#!perl -w
use CGI qw(:standard);
print header, start_html;
foreach $var (keys %ENV )
{
print "$var : $ENV{$var}<br />\n";
}
print end_html;
On IIS 5.0 with w2k I get:
USERPROFILE : C:\Documents and Settings\Default User
SCRIPT_NAME : /test.pl
PATH_INFO : /test.pl
OS2LIBPATH : C:\WINNT\system32\os2\dll;
REQUEST_METHOD : GET
HTTP_ACCEPT : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
COMMONPROGRAMFILES : C:\Program Files\Common Files
SERVER_SOFTWARE : Microsoft-IIS/5.0
PROGRAMFILES : C:\Program Files
OS : Windows_NT
PATHEXT : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
HTTP_USER_AGENT : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .
+NET CLR 1.1.4322)
HTTP_ACCEPT_LANGUAGE : en-gb
NUMBER_OF_PROCESSORS : 1
LOCAL_ADDR : 127.0.0.1
PATH : C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Fi
+les\Microsoft SQL Server\80\Tools\BINN
GATEWAY_INTERFACE : CGI/1.1
INCLUDE : C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\
+include\
HTTPS : off
REMOTE_HOST : 127.0.0.1
PROCESSOR_ARCHITECTURE : x86
PATH_TRANSLATED : c:\inetpub\wwwroot\test.pl
SERVER_NAME : localhost
TEMP : C:\WINNT\TEMP
HTTP_ACCEPT_ENCODING : gzip, deflate
SYSTEMDRIVE : C:
HTTP_CONNECTION : Keep-Alive
PROCESSOR_REVISION : 0308
VS71COMNTOOLS : C:\Program Files\Microsoft Visual Studio .NET 2003\Com
+mon7\Tools\
SYSTEMROOT : C:\WINNT
CONTENT_LENGTH : 0
INSTANCE_ID : 1
COMSPEC : C:\WINNT\system32\cmd.exe
WINDIR : C:\WINNT
SERVER_PORT_SECURE : 0
PROCESSOR_LEVEL : 15
SERVER_PORT : 80
REMOTE_ADDR : 127.0.0.1
SERVER_PROTOCOL : HTTP/1.1
PROCESSOR_IDENTIFIER : x86 Family 15 Model 3 Stepping 8, GenuineIntel
LIB : C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
ALLUSERSPROFILE : C:\Documents and Settings\All Users
COMPUTERNAME : VM-DEV-US
HTTP_HOST : localhost
TMP : C:\WINNT\TEMP
Now obviously some of these are going to be needed for the proper operation of the CGI, and some are just set by windows for the convenience of the application. Of course most of the superfluous ones here will have no affect whatsoever on the operation of a Perl program and just so long as you aren't letting them leak out into the outside world then they shouldn't be a problem. The standard sanitising of PATH should generally be enough. The ones that are windows specific and can be got rid of in their entirety are:
USERPROFILE
OS2LIBPATH
COMMONPROGRAMFILES
PROGRAMFILES
OS
PATHEXT
NUMBER_OF_PROCESSORS
INCLUDE
PROCESSOR_ARCHITECTURE
TEMP
SYSTEMDRIVE
PROCESSOR_REVISION
VS71COMNTOOLS
SYSTEMROOT
INSTANCE_ID
COMSPEC
WINDIR
PROCESSOR_LEVEL
PROCESSOR_IDENTIFIER
LIB
ALLUSERSPROFILE
COMPUTERNAME
TMP
Of course those on your machine will almost certainly be different.
And before anyone chimes in, no I don't believe it is a security risk to be showing the contents of these variables as a) they are not giving away any secrets and, b) the machine is on a private network behind a firewall. /J\
|