Re^4: Perl CGI - Viewing logfiles

It works fine now without showing the 'softlinks' in the url after I used wfsp's suggestion.

However, I will have to figure out a way to avoid the 'softlinks' to the user directories in Apache settings, which is still a potential security issue.

Comment on Re^4: Perl CGI - Viewing logfiles - Security Issues

Replies are listed 'Best First'.
Re^5: Perl CGI - Viewing logfiles - Security Issues by Melly (Chaplain) on Jan 10, 2007 at 19:09 UTC
The point is that you don't need the softlink - indeed, as long as you keep it, your security will be compromised. Get rid of it. My script, for example, runs with links like: `<a href="/cgi-bin/viewlogs.pl?log=1">Access log</a>` [download] Your links might look like: `<a href="/cgi-bin/viewlogs.pl?username=foobar">Foobar's log</a>` [download] Once more with feeling, your perl-script can access files that are not accessable to the web-server directly, and that is the way to keep content secure. `map{$a=1-$_/10;map{$d=$a;$e=$b=$_/20-2;map{($d,$e)=(2$d$e+$a,$e2 -$d2+$b);$c=$d2+$e2>4?$d=8:_}1..50;print$c}0..59;print$/}0..20` [download] Tom Melly, pm@tomandlu.co.uk	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^5: Perl CGI - Viewing logfiles - Security Issues
by Melly (Chaplain) on Jan 10, 2007 at 19:09 UTC

The point is that you don't need the softlink - indeed, as long as you keep it, your security will be compromised. Get rid of it.

My script, for example, runs with links like:

<a href="/cgi-bin/viewlogs.pl?log=1">Access log</a>
[download]

Your links might look like:

<a href="/cgi-bin/viewlogs.pl?username=foobar">Foobar's log</a>
[download]

Once more with feeling, your perl-script can access files that are not accessable to the web-server directly, and that is the way to keep content secure.

map{$a=1-$_/10;map{$d=$a;$e=$b=$_/20-2;map{($d,$e)=(2*$d*$e+$a,$e**2
-$d**2+$b);$c=$d**2+$e**2>4?$d=8:_}1..50;print$c}0..59;print$/}0..20
[download]

Tom Melly, pm@tomandlu.co.uk

[reply]
[d/l]
[select]