in reply to Re^3: PerlPlusPlugin: Security CGI problems
in thread PerlPlusPlugin: Security CGI problems

ahh that makes sense...I have a perl_scripts folder within my public_html directory and I could put the tk script in there.
Can I use a perl program as a URL ? I thought all URLs ended in .cgi or .html Perhaps I need to ask my system admin guy
to setup a perl directory with Apache ?
or can I just call up the perl scripts from wherever they are in my home user area ?
eg. 
$URL_ROOT="/basm101/public_html/perl_scripts";

[download]
What's this Alias thing mean ?
thanks again for your help,
basm101

Replies are listed 'Best First'.
Re^5: PerlPlusPlugin: Security CGI problems
by tall_man (Parson) on Feb 21, 2003 at 18:57 UTC
    I believe they would work from a public_html directory. You should spell out the whole URL. The sample directory that comes with PerlPlusPlugin has something like this in it: 
    $URL_ROOT="http://www.Lehigh.EDU/~sol0/ptk/ppl";

    [download]
    URL's can end in many things. In fact, that's how the browser knows how to deal with the file. You need to have something like this in apache-mime.types: 
    application/x-perlplus          ppl

    [download]
    And of course you have to have the plugin installed for your Netscape browser (e.g. set it up in Preferences/Helper Applications).

    The Alias stuff is for the Apache configuration file, to allow you to have extra directories for things. I wouldn't bother with it since you can put them in your public_html directory instead.

[reply]
[d/l]
[select]
      hmm well I still don't know what Im doing wrong ! I decided to put a perl_scripts directory
      within my cgi-bin directory and go to that URL. I still get the error
      "Error:security level=60! ERROR:Attempt to execute unauthorized application failed"

      I wanted to look in the log and I stuck to the default path for it which was this: 
      open(LOG, ">>/tmp/perlplus-secure.log");

      [download]
      Should that write to the tmp directory on my system ? I looked in the tmp directory
      where all stuff like cookies from the web etc. goes..but its not there

      In fact in case it helps you help me here is the whole cgi security script: 
      use CGI;
$q = new CGI;

open(LOG, ">>/tmp/perlplus-secure.log");
$url = $q->param('URL');
print LOG "URL=" . $url . "\n";

# Some potentially useful environment variables you can play with:
#
# DOCUMENT_ROOT=/ahome
# GATEWAY_INTERFACE=CGI/1.1
# HTTP_HOST=www.xyz.edu
# HTTP_REFERER=http://www.xyz.EDU/~sol0/ptk/plop.ppl
# HTTP_USER_AGENT='Mozilla/4.5C-SGI [en] (X11; I; IRIX 6.3 IP32)'
# REMOTE_ADDR=a.b.c.d
# REMOTE_PORT=12801
# REQUEST_METHOD=POST
# REQUEST_URI=/cgi-bin/perlplus-secure.cgi
# SCRIPT_FILENAME=/home/wwwserv/cgi-bin/perlplus-secure.cgi
# SCRIPT_NAME=/cgi-bin/perlplus-secure.cgi
# SERVER_NAME=www.xyz.EDU
# SERVER_PORT=80
# SERVER_PROTOCOL=HTTP/1.0
# SERVER_SOFTWARE=Apache/1.2.6

# This example varies the security level as required for the sample pl
+ugins:

#$URL_ROOT="http://www/~eserte/ppl";
#$URL_ROOT="http://www.Lehigh.EDU/~sol0/ptk/ppl";
$URL_ROOT="http://myhost/~basm101/cgi-bin/perl_scripts";
%url = ("$URL_ROOT/neko.ppl" => 3,
    "$URL_ROOT/plop.ppl" => 3,
    "$URL_ROOT/y2k.ppl" => 3,
    "$URL_ROOT/thunder.ppl" => 3,
    "$URL_ROOT/ptk_test.ppl" => 3,
    "$URL_ROOT/quest.ppl" => 3,
    "$URL_ROOT/tktetris.ppl" => 3
       );

$sec_level= $url{$url} || 1;

print LOG "  security level=$sec_level\n";
close LOG;
                                                    
print "Content-type: application/x-perlplus:.ppl:Perl\n\n";
print "$sec_level";

      [download]
      I did screw around with the numbers, but I think level 3 means the script
      should execute.
      thanks again for your help,
      basm101
[reply]
[d/l]
[select]
        I still think it's a problem to have the scripts within cgi-bin, even if it's one directory down. That could still be confusing Apache.

        You are appending the log to a file in /tmp, which is the global one for your system, not the local one in your home directory. I would change it, because anyone might read the log there, and someone might create a file with the same name there that was not writable by you.

        One more thing you should check. When you compiled PerlPlusPlugin, did you change the URL of the checking script to be the one on your system? The address is compiled into the executable.

[reply]

In Section Seekers of Perl Wisdom