Mailing list home
  Find posts   Help

Latest messageRecent messages

Other threads:
 Prev: Event for loosing focus
 Next: specifying struct! in routine!

 Random thread

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
19-Apr 13:19 UTC
[0.089] 21.472k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

how to use a CGI script in secure mode ?

 [1/9] from: sdidierjean::yahoo::fr at: 12-Aug-2002 14:43


Hi, I try to use a CGI script with rebol but I have this error : ** User Error: Error. Target url: http://unix:83/cgi/ServBafi.r?type=charge could not be retrieved. Server response : HTTP/1.1 401 authorization Required So how can I pass the user and passwd to my CGI script ? I tried something like this : system/options/cgi/auth-type: "Basic" system/options/cgi/remote-user: "toto" But it didn't work. Thanks in advance Stephane

 [2/9] from: brett:codeconscious at: 13-Aug-2002 13:25


Check out http://www.rebol.com/docs/core23/rebolcore-13.html#sect2.2. Regards, Brett. ----- Original Message ----- From: "Stéphane Didierjean" <[sdidierjean--yahoo--fr]> To: <[rebol-list--rebol--com]> Sent: Monday, August 12, 2002 10:43 PM Subject: [REBOL] how to use a CGI script in secure mode ? Hi, I try to use a CGI script with rebol but I have this error : ** User Error: Error. Target url: http://unix:83/cgi/ServBafi.r?type=charge could not be retrieved. Server response : HTTP/1.1 401 authorization Required So how can I pass the user and passwd to my CGI script ? I tried something like this : system/options/cgi/auth-type: "Basic" system/options/cgi/remote-user: "toto" But it didn't work. Thanks in advance Stephane

 [3/9] from: stephane:didierjean-cmg:credit-agricole-sa at: 13-Aug-2002 11:12


I read this already but the probleme is not on the server parts. This is when my rebol script on a PC try to access a CGI script, the apache server want a user and password for secure reason. When internet explorer try to access a cgi script for the first time a popup windows appears where the user can enter the user and password. I don't know how to do this with in rebol. The Apache server don't care of what I enter in system/options/cgi in my rebol client script, he now that it's not "internet explorer" but "REBOL 1.2.1.3.1", so he wants a user and password. -----Message d'origine----- De : Brett Handley [mailto:[brett--codeconscious--com]] Envoyé : mardi 13 août 2002 05:26 À : [rebol-list--rebol--com] Objet : [REBOL] Re: how to use a CGI script in secure mode ? Check out http://www.rebol.com/docs/core23/rebolcore-13.html#sect2.2. Regards, Brett. ___________________________________________________________________________ Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l'intention exclusive de ses destinataires. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur par e-mail. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'étant pas sécurisées, Crédit-Agricole SA informe qu'elle ne peut accepter aucune responsabilité quant au contenu de ce message. This mail message and attachments (the "message") are solely intended for the addressees. It is confidential in nature . If you receive this message in error, please delete it and immediately notify the sender by e-mail. Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, Crédit-Agricole SA does not accept responsability for the content of this message.

 [4/9] from: gscottjones:mchsi at: 13-Aug-2002 5:47


From: "DIDIERJEAN Stéphane (CMG)"
<snip> > This is when my rebol script on a PC
<<quoted lines omitted: 7>>
> with in rebol. <snip>
Hi, Stéphane, I hesitated posting yesterday, because I don't "know" ("know" as in I "know" the sky is blue) the answer. I can suggest an approach that may work. Even if it does not work, then I may be able to help patch the http scheme to make it work for you. In ftp, one can pass the username and password in the url. This is true for REBOL and for Internet Explorer (at least for many ftp servers; some will pop-up a dialog and re-ask the sequence). ftp://my-user-name:[my-password--ftp--mysite--dom] The http scheme supports passing the username and password in a url to a proxy server, and may serve the same purpose in your situation. It is so easy to try, that I would try this first (something like the following): http://my-user-name:[my-password--unix]:83/cgi/ServBafi.r?type=charge If this does not work, then it is possible to patch the http scheme to the send the information at the correct time, but the only "easy" way to do this is to have a test site. I am guessing that it *will* work, but only a test will tell for sure. Try the approach listed above and let us know. Good luck! --Scott Jones

 [5/9] from: anton:lexicon at: 13-Aug-2002 21:00


I can't test this but there is a way to advertise that rebol is in fact Internet Explorer. (rebol spoofing as internet explorer). I am sure I saw someone on this list show how to do it, so you can search escribe rebol mail archive to find it. Sorry I can't help more, I must go. Anton.

 [6/9] from: louisaturk:coxinet at: 13-Aug-2002 6:55


From the docs: 8.5. Acting Like a Browser Normally, REBOL identifies itself to a server when it reads from a Web site. However, some servers are programmed to respond to particular browsers only. If a request to a server does not produce the correct Web page, you can change the request to make it look like it came from some other type of Web browser. Pretending to be a Web browser is done by many programs to get Web sites to respond correctly. However, this practice does end up defeating the purpose behind the browser identification. To change HTTP requests to look as though they are being sent by Netscape 4.0, you can modify the user-agent within the HTTP handler: system/options/http/user-agent: "Mozilla/4.0" Setting this variable affects all HTTP requests that follow. At 09:00 PM 8/13/2002 +1000, you wrote:

