r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[CGI] web server issues

Janeks
21-Aug-2006
[552x2]
Personaly I do not like M$ as it is monster. ;-)

But in my last and current work I am not responsible on which web 
server to chose and therefore neither for security of web server.

And I am trying to separate my  resposibility and SP responsibility, 
but of course there is cases when they overlaps.

I am just trying to find  as much as possible info about security 
of web servers and it does no matter if it is M$ or not .

My first installations was on IIS 5.0 in intranet - so I relied on 
firewall. The last case is in public internet. 

So I think if there are no possibility to upload danger cgi scripts 
or pass danger code to existing scripts, than from my side I did 
all.
Anton, do you have any idea about ** Near: size-text self  with Linux 
and rebview for cgi?
Pekr
21-Aug-2006
[554]
hmm, size-text - it does sound like a native. IMO it is wrapper for 
OS level function, returning pixel size of particular text .... could 
that be a problem of some missing os library?
Anton
21-Aug-2006
[555x2]
I haven't used rebol much on linux, yet, but the error sounds suspiciously 
like the common mistake of running rebol without X running, as Tom 
said. The linux server you are uploading rebview to may very well 
*not* be running X.  If that is the case, you will have to settle 
with Rebol/Core only.  Do you really need View features ?  I know 
some people found that they missed some image manipulation functions 
from Rebol/View that are not available in Rebol/Core.
Do you have a linux box at home to play with ? You could try install 
Rebol/View on it without X running and see what error you get...
Volker
21-Aug-2006
[557]
size-text: xwindows is client/server. the x-server , that is your 
local computer, which offers to aplications to display things to 
you. And it has some important informations locally, especially the 
fonts (and can cache images and such).

/view needs access to the fonts and so access to a running x-server. 
the x-libs are only an interface to connect to the server. (The xserver-libs 
could be used directly, but well, /view does not do that. Seems to 
be tricky.)
A incomplete sketch how to do it, with no attention to security:

So with /view you need a running x-server, one way to do that  headless 
is vnc.  Can also run on another machine. 

Then you need to tell  rebol where it is, there is an env-var $DISPLAY. 
Which must be set before rebol runs. Did not figure out how to configure 
that. Running a bash-script as cgi, set  $DISPLAY, call the real 
rebol-script should work. And there may be issues with authentification, 
x-windows does not like everyone to connect by default, or the other 
way around, its too easy to make it too open ("xhost + ip"). There 
are more secure ways, but looked more complicated and i never tried. 
All in all i would run such things on windows.
Janeks
22-Aug-2006
[558]
Sounds like I should to think about other solutions of human control 
and image resizing & texts on them.
It is a pitty.

Human control could be organized by just set of image files with 
some "kidnaping" fonts letters and some simple script in Core.

Image resizing (f.ex. when uploading) theoreticaly could be done 
with Core - but it seems too much work for me now, because I dont 
know yet how image files is built and those resizing algorithms.
And about text placing on uploaded images I can forget.
All things above could be done in View just fine.
:(

It was good idea, that I made first my private blog site on Linux. 
Despite Rebol runs on so many systems - running the same things on 
other systems should be checked before. Especialy if there are no 
expierence of work on that system.


BTW I found in the google the similar response was caused from uncomplete 
View instalation: http://demo.rebol.net/list/list-msgs/34071.html
But it looks that this is not the case.
Graham
22-Aug-2006
[559]
why don't you use imagemagick with rebol ?
Janeks
22-Aug-2006
[560x2]
Because I don't know it.

And I whanted to use my blog site as demo for all those good things 
that could be done with Rebol.

