Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
When you're accessing a script through the web the server's webserver handles the POST and GET requests to the script... if everything's set up properly the script will execute and the webserver will forward the script's output to the client's browser. In this situation $sreaon will not be exposed to the web client so long as the script itself does not output it; the server leaves everything to the CGI, and it's up to the CGI to determine what gets output or not.

However, the kicker here is "everything properly set up." If the webserver doesn't recognize your script as a CGI (i.e., if the permissions are set incorrectly) then a POST or GET request for your script will output the source of your script to the browser instead of the executed script's output. In addition, if there's some other CGI on your server that allows webusers to view scripts without executing them you could be exposed that way, too. (There used to be, for example, a script installed in old Apache distributions that could be abused to "echo" arbitrary sourcecode to a browser window.)

And of course your source could be read using methods other than the web server. If the server handles other services (FTP, Telnet, SSH, etc.) someone could potentially access your source and secret variable that way, too. It gets very complicated very quickly... how much effort you go to to protect your information depends on your paranoia level and the value of your data.

Gary Blackburn
Trained Killer


In reply to Re: Retrieval of script values by Trimbach
in thread Retrieval of script values by 4am

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (2)
As of 2021-10-28 21:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My first memorable Perl project was:







    Results (96 votes). Check out past polls.

    Notices?