You are viewing a plain text version of this content. The canonical link for it is here.
Posted to embperl@perl.apache.org by Brian Schoenhofer <br...@schoenhofer.ca> on 2004/03/30 05:14:18 UTC
cgi app under embperl::object
I have Embperl::Object setup for a directory on my Mandrake 9.2 system.
I have base.epl defining a page layout and would like to get a cgi app
to run as if it were in a subdir of this Embperl directory. I want the
cgi app to be included in my template.
I have the standard Apache setup (with small Mandrake modifications) so
the cgi dir is not below the dir that Embperl::Object is handling. I am
thinking that if it were then it would show up in my template. This,
however, would not be very secure (I don't know why but I have seen
enough to know that cgi-bin is not under .../apache/htdocs due to
security).
What should I do?
My setup is as follows:
Embperl/2.0b9
Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk)
mod_perl/1.99_09
Perl/v5.8.1
mod_jk2/2.0.3-dev
mod_ssl/2.0.47
--
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: cgi app under embperl::object
Posted by Gerald Richter <ri...@ecos.de>.
> I have now noticed the EMBPERL_OBJECT_ADDPATH configuration variable.
> Is
> it correct to assume that if I include the subdir of cgi-bin that
> holds
> my web calendar using this config variable the whole app will show in
> my template? Is there a security concern with this approach?
>
The ADDPATH will only work for files that are directly interpreted by
Embperl, not for subrequests.
You need to configure your httpd.conf in a way that all requests under
cgi-bin are handled by Embperl::Object and then Emperl::Object base template
can use the subreq parameter to make a subrequest to actualy call and embedd
the CGI.
Gerald
---------------------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 939-122
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
---------------------------------------------------------------------------
Besuchen Sie uns auf der CeBIT (18. - 24. März 2004)
Halle 6 Stand B38-452
ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: cgi app under embperl::object
Posted by Brian Schoenhofer <br...@schoenhofer.ca>.
On Tue, 2004-03-30 at 08:45, Brian Schoenhofer wrote:
> On Tue, 2004-03-30 at 02:40, Gerald Richter wrote:
> > Brian Schoenhofer wrote:
> > > I have Embperl::Object setup for a directory on my Mandrake 9.2
> > > system. I have base.epl defining a page layout and would like to get
> > > a cgi app to run as if it were in a subdir of this Embperl directory.
> > > I want the cgi app to be included in my template.
> > >
> > > I have the standard Apache setup (with small Mandrake modifications)
> > > so the cgi dir is not below the dir that Embperl::Object is handling.
> > > I am thinking that if it were then it would show up in my template.
> > > This, however, would not be very secure (I don't know why but I have
> > > seen enough to know that cgi-bin is not under .../apache/htdocs due to
> > > security).
> > >
> > > What should I do?
> > >
> >
> > If you want to include the output of your cgi script, you need to issue a
> > subrequest
> >
> > Execute({subreq => '/cgi-bin/script.cgi'}) ;
> >
> I was aware of the subrequest function and it works for a single
> request. For example, the cgi app I would like to get working is a web
> calendar. The first request to it shows it's login page nicely in my
> template. When I login the calendar then shows up on it's own page
> without my template. The login request goes to the cgi-bin which is
> outside of my Embperl::Object handler.
>
> > This will include the output of the cgi script under this URI
> >
> > Gerald
> >
I have now noticed the EMBPERL_OBJECT_ADDPATH configuration variable. Is
it correct to assume that if I include the subdir of cgi-bin that holds
my web calendar using this config variable the whole app will show in my
template? Is there a security concern with this approach?
Thanks for any help.
Brian
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: cgi app under embperl::object
Posted by Brian Schoenhofer <br...@schoenhofer.ca>.
On Tue, 2004-03-30 at 02:40, Gerald Richter wrote:
> Brian Schoenhofer wrote:
> > I have Embperl::Object setup for a directory on my Mandrake 9.2
> > system. I have base.epl defining a page layout and would like to get
> > a cgi app to run as if it were in a subdir of this Embperl directory.
> > I want the cgi app to be included in my template.
> >
> > I have the standard Apache setup (with small Mandrake modifications)
> > so the cgi dir is not below the dir that Embperl::Object is handling.
> > I am thinking that if it were then it would show up in my template.
> > This, however, would not be very secure (I don't know why but I have
> > seen enough to know that cgi-bin is not under .../apache/htdocs due to
> > security).
> >
> > What should I do?
> >
>
> If you want to include the output of your cgi script, you need to issue a
> subrequest
>
> Execute({subreq => '/cgi-bin/script.cgi'}) ;
>
I was aware of the subrequest function and it works for a single
request. For example, the cgi app I would like to get working is a web
calendar. The first request to it shows it's login page nicely in my
template. When I login the calendar then shows up on it's own page
without my template. The login request goes to the cgi-bin which is
outside of my Embperl::Object handler.
> This will include the output of the cgi script under this URI
>
> Gerald
>
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org
Re: cgi app under embperl::object
Posted by Gerald Richter <ri...@ecos.de>.
Brian Schoenhofer wrote:
> I have Embperl::Object setup for a directory on my Mandrake 9.2
> system. I have base.epl defining a page layout and would like to get
> a cgi app to run as if it were in a subdir of this Embperl directory.
> I want the cgi app to be included in my template.
>
> I have the standard Apache setup (with small Mandrake modifications)
> so the cgi dir is not below the dir that Embperl::Object is handling.
> I am thinking that if it were then it would show up in my template.
> This, however, would not be very secure (I don't know why but I have
> seen enough to know that cgi-bin is not under .../apache/htdocs due to
> security).
>
> What should I do?
>
If you want to include the output of your cgi script, you need to issue a
subrequest
Execute({subreq => '/cgi-bin/script.cgi'}) ;
This will include the output of the cgi script under this URI
Gerald
> My setup is as follows:
>
> Embperl/2.0b9
> Apache-AdvancedExtranetServer/2.0.47 (Mandrake Linux/6mdk)
> mod_perl/1.99_09
> Perl/v5.8.1
> mod_jk2/2.0.3-dev
> mod_ssl/2.0.47
---------------------------------------------------------------------------
Gerald Richter ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: richter@ecos.de Voice: +49 6133 939-122
WWW: http://www.ecos.de/ Fax: +49 6133 939-333
---------------------------------------------------------------------------
Besuchen Sie uns auf der CeBIT (18. - 24. März 2004)
Halle 6 Stand B38-452
ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org