Solved

Protecting CGI Scripts

Posted on 2000-03-20
3
213 Views
Last Modified: 2013-12-25
I have some custom CGI scripts that I want to keep others from looking at the source code. Is there anyway to do this! I've seen people set up the script so that it sends an error if it is not posted to. Also I want to set the script so that it can only be called from a particular PAGE(s) on my site. I will increase points if needed
0
Comment
Question by:CUTTHEMUSIC
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 50 total points
ID: 2636635
CGI scripts are server side scripts, so their source code cannot be seen by the end user anyway.

in order to allow only post requests to your page you can check the value of the REQUEST_METHOD variable in your CGI script.

This variable can have the value POST (for forms submitted via post method) and GET for forms via get method.

in perl this is how you would check the same.

## Get the environment variable to a local variable
$method=$ENV{'REQUEST_METHOD'};

if ($method!~ /^POST$/){ ## NOT Called via a POST method

  print "Content-type: text/html\n\n";
  print "This page can only be accessed via a POST method\n";
  exit;
}

==========================================
"........ant to set the script so that it can only be called from a particular PAGE(s) on my site....."

this can be achieved by using another environment variable called HTTP_REFERER.

$ENV{'HTTP_REFERER'} contains the URL to the page from which your CGI script was called. Thus you can not only restrict the access to your CGI script to POST method, but also control which page(s) can call a CGI script.

here is an example in PERL

There are 2 html files and 1 PERL script.

Both the html files call the SAME script. But only one of them (test.html) is the allowed HTML file.

==========test.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

==========fake.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

=============env.pl
#!/usr/local/bin/perl

print "Content-type:  text/html\n\n";

$calling_page=$ENV{'HTTP_REFERER'};

if ($calling_page=~ /.*\/test.html$/){
  print "<B>OK</B><br>\n";
}else{
  print "<B>This script cannot be invoked in this way!!</B><br>\n";
}
0
 
LVL 2

Author Comment

by:CUTTHEMUSIC
ID: 2641953
Great JOB!
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2641981
Thank you. :-)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now