy as the REMOTE_ADDR instead of the true client.  

In the case of the SCRIPT_NAME, this is provided by the web server as a part of it's running the script.  As long as you have properly secured the cgi-bin directories against unauthorized use, a user will not be able to run anything that is not authorized.

If I am missing your question here, why don't you post some additional information about what you are trying to do.  Perhaps if you described the situation you are having trouble with or are trying to protect against, it would help.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The following is a collection of cases for strange behaviour when using advanced techniques in DOS batch files. You should have some basic experience in batch "programming", as I'm assuming some knowledge and not further explain the basics. For some…
This tutorial will discuss the log-in process using WhizBase. In this article I assume you already know HTML. I will write the code using WhizBase Server Pages, so you need to know some basics in WBSP (you might look at some of my other articles abo…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question