?
Solved

Protecting CGI Scripts

Posted on 2000-03-20
3
Medium Priority
?
249 Views
Last Modified: 2013-12-25
I have some custom CGI scripts that I want to keep others from looking at the source code. Is there anyway to do this! I've seen people set up the script so that it sends an error if it is not posted to. Also I want to set the script so that it can only be called from a particular PAGE(s) on my site. I will increase points if needed
0
Comment
Question by:CUTTHEMUSIC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 200 total points
ID: 2636635
CGI scripts are server side scripts, so their source code cannot be seen by the end user anyway.

in order to allow only post requests to your page you can check the value of the REQUEST_METHOD variable in your CGI script.

This variable can have the value POST (for forms submitted via post method) and GET for forms via get method.

in perl this is how you would check the same.

## Get the environment variable to a local variable
$method=$ENV{'REQUEST_METHOD'};

if ($method!~ /^POST$/){ ## NOT Called via a POST method

  print "Content-type: text/html\n\n";
  print "This page can only be accessed via a POST method\n";
  exit;
}

==========================================
"........ant to set the script so that it can only be called from a particular PAGE(s) on my site....."

this can be achieved by using another environment variable called HTTP_REFERER.

$ENV{'HTTP_REFERER'} contains the URL to the page from which your CGI script was called. Thus you can not only restrict the access to your CGI script to POST method, but also control which page(s) can call a CGI script.

here is an example in PERL

There are 2 html files and 1 PERL script.

Both the html files call the SAME script. But only one of them (test.html) is the allowed HTML file.

==========test.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

==========fake.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

=============env.pl
#!/usr/local/bin/perl

print "Content-type:  text/html\n\n";

$calling_page=$ENV{'HTTP_REFERER'};

if ($calling_page=~ /.*\/test.html$/){
  print "<B>OK</B><br>\n";
}else{
  print "<B>This script cannot be invoked in this way!!</B><br>\n";
}
0
 
LVL 2

Author Comment

by:CUTTHEMUSIC
ID: 2641953
Great JOB!
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2641981
Thank you. :-)
0

Featured Post

Are You Using the Best Web Development Editor?

The worlds of web hosting and web development are constantly evolving. Every year we see design trends change, coding standards adapt and new frameworks/CMS created. With such a quick pace of change it’s easy to get lost trying to keep up.

See if your editor made the list.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question