But whell - as I undertood I can use it on Linux web server. Anyway 
thanks, Graham, I will check how can I use them.
It's looks like I first try to negotiate with SP - probably he could 
help.
Edgar
22-Aug-2006
[562]
So Graham, is ImageMagick working okay with you in Rebol? Which version 
did you finally use?
Henrik
22-Aug-2006
[563]
graham, and how fast is it?
Graham
22-Aug-2006
[564x2]
I'm using the com+ server at present stil as I wasn't able to get 
your script to work.  When I have time, I'll try again.
Henrik, at present I am converting PDFs to JPG, and since it uses 
ghostscript as well, it is not that fast ... but I don't have too 
long a wait.
Henrik
22-Aug-2006
[566x2]
ah, so it's not useful for realtime stuff?
I'm missing a compact solution to make high quality thumbs. if only 
DRAW was up to the task...
Graham
22-Aug-2006
[568x2]
imagemagick is very fast
just not for the things I'm doing with it.
Henrik
22-Aug-2006
[570]
it's not easy to bundle with an app, is it?
Graham
22-Aug-2006
[571x5]
sure ...
just include the dlls you need
or, presumably, include the ole object, and register it when the 
program installs
although again, I could not get the ole object to work just by registering 
it with regsrvr
No time to figure this all out .. just ask users to install Imagemagick 
:)
Henrik
22-Aug-2006
[576]
well, it's a no go for me. everything has to be bundled into a single 
lightweight package. I think it's a little absurd having to blow 
up the app by a factor of 2-5 in size, just to get pretty thumbnail 
generation for it. I hope a future version of DRAW will allow better 
downscaling.
Graham
22-Aug-2006
[577]
my app is less than 1 mb, and the installer is 40mb :)
james_nak
25-Sep-2006
[578]
Does anyone have any ideas about how to approach a web-based gui 
that allows users to upload multiple files at one time without having 
a series of  "inputs?" I'd like to have users do a ctrl select when 
they are browsing for multiple files to send. Thanks.
Oldes
25-Sep-2006
[579]
I'm doing multiple file uploads using flash8
james_nak
25-Sep-2006
[580x2]
Oldes, I knew you would say that! : )
Is that in your example code?
Oldes
25-Sep-2006
[582x2]
there is only one file upload in the examples - http://box.lebeda.ws/~hmm/rswf/index.php?example=142
i think, it's not possible in pure html
james_nak
25-Sep-2006
[584x2]
No, it isn't which is kind of strange. I would use the Rebol plugin 
but I haven't had too much success and I don't want to create more 
work supporting users.
Thanks.
Oldes
25-Sep-2006
[586]
if you want to upload more files using flash, it's very simillar 
to the example above, just you have to use FileReferenceList! instead 
of FileReference!
james_nak
25-Sep-2006
[587]
OK, I'm going to try it. Does the flash also handle the file saving 
portion?
Oldes
25-Sep-2006
[588x2]
here is ActionScript doc example: http://livedocs.macromedia.com/flash/8/main/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00002226.html
what is file saving portion?
james_nak
25-Sep-2006
[590]
I mean, does it simply send it to a cgi program or does it save the 
files sent as well?
Oldes
25-Sep-2006
[591]
it just sends data to cgi (one by one = not all at once)
james_nak
25-Sep-2006
[592]
Oh, OK. I get it. Thanks!
Oldes
25-Sep-2006
[593x2]
so on the cgi side you get just one file as from one input file field
maybe I can make some example in the future
james_nak
25-Sep-2006
[595]
OK, that should be good.
Gabriele
25-Sep-2006
[596]
you can probably handle multiple files using javascript too. (qtask 
does it, but i never used it so i don't know how it's done.)
james_nak
25-Sep-2006
[597x2]
Hmmm, I'll look into that as well. Thanks.
I checked it out and it basically has a button to add more inputs 
to the page. There was a snippet available on the web that does this. 
That definitely is a possiblity.
Oldes
26-Sep-2006
[599]
Yes, more input-file fields is possible as well, just you may reach 
the upload size limit more easily. Most servers I used has maximum 
2MB per post, so if you want to upload 5 images with 1MB, you will 
not be able to post them at once.
james_nak
26-Sep-2006
[600]
Yes, that may be a concern as well. I'm running on a virtual server 
so I could change those parameters. Maybe I should investigate some 
type of Rebol client app. instead. Basically, what I'm after is a 
what for my students to send in their homework files that is better 
and smarter than this dropbox solution that they have now. It doesn't 
give them feedback of a successful upload and I end up with files 
upon files of slightly uncategorized uploads.
Ashley
27-Sep-2006
[601]
I'm using FormMail.pl to handle some simple contact details collection, 
but seems it is not highly regarded in the Perl community due to 
it's vulnerability to SPAM and bots. nms seems to offer a more secure 
version, http://nms-cgi.sourceforge.net/faq_nms.html, but I haven't 
done anything with Perl for years now. Anyone have a suggestion for 
a good FormMail.pl replacement, are are rumors of it's death greatly 
exaggerated?