httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jerome SCHLUMBERGER" <jerome.schlumber...@nexantis.net>
Subject RE: [users@httpd] URL Problem
Date Fri, 21 Feb 2003 19:02:46 GMT
Well, I am rather new with web but I do think that it's the aim of a cgi to
be executed by a browser, and for that it must be accessible. But maybe you
can check the page the request comes from and allow the execution of the cgi
only for those requests. For instance if you want to prevent a bad guy from
running a script on his own server to check of the name/pass possibilities.
But anyway it might be a poor protection. The best is still to be sure of
you cgi.

Is it a correct answer ? :)

good luck

Schlum

-----Original Message-----
From: Kuldeep Singh [mailto:kuldeep@mahindrabt.com]
Sent: Friday, February 21, 2003 9:39 AM
To: users@httpd.apache.org
Subject: [users@httpd] URL Problem


Hello Everyone

How do I prevent a user from accessing my cgi programs (or any other
page for that matter) if he gives the url in the browser.

Following is my directory structure

/main/www
    cgi-bin
    html
    temp

We have implemented a custom userid/password mechanism wherein we ask
the user and password on the first page and then we show him the menu
what depending on his userid privileges. But he can execute my cgi-bin
programs directly by typing the following in the url address box
www.website.cgi-bin/program.exe . How do I make him comeback to the
first page even if he enters the above url as the programs in the
cgi-bin folder are meant to be executed through the forms and not
directly.

Regards
Kuldeep

*********************************************************
Disclaimer

This message (including any attachments) contains
confidential information intended for a specific
individual and purpose, and is protected by law.
If you are not the intended recipient, you should
delete this message and are hereby notified that
any disclosure, copying, or distribution of this
message, or the taking of any action based on it,
is strictly prohibited.

*********************************************************

Visit us at http://www.mahindrabt.com




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message