 [7/9] from: stephane:didierjean-cmg:credit-agricole-sa at: 13-Aug-2002 14:56


Thank you for all the help I got, I solve my problem with the solution of scott, I pass the username and password in the URL, it's not very secure but it works fine. By the way It doesn't seem to be a http refinement in system/options, so I canno't test this solution. Thanks -----Message d'origine----- De : Louis A. Turk [mailto:[louisaturk--coxinet--net]] Envoyé : mardi 13 août 2002 13:56 À : [rebol-list--rebol--com] Objet : [REBOL] Re: how to use a CGI script in secure mode ? From the docs: 8.5. Acting Like a Browser Normally, REBOL identifies itself to a server when it reads from a Web site. However, some servers are programmed to respond to particular browsers only. If a request to a server does not produce the correct Web page, you can change the request to make it look like it came from some other type of Web browser. Pretending to be a Web browser is done by many programs to get Web sites to respond correctly. However, this practice does end up defeating the purpose behind the browser identification. To change HTTP requests to look as though they are being sent by Netscape 4.0, you can modify the user-agent within the HTTP handler: system/options/http/user-agent: "Mozilla/4.0" Setting this variable affects all HTTP requests that follow. At 09:00 PM 8/13/2002 +1000, you wrote:
>I can't test this but there is a way to >advertise that rebol is in fact Internet Explorer.
<<quoted lines omitted: 7>>
> > the apache > > server want a user and password for secure reason. When internet
explorer
> > try to access a cgi script for the first time a popup windows > > appears where > > the user can enter the user and password. I don't know how to do this
with
> > in rebol. > > The Apache server don't care of what I enter in system/options/cgi in my
<<quoted lines omitted: 4>>
>[rebol-request--rebol--com] with "unsubscribe" in the >subject, without the quotes.
-- To unsubscribe from this list, please send an email to [rebol-request--rebol--com] with "unsubscribe" in the subject, without the quotes. ___________________________________________________________________________ Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l'intention exclusive de ses destinataires. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur par e-mail. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'étant pas sécurisées, Crédit-Agricole SA informe qu'elle ne peut accepter aucune responsabilité quant au contenu de ce message. This mail message and attachments (the "message") are solely intended for the addressees. It is confidential in nature . If you receive this message in error, please delete it and immediately notify the sender by e-mail. Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, Crédit-Agricole SA does not accept responsability for the content of this message.

 [8/9] from: brett:codeconscious at: 13-Aug-2002 22:59


Hi Stéphane, 1) SYSTEM/OPTIONS/CGI is used when your REBOL script is running as CGI on the server [quand CGI utilise le program REBOL - sur le serveur]. 2) This is for REBOL acting as a client [quand REBOL est le client]: Example: read http://username:[password--hostname]/cgi/.... You use this form again for each later read. 3) If you need to change the user-agent reported to the server you can. [si le serveur n'aime pas REBOL mais le server aime Mozilla]: Example: system/schemes/http/user-agent: "Mozilla/4.5 [en] (compatible)" 4) Pardonnez moi si je ne vous comprends pas bien :^) Regards, Brett. ----- Original Message ----- From: "DIDIERJEAN Stéphane (CMG)" <[stephane--didierjean-cmg--credit-agricole-sa--fr]> To: <[rebol-list--rebol--com]> Sent: Tuesday, August 13, 2002 7:12 PM Subject: [REBOL] Re: how to use a CGI script in secure mode ? I read this already but the probleme is not on the server parts. This is when my rebol script on a PC try to access a CGI script, the apache server want a user and password for secure reason. When internet explorer try to access a cgi script for the first time a popup windows appears where the user can enter the user and password. I don't know how to do this with in rebol. The Apache server don't care of what I enter in system/options/cgi in my rebol client script, he now that it's not "internet explorer" but "REBOL 1.2.1.3.1", so he wants a user and password. -----Message d'origine----- De : Brett Handley [mailto:[brett--codeconscious--com]] Envoyé : mardi 13 août 2002 05:26 À : [rebol-list--rebol--com] Objet : [REBOL] Re: how to use a CGI script in secure mode ? Check out http://www.rebol.com/docs/core23/rebolcore-13.html#sect2.2. Regards, Brett. ___________________________________________________________________________ Ce message et toutes les pièces jointes (ci-après le "message") sont établis à l'intention exclusive de ses destinataires. Si vous recevez ce message par erreur, merci de le détruire et d'en avertir immédiatement l'expéditeur par e-mail. Toute utilisation de ce message non conforme à sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. Les communications sur Internet n'étant pas sécurisées, Crédit-Agricole SA informe qu'elle ne peut accepter aucune responsabilité quant au contenu de ce message. This mail message and attachments (the "message") are solely intended for the addressees. It is confidential in nature . If you receive this message in error, please delete it and immediately notify the sender by e-mail. Any use other than its intended purpose, dissemination or disclosure, either whole or partial, is prohibited except if formal approval is granted. As communication on the Internet is not secure, Crédit-Agricole SA does not accept responsability for the content of this message.

 [9/9] from: gscottjones:mchsi at: 13-Aug-2002 10:04


Hi, Stéphane, From: "DIDIERJEAN Stéphane (CMG)"
> Thank you for all the help I got, I solve my > problem with the solution of scott, I pass > the username and password in the URL,
Glad it worked.
> it's not very secure but it works fine.
The http scheme encodes the username and password. While it is not passed as "clear text," it is certainly not encrypted either. The rfc that defines basic authentication explains this fact further, and it appears as though REBOL supports the standard. I suspect that Internet Explorer sends the information in the same format (encoded but not encrypted), so there is little difference.
> By the way It doesn't seem to be a http refinement > in system/options, so I canno't test this solution.
As Brett indicates the location apparently changed after this documentation was written (?). Now at:
>> system/schemes/http/user-agent
== "REBOL 1.2.1.3.1" Occasionally, a website can be very picky, in which case changing this user-agent can be very important. Apparently it was not the problem in your situation. Happy REBOLing --Scott Jones
Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted