You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Brian Schoenhofer <br...@schoenhofer.ca> on 2004/04/02 17:08:20 UTC
Re: cgi app under embperl::object
On Tue, 2004-03-30 at 08:45, Brian Schoenhofer wrote:
> On Tue, 2004-03-30 at 02:40, Gerald Richter wrote:
> > Brian Schoenhofer wrote:
> > > I have Embperl::Object setup for a directory on my Mandrake 9.2
> > > system. I have base.epl defining a page layout and would like to get
> > > a cgi app to run as if it were in a subdir of this Embperl directory.
> > > I want the cgi app to be included in my template.
> > >
> > > I have the standard Apache setup (with small Mandrake modifications)
> > > so the cgi dir is not below the dir that Embperl::Object is handling.
> > > I am thinking that if it were then it would show up in my template.
> > > This, however, would not be very secure (I don't know why but I have
> > > seen enough to know that cgi-bin is not under .../apache/htdocs due to
> > > security).
> > >
> > > What should I do?
> > >
> >
> > If you want to include the output of your cgi script, you need to issue a
> > subrequest
> >
> > Execute({subreq => '/cgi-bin/script.cgi'}) ;
> >
> I was aware of the subrequest function and it works for a single
> request. For example, the cgi app I would like to get working is a web
> calendar. The first request to it shows it's login page nicely in my
> template. When I login the calendar then shows up on it's own page
> without my template. The login request goes to the cgi-bin which is
> outside of my Embperl::Object handler.
>
> > This will include the output of the cgi script under this URI
> >
> > Gerald
> >
I have now noticed the EMBPERL_OBJECT_ADDPATH configuration variable. Is
it correct to assume that if I include the subdir of cgi-bin that holds
my web calendar using this config variable the whole app will show in my
template? Is there a security concern with this approach?
Thanks for any help.
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: cgi app under embperl::object
Posted by Gerald Richter <ri...@ecos.de>.
> I have now noticed the EMBPERL_OBJECT_ADDPATH configuration variable.
> Is
> it correct to assume that if I include the subdir of cgi-bin that
> holds
> my web calendar using this config variable the whole app will show in
> my template? Is there a security concern with this approach?
>
The ADDPATH will only work for files that are directly interpreted by
Embperl, not for subrequests.
You need to configure your httpd.conf in a way that all requests under
cgi-bin are handled by Embperl::Object and then Emperl::Object base template
can use the subreq parameter to make a subrequest to actualy call and embedd
the CGI.
Gerald
---------------------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 939-122
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
---------------------------------------------------------------------------
Besuchen Sie uns auf der CeBIT (18. - 24. März 2004)
Halle 6 Stand B38-452
ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org