protected file access by CGI script

Brian Yennie briany at qldlearning.com
Thu Aug 14 19:09:45 EDT 2008


Phil,

I'm afraid you seem confused about the use of .htaccess. These files  
are only for restricting remote access through Apache web servers and  
have no effect on local file access. You may be seeing the difference  
because you have tried opening the stack through an HTTP url, which is  
a bit roundabout as you are asking the local web server to serve up a  
file that is already on your local file system.

Have you tried changing:

go inv stack url "binfile://home/username/my.domain.com/lockedFolder/test1.rev 
"

to simply

start using stack "/home/username/my.domain.com/lockedFolder/ 
test1.rev"  ?

HTH

> Mark Schonewille wrote:
>> Hi Phil,
>>
>> Assuming that your CGI script and the stack are on the same server,  
>> I don't think that your CGI script needs a password and user name  
>> to read any other file on the server. It should work without user  
>> name and password.
>
> The script is in an unprotected directory and the target stack is in  
> a password-protected directory. Both are on the same server. I  
> assume that the stackfile in the protected folder can't be read by  
> any user or process unless that the folder's username & password are  
> provided with the read request. Are you saying that's not the case?
>
> I'm hoping one of us is misunderstanding the other! Otherwise, what  
> good is .htpasswd protection?
>
> In my experience so far, it doesn't work unless the target stackfile  
> is in an unprotected directory. Then it works.
>
> Thanks Mark.
>
>> If you really want to check some password, include it as an  
>> argument to the CGI.
>>
>> -- 
>> Best regards,
>>
>> Mark Schonewille
>>
>> Economy-x-Talk Consulting and Software Engineering
>> http://economy-x-talk.com
>> http://www.salery.biz
>>
>> Benefit from our inexpensive hosting services. See http://economy-x-talk.com/server.html 
>>  for more info.
>>
>> On 14 aug 2008, at 23:19, Phil Davis wrote:
>>
>>> How would one 'go to' a stack that lives in a .htpasswd protected  
>>> directory?
>>>
>>> On a web server, I have a CGI script that wants to use a stack  
>>> that's in a protected directory.
>>>
>>> When I try the URL form of 'go' as follows, I get a result of 'no  
>>> such card':
>>> go inv stack url "http://username:password@my.domain.com/lockedFolder/test1.rev 
>>> "
>>> go inv stack url "binfile://username:password@/home/username/ 
>>> my.domain.com/lockedFolder/test1.rev"
>>> go inv stack url "binfile://home/username/my.domain.com/lockedFolder/test1.rev 
>>> "
>>>
>>> When I try going to it by filepath without user/pass as follows, I  
>>> get hung:
>>> go inv stack "/home/username/my.domain.com/lockedFolder/test1.rev"
>>>
>>> Any ideas how I can get it to work? I thought about altering  
>>> the .htaccess file but I'm not sure what to tell it to allow, nor  
>>> if that would do the job.
>>>
>>> Thanks for all responses.
>>> -- 
>>> Phil Davis
>>>
>>> PDS Labs
>>> Professional Software Development
>>> http://pdslabs.net






More information about the use-livecode mailing list