First of all, doing my $sso = $query->param( "sso" ); system( "perl myscript.pl $sso" ); like that in a CGI script is extremely dangerous! - you are allowing anyone to execute any command on your server with this CGI script! To see what I mean, try setting $sso to "; cat /etc/passwd".
I think that any kind of calling of an external command in a CGI script should be used as rarely as possible, if at all, and even when it is used, the commands executed must be very tightly controlled to prevent this kind of security hole.
It is very likely that whatever you are trying to implement with this CGI script can probably be accomplished without calling an external command. If you could explain what you are trying to do overall, we can probably suggest a better solution.
Now, getting to your code. You say that it does not work, but don't explain what that means - How do I post a question effectively? Also, the code you posted does not compile - see Short, Self-Contained, Correct Example. As for debugging CGI scripts, try adding use CGI::Carp qw/fatalsToBrowser/; at the top of your script, and see the CGI Help Guide and Troubleshooting Perl CGI scripts.
As for what might be going wrong, aside from the above, you are calling system, which may generate output, before you finish outputting the header (print "Content-type...). Also, it's better to use $query->header instead of generating it yourself.
Lastly, if you really have a really good reason for executing external commands from a CGI script, I wrote at length about avoiding the shell here. But this is just one of several possible security holes, and by itself will probably still not close all attack possibilities.
In reply to Re: Use CGI to run a Perl script via web server
by haukex
in thread Use CGI to run a Perl script via web server
by suvajit123
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |