This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
From: efflandt@xnet.com (David Efflandt)
Subject: Re: Restricting CGI w/ Passwords
Reply-To: efflandt@xnet.com
Organization: XNet Information Systems, Inc.
References: <sqh83t48t9142@corp.supernews.com> <sqidbcmrt9153@corp.supernews.com>
Message-ID: <slrn8qifrd.pss.efflandt@efflandt.xnet.com>
Newsgroups: comp.infosystems.www.authoring.cgi
Approved: Self-Moderation <authoring-cgi@boutell.com>
NNTP-Posting-Host: 206.125.69.81
Date: 28 Aug 2000 11:02:03 -0600
X-Trace: 28 Aug 2000 11:02:03 -0600, 206.125.69.81
Lines: 46
X-Original-NNTP-Posting-Host: 204.157.220.254
Path: nntp.stanford.edu!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.cwix.com!natasha.rmii.com!nntp-cust.primenet.com!huge.aa.net!206.125.69.81
Xref: nntp.stanford.edu comp.infosystems.www.authoring.cgi:92152
On 27 Aug 2000 08:38:28 -0600, Fly <fly@pcc.net> wrote:
:Yes, the web server is Apache. If I use the htaccess method wouldn't that
:restrict ALL scripts? I just want to restrict the use of a few of them.
Give your scripts a different file extension (.cgia in this case) and use
that with <Files> or <FilesMatch> directive in .htaccess. Note that the
AddHandler line is not necessary in a real ScriptAlias cgi-bin and might
not be allowed by AllowOverride settings:
AddHandler cgi-script cgia
<Files "*cgia">
AuthType Basic
AuthName "Private Scripts"
AuthUserFile /sys_path_to/.htpasswd
require valid-user
</Files>
But if you do use a password from a normal form in your CGI, make sure
that you store the password crypted and then test the password from the
form against the crypted password (using CGI.pm function mode):
exit unless (crypt(param('passwd'),$crpasswd) eq $crpasswd);
A CGI to crypt the password is available from the last 2 sites in my sig,
but note that there are 2 different types of crypt (DES and MD5), so you
should probably run that on your own system to crypt a password.
:"Fly" <fly@pcc.net> wrote in message
:news:sqh83t48t9142@corp.supernews.com...
:: Is there a way to prevent someone from running a script in my CGI
:directory?
::
:: I'd like to add a password to a given script so that only I can run the
:: script.
--
David Efflandt efflandt@xnet.com http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://hammer.prohosting.com/~cgi-wiz/ http://cgi-help.virtualave.net/
--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content. You can SELF-APPROVE your first posting
by writing the word 'passme' on a line by itself.
From: jonceramic@nospammiesno.earthlink.net (Jon S.)
Subject: Re: Restricting CGI w/ Passwords
Reply-To: jonceramic@nospammiesno.earthlink.net (Jon S.)
Organization: EarthLink Inc. -- http://www.EarthLink.net
References: <sqh83t48t9142@corp.supernews.com> <sqidbcmrt9153@corp.supernews.com>
Message-ID: <39aa7f1d.6383975@news.earthlink.net>
Newsgroups: comp.infosystems.www.authoring.cgi
Approved: Self-Moderation <authoring-cgi@boutell.com>
NNTP-Posting-Host: 206.125.69.81
Date: 28 Aug 2000 16:48:41 -0600
X-Trace: 28 Aug 2000 16:48:41 -0600, 206.125.69.81
Lines: 38
X-Original-NNTP-Posting-Host: 204.157.220.254
Path: nntp.stanford.edu!newsfeed.stanford.edu!headwall.stanford.edu!feeder.via.net!nntp.primenet.com!nntp.gblx.net!nntp-cust.primenet.com!huge.aa.net!206.125.69.81
Xref: nntp.stanford.edu comp.infosystems.www.authoring.cgi:92156
On 27 Aug 2000 08:38:28 -0600, "Fly" <fly@pcc.net> wrote:
:Yes, the web server is Apache. If I use the htaccess method wouldn't that
:restrict ALL scripts? I just want to restrict the use of a few of them.
I have made a separate "admin" directory (with a weird, unguessable
name) that I have given a password to, with the password file in a
separate, non-html accessable folder in my account directory.
However, the data sent will still be unencrypted, even if you use
.htaccess and a basic password authentication. So, to give some
protectiong for the data sent once you're in, you might want to also
use SSL (https) in addition to the basic authentication when you
actually use the form. I have also put a second password inside of my
admin scripts. It's a single word entry on the forms, and I maintain
it (enter it into all of the password fields) after I've entered it
into the form the first time. And since I only send the data via SSL,
it's encrypted from simple sniffing. That way, people need to
determine 2 passwords, not just one.
It's not perfect, but, judging from the thread on it a week or two
ago, this is about the best you can do, when combined with smart
design like naming your password field "kitty", instead of "password"
or calling your admin files "oeodoioto.cgi" instead of "edit.cgi" so
people can't guess things easily.
Search deja or remarq for the recent thread entitled "CGI for specific
user only" to see what some of the gurus told me.
Best of luck,
Jon
--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content. You can SELF-APPROVE your first posting
by writing the word 'passme' on a line by itself.
