Loading ...
Sorry, an error occurred while loading the content.
 

RE: [PBML] Script security.

Expand Messages
  • Franki
    yup, thats exactly why I caned that idea. I want it so that if the user tries to log directly into the child script, it checks to see where the user came from,
    Message 1 of 13 , Apr 2, 2001
      yup, thats exactly why I caned that idea.

      I want it so that if the user tries to log directly into the child script,
      it checks to see where the user came from, and if not the parent script, it
      exits. the two methods I know would work, would be the http referer, or
      having the parent script write the users IP to file, and then require that
      file in the child script and attempt to match IP's, if no match, then it
      exits...



      Frank Hauptle
      ----/ / _
      ---/ / (_)__ __ ____ __
      --/ /__/ / _ \/ // /\ \/ /
      -/____/_/_//_/\_,_/ /_/\_\
      Gshop & Network Payment Solutions.

      -----Original Message-----
      From: Mike Payne [mailto:theseus@...]
      Sent: Tuesday, 3 April 2001 2:24 AM
      To: perl-beginner@yahoogroups.com
      Subject: RE: [PBML] Script security.


      If someone really wanted to bypass it, they could just turn javascript off,
      especially considering the fact that unless the window was opened by a
      javascript command(which it wouldn't be if they cut/pasted the url), it asks
      for a confirmation to close the window, which you can just deny and then the
      code is useless.

      -Mike


      -----Original Message-----
      From: Damien Carbery [mailto:daymobrew@...]
      Sent: Monday, April 02, 2001 2:20 PM
      To: perl-beginner@yahoogroups.com
      Subject: Re: [PBML] Script security.


      How about some Javascript... something like the following in the code
      for the pop(ed) up window:

      if ( document.referer != "http://www...." )
      self.close(); // Close oneself.

      I don't remember the exact commands, and you may want to do different
      document.referer checks e.g. only search for a document name or a
      portion of the domain name.

      --- In perl-beginner@y..., "Franki" <frankieh@v...> wrote:
      > yeah, I tried that, but because the script is printing a form with a
      > onClick="window.open('ect ect')
      > that opens the second script in the popup window, the referer
      doesn't output
      > any results.
      >
      > can I change the above so that it will work? (I'd like to keep the
      button,
      > instead of a html link if possible.)
      >
      > regards
      >
      > Frank Hauptle
      > ----/ / _
      > ---/ / (_)__ __ ____ __
      > --/ /__/ / _ \/ // /\ \/ /
      > -/____/_/_//_/\_,_/ /_/\_\
      > Gshop & Network Payment Solutions.
      >
      > -----Original Message-----
      > From: Doug Wells [mailto:dougawells@y...]
      > Sent: Tuesday, 3 April 2001 2:02 AM
      > To: perl-beginner@y...
      > Subject: Re: [PBML] Script security.
      >
      >
      > You should be able to access the environmental
      > variable HTTP_REFERER in the ENV hash.
      >
      > $ENV{'HTTP_REFERER'}
      >
      > Good luck
      >
      > Doug
      >
      > --- Franki <frankieh@v...> wrote:
      > > Hi all,
      > >
      > > I have a question that is alot more relivent then
      > > most of mine :-)
      > >
      > > I have two scripts, one generates lots of html
      > > forms.. (called man.cgi)
      > > in one of those forms, is a mini form that opens a
      > > popup window via JS and
      > > calls the second script in it.
      > >
      > > what I want to do, is have it so that the second
      > > script cannot be called on
      > > its own, it has to be called by man.cgi in the
      > > method above...
      > >
      > > I got no idea how to get it to do that.
      > >
      > > I thought maybe some way of checking refferer?
      > >
      > >
      > > can anyone make any suestions?
      > >
      > >
      > > kindest regards
      > >
      > >
      > >
      > > Frank Hauptle
      > > ----/ / _
      > > ---/ / (_)__ __ ____ __
      > > --/ /__/ / _ \/ // /\ \/ /
      > > -/____/_/_//_/\_,_/ /_/\_\
      > > Gshop & Network Payment Solutions.
      > >
      > >
      >
      >
      > __________________________________________________
      > Do You Yahoo!?
      > Get email at your own domain with Yahoo! Mail.
      > http://personal.mail.yahoo.com/?.refer=text
      >
      >
      >
      >
      > Your use of Yahoo! Groups is subject to
      http://docs.yahoo.com/info/terms/





      Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/







      Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    • Chanda Adams
      is there a command that will simply add the date to a cgi script that will be emailed? I know it s on the email, but in the form would be handy. Thanks!
      Message 2 of 13 , Apr 2, 2001
        is there a command that will simply add the date to a cgi script that will
        be emailed? I know it's on the email, but in the form would be handy.

        Thanks!
        Chanda

        --
        Chanda Adams
        adams@...
      • Damien Carbery
        #!/usr/local/bin/perl -w use strict; my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday ) = localtime(); $yday = sprintf( %02d:%02d:%02d %02d-%02d-%4d ,
        Message 3 of 13 , Apr 2, 2001
          #!/usr/local/bin/perl -w

          use strict;

          my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday ) =
          localtime();

          $yday = sprintf( "%02d:%02d:%02d %02d-%02d-%4d", $hour, $min,
          $sec, $mday, $mon, $year + 1900 );
          print $yday;

          __END__
          I know the call to localtime() could be simplified.
          I used sprintf() because I read it is more efficient than printf but,
          of course, I can't find where I read this.

          Now you have the info, you can print it with your CGI/HTML output as
          normal.

          --- In perl-beginner@y..., Chanda Adams <adams@g...> wrote:
          >
          > is there a command that will simply add the date to a cgi script
          that will
          > be emailed? I know it's on the email, but in the form would be
          handy.
          >
          > Thanks!
          > Chanda
          >
          > --
          > Chanda Adams
          > adams@g...
        Your message has been successfully submitted and would be delivered to recipients shortly.