Solved

Protecting CGI Scripts

Posted on 2000-03-20
3
242 Views
Last Modified: 2013-12-25
I have some custom CGI scripts that I want to keep others from looking at the source code. Is there anyway to do this! I've seen people set up the script so that it sends an error if it is not posted to. Also I want to set the script so that it can only be called from a particular PAGE(s) on my site. I will increase points if needed
0
Comment
Question by:CUTTHEMUSIC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 50 total points
ID: 2636635
CGI scripts are server side scripts, so their source code cannot be seen by the end user anyway.

in order to allow only post requests to your page you can check the value of the REQUEST_METHOD variable in your CGI script.

This variable can have the value POST (for forms submitted via post method) and GET for forms via get method.

in perl this is how you would check the same.

## Get the environment variable to a local variable
$method=$ENV{'REQUEST_METHOD'};

if ($method!~ /^POST$/){ ## NOT Called via a POST method

  print "Content-type: text/html\n\n";
  print "This page can only be accessed via a POST method\n";
  exit;
}

==========================================
"........ant to set the script so that it can only be called from a particular PAGE(s) on my site....."

this can be achieved by using another environment variable called HTTP_REFERER.

$ENV{'HTTP_REFERER'} contains the URL to the page from which your CGI script was called. Thus you can not only restrict the access to your CGI script to POST method, but also control which page(s) can call a CGI script.

here is an example in PERL

There are 2 html files and 1 PERL script.

Both the html files call the SAME script. But only one of them (test.html) is the allowed HTML file.

==========test.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

==========fake.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

=============env.pl
#!/usr/local/bin/perl

print "Content-type:  text/html\n\n";

$calling_page=$ENV{'HTTP_REFERER'};

if ($calling_page=~ /.*\/test.html$/){
  print "<B>OK</B><br>\n";
}else{
  print "<B>This script cannot be invoked in this way!!</B><br>\n";
}
0
 
LVL 2

Author Comment

by:CUTTHEMUSIC
ID: 2641953
Great JOB!
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2641981
Thank you. :-)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface This article introduces an authentication and authorization system for a website.  It is understood by the author and the project contributors that there is no such thing as a "one size fits all" system.  That being said, there is a certa‚Ķ
This article covers the basics of the Sass, which is a CSS extension language. You will learn about variables, mixins, and nesting.
The viewer will learn how to dynamically set the form action using jQuery.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question