[pca] RFE: pca-proxy.cgi without stored credentials
Martin Paul
martin at par.univie.ac.at
Tue Nov 17 17:59:27 CET 2009
Sebastian Kayser wrote:
> Sounds like a very flexible, architectural decision. Maybe with an
> exclusion list for certain variables like xrefdir/patchdir? Or the other
> way round, an explicit inclusion list. People might be concernced about
> external requests setting xrefdir/patchdir. I know, this should be
> addressed by least privileges for the pca-proxy.cgi, but it still might
> be something to think about.
I agree, on both points. I'm gonna change it to only accept certain
parameters, but of course the CGI should be restricted on the server
side as much as possible, too. Access to a pca-proxy.cgi should probably
restricted to certain (local) hosts all the time, anyway.
> This works. 40X in the long run would be nice as it looks less
> error-like from a user-perspective.
>
> $ ./pca -ad 125138
> ...
> Looking for 125138-18 (1/1)
> Trying http://pcahost/cgi-bin/pca-proxy.cgi?
> Failed (Error 500: Internal Server Error)
Something's wrong here - the "Internal Server Error" comes from apache,
not pca-proxy.cgi, so the script must have failed completely. Can you
see anything in apache_error? It should look like this on the client:
...
Looking for 142675-01 (1/1)
Trying http://www.par.univie.ac.at/local/pca/pca-proxy.cgi?
Failed (Error 500: SOA missing)
Please enter Sun Online Account User: XXX
Please enter Sun Online Account Password:
Done
------------------------------------------------------------------------------
Download Summary: 1 total, 1 successful, 0 skipped, 0 failed
Maybe just a permission problem with the CGI?
Martin.
More information about the pca
mailing list