Solved

Protecting CGI Scripts

Posted on 2000-03-20
3
226 Views
Last Modified: 2013-12-25
I have some custom CGI scripts that I want to keep others from looking at the source code. Is there anyway to do this! I've seen people set up the script so that it sends an error if it is not posted to. Also I want to set the script so that it can only be called from a particular PAGE(s) on my site. I will increase points if needed
0
Comment
Question by:CUTTHEMUSIC
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
maneshr earned 50 total points
ID: 2636635
CGI scripts are server side scripts, so their source code cannot be seen by the end user anyway.

in order to allow only post requests to your page you can check the value of the REQUEST_METHOD variable in your CGI script.

This variable can have the value POST (for forms submitted via post method) and GET for forms via get method.

in perl this is how you would check the same.

## Get the environment variable to a local variable
$method=$ENV{'REQUEST_METHOD'};

if ($method!~ /^POST$/){ ## NOT Called via a POST method

  print "Content-type: text/html\n\n";
  print "This page can only be accessed via a POST method\n";
  exit;
}

==========================================
"........ant to set the script so that it can only be called from a particular PAGE(s) on my site....."

this can be achieved by using another environment variable called HTTP_REFERER.

$ENV{'HTTP_REFERER'} contains the URL to the page from which your CGI script was called. Thus you can not only restrict the access to your CGI script to POST method, but also control which page(s) can call a CGI script.

here is an example in PERL

There are 2 html files and 1 PERL script.

Both the html files call the SAME script. But only one of them (test.html) is the allowed HTML file.

==========test.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

==========fake.html
<a href="/cgi-bin/env.pl">Click here for HTTP Referer variable</a>

=============env.pl
#!/usr/local/bin/perl

print "Content-type:  text/html\n\n";

$calling_page=$ENV{'HTTP_REFERER'};

if ($calling_page=~ /.*\/test.html$/){
  print "<B>OK</B><br>\n";
}else{
  print "<B>This script cannot be invoked in this way!!</B><br>\n";
}
0
 
LVL 2

Author Comment

by:CUTTHEMUSIC
ID: 2641953
Great JOB!
0
 
LVL 16

Expert Comment

by:maneshr
ID: 2641981
Thank you. :-)
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface This article introduces an authentication and authorization system for a website.  It is understood by the author and the project contributors that there is no such thing as a "one size fits all" system.  That being said, there is a certa…
What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question