in reply to Re^5: PerlPlusPlugin: Security CGI problems
in thread PerlPlusPlugin: Security CGI problems

hmm well I still don't know what Im doing wrong ! I decided to put a perl_scripts directory
within my cgi-bin directory and go to that URL. I still get the error
"Error:security level=60! ERROR:Attempt to execute unauthorized application failed"

I wanted to look in the log and I stuck to the default path for it which was this: 
open(LOG, ">>/tmp/perlplus-secure.log");

[download]
Should that write to the tmp directory on my system ? I looked in the tmp directory
where all stuff like cookies from the web etc. goes..but its not there

In fact in case it helps you help me here is the whole cgi security script: 
use CGI;
$q = new CGI;

open(LOG, ">>/tmp/perlplus-secure.log");
$url = $q->param('URL');
print LOG "URL=" . $url . "\n";

# Some potentially useful environment variables you can play with:
#
# DOCUMENT_ROOT=/ahome
# GATEWAY_INTERFACE=CGI/1.1
# HTTP_HOST=www.xyz.edu
# HTTP_REFERER=http://www.xyz.EDU/~sol0/ptk/plop.ppl
# HTTP_USER_AGENT='Mozilla/4.5C-SGI [en] (X11; I; IRIX 6.3 IP32)'
# REMOTE_ADDR=a.b.c.d
# REMOTE_PORT=12801
# REQUEST_METHOD=POST
# REQUEST_URI=/cgi-bin/perlplus-secure.cgi
# SCRIPT_FILENAME=/home/wwwserv/cgi-bin/perlplus-secure.cgi
# SCRIPT_NAME=/cgi-bin/perlplus-secure.cgi
# SERVER_NAME=www.xyz.EDU
# SERVER_PORT=80
# SERVER_PROTOCOL=HTTP/1.0
# SERVER_SOFTWARE=Apache/1.2.6

# This example varies the security level as required for the sample pl
+ugins:

#$URL_ROOT="http://www/~eserte/ppl";
#$URL_ROOT="http://www.Lehigh.EDU/~sol0/ptk/ppl";
$URL_ROOT="http://myhost/~basm101/cgi-bin/perl_scripts";
%url = ("$URL_ROOT/neko.ppl" => 3,
    "$URL_ROOT/plop.ppl" => 3,
    "$URL_ROOT/y2k.ppl" => 3,
    "$URL_ROOT/thunder.ppl" => 3,
    "$URL_ROOT/ptk_test.ppl" => 3,
    "$URL_ROOT/quest.ppl" => 3,
    "$URL_ROOT/tktetris.ppl" => 3
       );

$sec_level= $url{$url} || 1;

print LOG "  security level=$sec_level\n";
close LOG;
                                                    
print "Content-type: application/x-perlplus:.ppl:Perl\n\n";
print "$sec_level";

[download]
I did screw around with the numbers, but I think level 3 means the script
should execute.
thanks again for your help,
basm101

Replies are listed 'Best First'.
Re^7: PerlPlusPlugin: Security CGI problems
by tall_man (Parson) on Feb 22, 2003 at 15:17 UTC
    I still think it's a problem to have the scripts within cgi-bin, even if it's one directory down. That could still be confusing Apache.

    You are appending the log to a file in /tmp, which is the global one for your system, not the local one in your home directory. I would change it, because anyone might read the log there, and someone might create a file with the same name there that was not writable by you.

    One more thing you should check. When you compiled PerlPlusPlugin, did you change the URL of the checking script to be the one on your system? The address is compiled into the executable.

[reply]
      Right, Im getting somewhere but it still doesnt quite work !

      I have a perl scripts folder within my public_html folder. I can look at my logfile and it says: 
      URL=http://myserver/~basm101/perl_scripts/ptk_test.ppl
  security level=4

      [download]
      which seems fairly sensible. I upgraded my netscape to netscape7. Now I no longer have the Error=!60 box popping up. Instead when I go to the url pointing to the perl script I just get the browser thinking a lot about it, and telling me "Transferring data from myserver..." in the bar at the bottom of the browser. However, this still doesnt go anywhere.

      What version of netscape do you use ? I now have the most recent versions of perl, perl tk and netscape7.

      How long does your browser take to run the tk program ?
      thanks again,
      basm101
[reply]
[d/l]
        I have used the plugin successfully with netscape versions 4.78, 6.23, and 7.01. It doesn't take very much time for the tk program to start.

        When you run the perl script by itself, does it work?

[reply]

In Section Seekers of Perl Wisdom