From: ellis@ftel.net (Rick Ellis)
Subject: Re: Restricting CGI w/ Passwords
Reply-To: ellis@ftel.net (Rick Ellis)
Organization: Franklin interNet http://www.franklin.net
References: <sqh83t48t9142@corp.supernews.com> <sqidbcmrt9153@corp.supernews.com>
Message-ID: <8oos27$l6g$1@ting.ftel.net>
Newsgroups: comp.infosystems.www.authoring.cgi
Approved: Self-Moderation <authoring-cgi@boutell.com>
NNTP-Posting-Host: 204.137.133.236
Date: 1 Sep 2000 11:21:55 -0600
X-Trace: 1 Sep 2000 11:21:55 -0600, 204.137.133.236
Lines: 16
X-Original-NNTP-Posting-Host: 204.157.220.254
Path: nntp.stanford.edu!newsfeed.stanford.edu!headwall.stanford.edu!feeder.via.net!nntp.primenet.com!nntp.gblx.net!nntp-cust.primenet.com!huge.aa.net!204.137.133.236
Xref: nntp.stanford.edu comp.infosystems.www.authoring.cgi:92245
In article <sqidbcmrt9153@corp.supernews.com>, Fly <fly@pcc.net> wrote:
:Yes, the web server is Apache. If I use the htaccess method wouldn't that
:restrict ALL scripts? I just want to restrict the use of a few of them.
Why not put the ones you want to restrict in a sub-directory under
cgi-bin?
--
http://www.fnet.net/~ellis/photo/linux.html
--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content. You can SELF-APPROVE your first posting
by writing the word 'passme' on a line by itself.
From: Bill Moseley <usenet@hank.org>
Subject: Re: Restricting CGI w/ Passwords
Reply-To: Bill Moseley <usenet@hank.org>
Organization: SBC Internet Services
References: <sqh83t48t9142@corp.supernews.com>
Newsgroups: comp.infosystems.www.authoring.cgi
Approved: Self-Moderation <authoring-cgi@boutell.com>
NNTP-Posting-Host: 206.125.69.81
Message-ID: <39a94156_1@huge.aa.net>
Date: 27 Aug 2000 09:27:02 -0600
X-Trace: 27 Aug 2000 09:27:02 -0600, 206.125.69.81
Lines: 24
X-Original-NNTP-Posting-Host: 204.157.220.254
Path: nntp.stanford.edu!newsfeed.stanford.edu!arclight.uoregon.edu!logbridge.uoregon.edu!nntp.primenet.com!nntp.gblx.net!nntp-cust.primenet.com!huge.aa.net!206.125.69.81
Xref: nntp.stanford.edu comp.infosystems.www.authoring.cgi:92138
On 27 Aug 2000 08:38:28 -0600 Fly (fly@pcc.net) remarked...
: Yes, the web server is Apache. If I use the htaccess method wouldn't that
: restrict ALL scripts? I just want to restrict the use of a few of them.
You might read the apache documentation about mod_auth & mod_access, and
you could also read about the Location, Files, Directory and related
directives.
So, yes, you can limit any specific directory, file, or location you
want.
This topic is so common you might have good luck by searching Deja.com
and the web although most of the examples on the web use <LIMIT> for no
good reason.
--
Bill Moseley
--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content. You can SELF-APPROVE your first posting
by writing the word 'passme' on a line by itself.
From: "Viking" <vikingrscup@rogue-spear.com>
Subject: Re: Restricting CGI w/ Passwords
Reply-To: "Viking" <vikingrscup@rogue-spear.com>
Organization: Belgacom Skynet SA/NV
References: <sqh83t48t9142@corp.supernews.com> <sqidbcmrt9153@corp.supernews.com>
Message-ID: <8obiaq$oas$1@news1.skynet.be>
Newsgroups: comp.infosystems.www.authoring.cgi
Approved: Self-Moderation <authoring-cgi@boutell.com>
NNTP-Posting-Host: 206.125.69.81
Date: 27 Aug 2000 10:15:49 -0600
X-Trace: 27 Aug 2000 10:15:49 -0600, 206.125.69.81
Lines: 48
X-Original-NNTP-Posting-Host: 204.157.220.254
Path: nntp.stanford.edu!newsfeed.stanford.edu!news.kjsl.com!news.aa.net!huge.aa.net!206.125.69.81
Xref: nntp.stanford.edu comp.infosystems.www.authoring.cgi:92139
Ok, then try this .htaccess configuration:
AuthUserFile /path/to/.htpasswd
AuthGroupFile /path/to/.htgroup
AuthName Restricted
AuthType Basic
<Files "yourscript.cgi">
Order deny, allow
Deny from all
Allow from user you
</Files>
Fly <fly@pcc.net> wrote in message news:sqidbcmrt9153@corp.supernews.com...
: Yes, the web server is Apache. If I use the htaccess method wouldn't that
: restrict ALL scripts? I just want to restrict the use of a few of them.
:
: "Fly" <fly@pcc.net> wrote in message
: news:sqh83t48t9142@corp.supernews.com...
: : Is there a way to prevent someone from running a script in my CGI
: directory?
: :
: : I'd like to add a password to a given script so that only I can run the
: : script.
: :
: :
: : --
: : PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
: : SELF-MODERATED newsgroup. aa.net and boutell.com are
: : NOT the originators of the articles and are NOT responsible
: : for their content. You can SELF-APPROVE your first posting
: : by writing the word 'passme' on a line by itself.
:
:
: --
: PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
: SELF-MODERATED newsgroup. aa.net and boutell.com are
: NOT the originators of the articles and are NOT responsible
: for their content. You can SELF-APPROVE your first posting
: by writing the word 'passme' on a line by itself.
--
PLEASE NOTE: comp.infosystems.www.authoring.cgi is a
SELF-MODERATED newsgroup. aa.net and boutell.com are
NOT the originators of the articles and are NOT responsible
for their content. You can SELF-APPROVE your first posting
by writing the word 'passme' on a line by itself.