l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2003 Jun 26 13:39

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Perl question: determining the computer's IP addre ss
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Perl question: determining the computer's IP addre ss



On Thu, Jun 26, 2003 at 11:54:50AM -0700, Jeff Newmiller wrote:
> On Thu, 26 Jun 2003, Richard Crawford wrote:
> 
> > Adrian Kalaveshi said:
> > 
> > > Can't you just use a relative path?  i.e:
> > >
> > > <form method="post" action="../cgi-bin/group.cgi">
> > 
> > Not in this case, no.  The script refuses to execute unless it's called by
> > an absolute path.  This is a problem, I know, but I have yet to figure out
> > how to fix Apache to solve it.

It's impossible that the problem is with Apache, unless it
is munging your output. It is equally impossible for your script to
refuse to execute on a relative path, because it is impossible for
a browser to send a relative path to the server using HTTP: HTTP only
supports absolute paths, which means that relative paths must be
resolved by the *browser*.

My bet is that you're not specifying the relative path correctly.

> I would be wary of  permitting ".." in a url for security reasons.

??? It's called relative URLs. Any decent web server (read: not IIS,
historically) should be smart enough to realize if they are being used
to access an out-of-bounds location in an absolute URL. In a relative
URL, it is the *browser* that transforms it into an absolute URL, so
if it's not valid given the currently browsed location, the browser
will simply be unable to construct the absolute URL. No security
problems here.

-Micah
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!