Re: cgi app under embperl::object

[Brian Schoenhofer <br...@schoenhofer.ca>]

On Tue, 2004-03-30 at 08:45, Brian Schoenhofer wrote:
> On Tue, 2004-03-30 at 02:40, Gerald Richter wrote:
> > Brian Schoenhofer wrote:
> > > I have Embperl::Object setup for a directory on my Mandrake 9.2
> > > system. I have base.epl defining a page layout and would like to get
> > > a cgi app to run as if it were in a subdir of this Embperl directory.
> > > I want the cgi app to be included in my template.
> > >
> > > I have the standard Apache setup (with small Mandrake modifications)
> > > so the cgi dir is not below the dir that Embperl::Object is handling.
> > > I am thinking that if it were then it would show up in my template.
> > > This, however, would not be very secure (I don't know why but I have
> > > seen enough to know that cgi-bin is not under .../apache/htdocs due to
> > > security).
> > >
> > > What should I do?
> > >
> > 
> > If you want to include the output of your cgi script, you need to issue a
> > subrequest
> > 
> > Execute({subreq => '/cgi-bin/script.cgi'}) ;
> > 
> I was aware of the subrequest function and it works for a single
> request.  For example, the cgi app I would like to get working is a web
> calendar.  The first request to it shows it's login page nicely in my
> template.  When I login the calendar then shows up on it's own page
> without my template.  The login request goes to the cgi-bin which is
> outside of my Embperl::Object handler.
> 
> > This will include the output of the cgi script under this URI
> > 
> > Gerald
> > 
I have now noticed the EMBPERL_OBJECT_ADDPATH configuration variable. Is
it correct to assume that if I include the subdir of cgi-bin that holds
my web calendar using this config variable the whole app will show in my
template?  Is there a security concern with this approach?

Thanks for any help.

Brian



---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org

Re: cgi app under embperl::object

[Gerald Richter <ri...@ecos.de>]

> I have now noticed the EMBPERL_OBJECT_ADDPATH configuration variable.
> Is
> it correct to assume that if I include the subdir of cgi-bin that
> holds
> my web calendar using this config variable the whole app will show in
> my template?  Is there a security concern with this approach?
>

The ADDPATH will only work for files that are directly interpreted by
Embperl, not for subrequests.

You need to configure your httpd.conf in a way that all requests under
cgi-bin are handled by Embperl::Object and then Emperl::Object base template
can use the subreq parameter to make a subrequest to actualy call and embedd
the CGI.

Gerald

---------------------------------------------------------------------------
Gerald Richter            ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl

Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de          Voice:   +49 6133 939-122
WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
---------------------------------------------------------------------------
Besuchen Sie uns auf der CeBIT (18. - 24. März 2004)
Halle 6 Stand B38-452

ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info
---------------------------------------------------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org