Security for CGI scripts
[1/4] from: peter:carlsson:space:se at: 9-Oct-2000 15:16
Hello!
I need to have a CGI script on a server which will allow
authorized persons to get access to read/write on the server.
As part of the CGI query string the username and password are
provided.
It will be used to update REBOL scripts on the server.
It will then be necessary to set the correct permissions
on the scripts.
My idea is to do something like this:
decode-cgi
if username and password is correct then
write/allow %filename [ read write execute ] filedata
notify administrator about action
else
warn administrator about action
end if
Does anyone have a better/safer/working idea to provide me with?
Best regards,
Peter Carlsson
----------------------------------------------------------------
Peter Carlsson Tel: +46 31 735 45 26
Saab Ericsson Space AB Fax: +46 31 735 40 00
S-405 15 Göteborg Email: [peter--carlsson--space--se]
SWEDEN URL: http://www.space.se
[2/4] from: sharriff:aina:med-iq at: 9-Oct-2000 14:44
>Hello!
>I need to have a CGI script on a server which will allow
<<quoted lines omitted: 15>>
>Best regards,
>Peter Carlsson
Hi Peter!
I trying my best to do the same thing. My solution is to present a form
that validates the password and name. The form has a REBOL cgi script as an
action that reads a file with a user list stored in blocks. Access types
are flagged in the block, e.g
[ user1
[ name "admin"
read "yes"
modify "no"
]
]
the user is the presented with a new HTML page or form depending on the
flags. The code is still unfinished because I would like to direct the
output to another frame..which is still a puzzle.
hope this feeble attempt helps somehow
Sharriff Aina
med.iq information & quality in healthcare AG
[3/4] from: tim::johnsons-web::com at: 9-Oct-2000 19:23
Hi Peter:
You could also use the username and password as
pathinfo components. And of course, one could simply
type that in at the browser as a URL.
The pathinfo components would be available from
rebol as system/options/cgi/path-info.
Gives you some more options....
-Tim
[peter--carlsson--space--se] wrote:
[4/4] from: al:bri:xtra at: 9-Oct-2000 22:05
Peter Carlsson wrote:
> I need to have a CGI script on a server which will allow authorized
persons to get access to read/write on the server.
> As part of the CGI query string the username and password are provided.
>
> It will be used to update REBOL scripts on the server. It will then be
necessary to set the correct permissions on the scripts.
> My idea is to do something like this:
> decode-cgi
<<quoted lines omitted: 5>>
> end if
> Does anyone have a better/safer/working idea to provide me with?
How about allowing _FTP_ access to users who provide the correct username
and password? Then they can read or write files to their hearts content.
Other users can then read the files through http.
Andrew Martin
ICQ: 26227169
http://members.nbci.com/AndrewMartin/
Notes
- Quoted lines have been omitted from some messages.
View the message alone to see the lines that have been omitted