protected file access by CGI script

Phil Davis revdev at pdslabs.net
Thu Aug 14 18:40:23 EDT 2008


Mark Schonewille wrote:
> Hi Phil,
>
> Assuming that your CGI script and the stack are on the same server, I 
> don't think that your CGI script needs a password and user name to 
> read any other file on the server. It should work without user name 
> and password. 

The script is in an unprotected directory and the target stack is in a 
password-protected directory. Both are on the same server. I assume that 
the stackfile in the protected folder can't be read by any user or 
process unless that the folder's username & password are provided with 
the read request. Are you saying that's not the case?

I'm hoping one of us is misunderstanding the other! Otherwise, what good 
is .htpasswd protection?

In my experience so far, it doesn't work unless the target stackfile is 
in an unprotected directory. Then it works.

Thanks Mark.

> If you really want to check some password, include it as an argument 
> to the CGI.
>
> -- 
> Best regards,
>
> Mark Schonewille
>
> Economy-x-Talk Consulting and Software Engineering
> http://economy-x-talk.com
> http://www.salery.biz
>
> Benefit from our inexpensive hosting services. See 
> http://economy-x-talk.com/server.html for more info.
>
> On 14 aug 2008, at 23:19, Phil Davis wrote:
>
>> How would one 'go to' a stack that lives in a .htpasswd protected 
>> directory?
>>
>> On a web server, I have a CGI script that wants to use a stack that's 
>> in a protected directory.
>>
>> When I try the URL form of 'go' as follows, I get a result of 'no 
>> such card':
>>  go inv stack url 
>> "http://username:password@my.domain.com/lockedFolder/test1.rev"
>>  go inv stack url 
>> "binfile://username:password@/home/username/my.domain.com/lockedFolder/test1.rev" 
>>
>>  go inv stack url 
>> "binfile://home/username/my.domain.com/lockedFolder/test1.rev"
>>
>> When I try going to it by filepath without user/pass as follows, I 
>> get hung:
>>  go inv stack "/home/username/my.domain.com/lockedFolder/test1.rev"
>>
>> Any ideas how I can get it to work? I thought about altering the 
>> .htaccess file but I'm not sure what to tell it to allow, nor if that 
>> would do the job.
>>
>> Thanks for all responses.
>> -- 
>> Phil Davis
>>
>> PDS Labs
>> Professional Software Development
>> http://pdslabs.net
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>

-- 
Phil Davis

PDS Labs
Professional Software Development
http://pdslabs.net




More information about the use-livecode mailing list