Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??

Hello, I am writing an application that will be hosted on several Apache webservers, which may have different directory structures. The application will reference a number of directories and files ("config", "log", "data", etc.) under an application base directory. Since each server's directory structure might be different, though, the pathnames to the base directory will vary from server to server. I thought I would define an environment variable in the Apache configuration that would tell the CGI where to find its base directory, like this:

#!\strawberry\perl\bin\perl.exe use strict; use File::Spec::Functions; my $logfile = catdir($ENV{AppBase}, "mylogfile"); print "opening $logfile ...\n"; open (LOGFILE, ">>$logfile") || die "couldn't open log file \n"; print LOGFILE "test log file line"; close(LOGFILE);

That works fine, until I turn on taint mode. When I turn on taint mode, I get this:

Insecure dependency in open while running with -T switch at MyCgiProg. +pl line 8.

I understand why taint mode doesn't like my code: a malicious (or careless) Apache admin might point that ENV variable to the wrong directory and cause something important to be overwritten.

I'm sure other more seasoned programmers have handled this problem before, and I'd love to hear how you handled it. Thanks in advance for your assistance.

Regards, Darren


In reply to How to safely define a CGI program's application base directory by ddmiller

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others scrutinizing the Monastery: (14)
    As of 2014-07-30 19:03 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      My favorite superfluous repetitious redundant duplicative phrase is:









      Results (239 votes), past polls