Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

controlling access to cgi scripts

Status
Not open for further replies.
InDenial

InDenial

Technical User
Aug 1, 2003
191
NL
Hi,

I am trying to write my own weblog using perl/cgi on an appache webserver (on a unix server). I do not have control over the server. I only have control over my own part of it.

The server uses cgiwrap.

I am at the stage where I am still thinking of how to do it.

One of the parts wich is not really clear to me is how I should make sure that I and only I can update the weblog. The updating of weblog on the server is not really a problem. I am already able to run a script that makes/deletes and changes files. THe problem is that anyone who has access to that script can change it.

I thought about something like the following:

Make the html page (the interface to adding info to the webpage) accessable to everyone and put username password fields on the page. Check this against a password file.

Problem here is: where do I put the password file?.. I read somewhere that putting password related information within the website's folders is a big NO NO.

another problem is: the username password are send in clear text accross teh internet.

Another way is setting access permissions on the folders and files. This means however that those pages are probably not reachable from the internet.

another option is using htaccess files (not sure if that works on the server. Did not try it yet). Again.. it means that I have to put this file somewhere where everyone can reach it.

What would be the best way to approach this?

InDenial

 
Sort by date Sort by votes
.htaccess password files can reside outside the the web accessible space and are thus fairly secure. This is your easiest method.

The login info does go out plaintext but unless your ISP will install SSL for you its a dead issue.

I would not worry about the plaintext stuff, you'll be fine.

I recommend moveable type for a weblog, its easy to configure and very feature rich.
 
Upvote 0 Downvote
Siberian,

*is not really awake anymore (2.30am)and stopped smoking about 4 hours ago so if I ask stupid things.. just kick my ass...

Ok so I have to ask the ISP to create a .htaccess file on the server for me ? And can I assume that those ISP people understand it when I ask for an .htaccess file wich allows only me to access certain scripts?

How big an issue would it be to use .htaccess files within the web accessible space?

Thanks for the recommendation to the weblog program. Since I am not really going to make this a high end weblog and I like learning things by doing them I am writing my own simple scripts using perl. (atleast trying to write them)

InDenial

 
Upvote 0 Downvote
I understand the 'learn by doing' approach and applaud it.

You can create the .htaccess on your own. Check the FAQ's here for info on the .htaccess file.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

khanUlm
  • Locked
  • Question
Redirect to another page using cgi
Replies
0
Views
351
khanUlm
khanUlm
SrCairo
  • Locked
  • Question
cgi file execution problem
Replies
0
Views
329
SrCairo
SrCairo
codemut
  • Locked
  • Question
cgi permissions
Replies
2
Views
357
raggmopp
raggmopp
dolfantimmy
  • Locked
  • Question
Returning large binary to browswer via CGI
Replies
8
Views
531
dolfantimmy
dolfantimmy
jb53403
  • Locked
  • Question
Allowing CGI script to read directory?
Replies
0
Views
319
jb53403
jb53403

Part and Inventory Search

Sponsor

Back
Top