protected file access by CGI script

Andre Garzia andre at andregarzia.com
Thu Aug 14 19:07:42 EDT 2008


Hi Phil,

it gets worse. In some web server environments, the files can only be
accessed depending on user & group and the file permissions. So the
trick is, make sure your files belong to the same user & group of your
user. Familiarize yourself with unix permission bits (those cryptic
things such as 755, 644) and set your files with the correct ones
depending of your objectives.

check the chmod and chown unix commands. You can use them with FTP
depending on the server like:

   get libURLftpCommand("SITE CHMOD 755",example.net:75,"root",field "password")

:-D

Andre


On Thu, Aug 14, 2008 at 7:40 PM, Phil Davis <revdev at pdslabs.net> wrote:
> Mark Schonewille wrote:
>>
>> Hi Phil,
>>
>> Assuming that your CGI script and the stack are on the same server, I
>> don't think that your CGI script needs a password and user name to read any
>> other file on the server. It should work without user name and password.
>
> The script is in an unprotected directory and the target stack is in a
> password-protected directory. Both are on the same server. I assume that the
> stackfile in the protected folder can't be read by any user or process
> unless that the folder's username & password are provided with the read
> request. Are you saying that's not the case?
>
> I'm hoping one of us is misunderstanding the other! Otherwise, what good is
> .htpasswd protection?
>
> In my experience so far, it doesn't work unless the target stackfile is in
> an unprotected directory. Then it works.
>
> Thanks Mark.
>
>> If you really want to check some password, include it as an argument to
>> the CGI.
>>
>> --
>> Best regards,
>>
>> Mark Schonewille
>>
>> Economy-x-Talk Consulting and Software Engineering
>> http://economy-x-talk.com
>> http://www.salery.biz
>>
>> Benefit from our inexpensive hosting services. See
>> http://economy-x-talk.com/server.html for more info.
>>
>> On 14 aug 2008, at 23:19, Phil Davis wrote:
>>
>>> How would one 'go to' a stack that lives in a .htpasswd protected
>>> directory?
>>>
>>> On a web server, I have a CGI script that wants to use a stack that's in
>>> a protected directory.
>>>
>>> When I try the URL form of 'go' as follows, I get a result of 'no such
>>> card':
>>>  go inv stack url
>>> "http://username:password@my.domain.com/lockedFolder/test1.rev"
>>>  go inv stack url
>>> "binfile://username:password@/home/username/my.domain.com/lockedFolder/test1.rev"
>>>  go inv stack url
>>> "binfile://home/username/my.domain.com/lockedFolder/test1.rev"
>>>
>>> When I try going to it by filepath without user/pass as follows, I get
>>> hung:
>>>  go inv stack "/home/username/my.domain.com/lockedFolder/test1.rev"
>>>
>>> Any ideas how I can get it to work? I thought about altering the
>>> .htaccess file but I'm not sure what to tell it to allow, nor if that would
>>> do the job.
>>>
>>> Thanks for all responses.
>>> --
>>> Phil Davis
>>>
>>> PDS Labs
>>> Professional Software Development
>>> http://pdslabs.net
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>
> --
> Phil Davis
>
> PDS Labs
> Professional Software Development
> http://pdslabs.net
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>



-- 
http://www.andregarzia.com All We Do Is Code.



More information about the use-livecode mailing list