Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

Security for CGI scripts

 [1/4] from: peter:carlsson:space:se at: 9-Oct-2000 15:16


Hello! I need to have a CGI script on a server which will allow authorized persons to get access to read/write on the server. As part of the CGI query string the username and password are provided. It will be used to update REBOL scripts on the server. It will then be necessary to set the correct permissions on the scripts. My idea is to do something like this: decode-cgi if username and password is correct then write/allow %filename [ read write execute ] filedata notify administrator about action else warn administrator about action end if Does anyone have a better/safer/working idea to provide me with? Best regards, Peter Carlsson ---------------------------------------------------------------- Peter Carlsson Tel: +46 31 735 45 26 Saab Ericsson Space AB Fax: +46 31 735 40 00 S-405 15 Göteborg Email: [peter--carlsson--space--se] SWEDEN URL: http://www.space.se

 [2/4] from: sharriff:aina:med-iq at: 9-Oct-2000 14:44


>Hello! >I need to have a CGI script on a server which will allow
<<quoted lines omitted: 15>>
>Best regards, >Peter Carlsson
Hi Peter! I trying my best to do the same thing. My solution is to present a form that validates the password and name. The form has a REBOL cgi script as an action that reads a file with a user list stored in blocks. Access types are flagged in the block, e.g [ user1 [ name "admin" read "yes" modify "no" ] ] the user is the presented with a new HTML page or form depending on the flags. The code is still unfinished because I would like to direct the output to another frame..which is still a puzzle. hope this feeble attempt helps somehow Sharriff Aina med.iq information & quality in healthcare AG

 [3/4] from: tim::johnsons-web::com at: 9-Oct-2000 19:23


Hi Peter: You could also use the username and password as pathinfo components. And of course, one could simply type that in at the browser as a URL. The pathinfo components would be available from rebol as system/options/cgi/path-info. Gives you some more options.... -Tim [peter--carlsson--space--se] wrote:

 [4/4] from: al:bri:xtra at: 9-Oct-2000 22:05


Peter Carlsson wrote:
> I need to have a CGI script on a server which will allow authorized
persons to get access to read/write on the server.
> As part of the CGI query string the username and password are provided. > > It will be used to update REBOL scripts on the server. It will then be
necessary to set the correct permissions on the scripts.
> My idea is to do something like this: > decode-cgi
<<quoted lines omitted: 5>>
> end if > Does anyone have a better/safer/working idea to provide me with?
How about allowing _FTP_ access to users who provide the correct username and password? Then they can read or write files to their hearts content. Other users can then read the files through http. Andrew Martin ICQ: 26227169 http://members.nbci.com/AndrewMartin/

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted