protected file access by CGI script
Phil Davis
revdev at pdslabs.net
Thu Aug 14 21:06:23 EDT 2008
Brian Yennie wrote:
> Phil,
>
> I'm afraid you seem confused about the use of .htaccess. These files
> are only for restricting remote access through Apache web servers and
> have no effect on local file access. You may be seeing the difference
> because you have tried opening the stack through an HTTP url, which is
> a bit roundabout as you are asking the local web server to serve up a
> file that is already on your local file system.
>
> Have you tried changing:
>
> go inv stack url
> "binfile://home/username/my.domain.com/lockedFolder/test1.rev"
>
> to simply
>
> start using stack
> "/home/username/my.domain.com/lockedFolder/test1.rev" ?
>
> HTH
It does indeed help! It works. Thanks so much Brian - and Andre, Jim,
Mark. My permissions were good and I'm using the 2.9 engine, but I'm
pretty new to .ht____ files so... it's my time to learn! Thanks guys.
Phil
>
>> Mark Schonewille wrote:
>>> Hi Phil,
>>>
>>> Assuming that your CGI script and the stack are on the same server,
>>> I don't think that your CGI script needs a password and user name to
>>> read any other file on the server. It should work without user name
>>> and password.
>>
>> The script is in an unprotected directory and the target stack is in
>> a password-protected directory. Both are on the same server. I assume
>> that the stackfile in the protected folder can't be read by any user
>> or process unless that the folder's username & password are provided
>> with the read request. Are you saying that's not the case?
>>
>> I'm hoping one of us is misunderstanding the other! Otherwise, what
>> good is .htpasswd protection?
>>
>> In my experience so far, it doesn't work unless the target stackfile
>> is in an unprotected directory. Then it works.
>>
>> Thanks Mark.
>>
>>> If you really want to check some password, include it as an argument
>>> to the CGI.
>>>
>>> --
>>> Best regards,
>>>
>>> Mark Schonewille
>>>
>>> Economy-x-Talk Consulting and Software Engineering
>>> http://economy-x-talk.com
>>> http://www.salery.biz
>>>
>>> Benefit from our inexpensive hosting services. See
>>> http://economy-x-talk.com/server.html for more info.
>>>
>>> On 14 aug 2008, at 23:19, Phil Davis wrote:
>>>
>>>> How would one 'go to' a stack that lives in a .htpasswd protected
>>>> directory?
>>>>
>>>> On a web server, I have a CGI script that wants to use a stack
>>>> that's in a protected directory.
>>>>
>>>> When I try the URL form of 'go' as follows, I get a result of 'no
>>>> such card':
>>>> go inv stack url
>>>> "http://username:password@my.domain.com/lockedFolder/test1.rev"
>>>> go inv stack url
>>>> "binfile://username:password@/home/username/my.domain.com/lockedFolder/test1.rev"
>>>>
>>>> go inv stack url
>>>> "binfile://home/username/my.domain.com/lockedFolder/test1.rev"
>>>>
>>>> When I try going to it by filepath without user/pass as follows, I
>>>> get hung:
>>>> go inv stack "/home/username/my.domain.com/lockedFolder/test1.rev"
>>>>
>>>> Any ideas how I can get it to work? I thought about altering the
>>>> .htaccess file but I'm not sure what to tell it to allow, nor if
>>>> that would do the job.
>>>>
>>>> Thanks for all responses.
>>>> --
>>>> Phil Davis
>>>>
>>>> PDS Labs
>>>> Professional Software Development
>>>> http://pdslabs.net
>
>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
--
Phil Davis
PDS Labs
Professional Software Development
http://pdslabs.net
More information about the use-livecode
mailing list