Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cgi/perl print() to file on Windows webserver

Status
Not open for further replies.
PTAMom

PTAMom

Technical User
Sep 2, 2003
3
US
I am using an HTML form to collect info that I want to append to a file stored on the (Windows) Webserver. I process the form with a CGI/Perl script. Not unexpectedly, I get

Cant open cgi-bin\Updates.txt for append: Permission denied at cgi-bin\update.updates.pl line 10.

Makes sense - I don't want any old person updating files on the server. I get username and password from the form, but have no idea how to pass that information to a Windows box to authenticate the process. I don't speak Windows, I
speak UNIX. My webhoster uses Windows - so I'm trying to learn Windows ASAP.

The script works perfectly if I update a local version of the Updates.txt file.

Thanks for any help.



PTAMom
 
Sort by date Sort by votes
Should they be forward slashes?

Can you show some code?

--Paul
 
Upvote 0 Downvote
Actually, the main question I asked (how to append to a remote file) is really tangental to the problem. I can arrange for the web hoster to give the webserver process write permission to the file to solve that problem. The real problem is that I don't want anyone who executes the perl script to be able to append to the file.

I can hide the form that calls the perl script in a password protected directory - thats one level of indirection. But the perl script itself has to be in cgi-bin - which is not password protected. So anyone can execute the script by just typing in the url. The form askes for and passes username and password to the perl script. I can make the perl script check that password, but that means the password appears in the script itself. Is there any way that someone can request the perl script and have the webserver hand it back as text - ie without executing it? If so, the password is just sitting there waiting for some 15 year old to grab and (ab)use it. So I guess the real problem is my paranoia levels (I come by them honestly - I was the UNIX sys admin at CMU for 5 years) and my lack of familiarity with Windows OS and with what a webserver process will and won't do. Therein lies the real crux of the problem. So I imagine that this should be posted to a different forum, eh??

Thanks

PTAMom
 
Upvote 0 Downvote
PTAMom,

It was all so different 5 years ago ... ahhh bliss ..back to work

You could use one-way hashing /over SSL/ to check the hash of the password is the same as what 'your' encryption routine of the password returns(You could do part of this in JavaScript). Not just being a M$ ba$her, but there are easier ways

Not sure if this helps, but I've done a wee bit on this b4.

But levels ... go with the Perl Forum here, or rephrase the question, and try forums.devshed.com

HTH
--Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Uploading Binary Files
Replies
2
Views
264
AbidingDude
AbidingDude
SrCairo
  • Locked
  • Question
cgi file execution problem
Replies
0
Views
536
SrCairo
SrCairo
khanUlm
  • Locked
  • Question
Redirect to another page using cgi
Replies
0
Views
589
khanUlm
khanUlm
codemut
  • Locked
  • Question
cgi permissions
Replies
2
Views
573
raggmopp
raggmopp
dolfantimmy
  • Locked
  • Question
Returning large binary to browswer via CGI
Replies
8
Views
876
dolfantimmy
dolfantimmy

Part and Inventory Search

Sponsor

Back
Top