Solved

Protecting CGI Scripts

Posted on 2000-03-20
3
219 Views
Last Modified: 2013-12-25
I have some custom CGI scripts that I want to keep others from looking at the source code. Is there anyway to do this! I've seen people set up the script so that it sends an error if it is not posted to. Also I want to set the script so that it can only be called from a particular PAGE(s) on my site. I will increase points if needed
0
Comment
Question by:CUTTHEMUSIC
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 50 total points
ID: 2636635
CGI scripts are server side scripts, so their source code cannot be seen by the end user anyway.

in order to allow only post requests to your page you can check the value of the REQUEST_METHOD variable in your CGI script.

This variable can have the value POST (for forms submitted via post method) and GET for forms via get method.

in perl this is how you would check the same.

## Get the environment variable to a local variable
$method=$ENV{'REQUEST_METHOD'};

if ($method!~ /^POST$/){ ## NOT Called via a POST method

  print "Content-type: text/html\n\n";
  print "This page can only be accessed via a POST method\n";
  exit;
}

==========================================
"........ant to set the script so that it can only be called from a particular PAGE(s) on my site....."

this can be achieved by using another environment variable called HTTP_REFERER.

$ENV{'HTTP_REFERER'} contains the URL to the page from which your CGI script was called. Thus you can not only restrict the access to your CGI script to POST method, but also control which page(s) can call a CGI script.

here is an example in PERL

There are 2 html files and 1 PERL script.

Both the html files call the SAME script. But only one of them (test.html) is the allowed HTML file.

==========test.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

==========fake.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

=============env.pl
#!/usr/local/bin/perl

print "Content-type:  text/html\n\n";

$calling_page=$ENV{'HTTP_REFERER'};

if ($calling_page=~ /.*\/test.html$/){
  print "<B>OK</B><br>\n";
}else{
  print "<B>This script cannot be invoked in this way!!</B><br>\n";
}
0
 
LVL 2

Author Comment

by:CUTTHEMUSIC
ID: 2641953
Great JOB!
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2641981
Thank you. :-)
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
Shoutout to Emily Plummer (http://www.experts-exchange.com/members/eplummer26.html) for giving me this article! She did most of it, I just finished it up and posted it for her :)    Introduction In a previous article (http://www.experts-exchang…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now