Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^2: perl hide by html....

by jhourcle (Prior)
on May 01, 2005 at 13:23 UTC ( [id://453016]=note: print w/replies, xml ) Need Help??


in reply to Re: perl hide by html....
in thread perl hide by html....

Actually, it's a lot easier than that. Yes, you can use URL rewriting, like with mod_rewrite in apache, or define alternate executable paths, like you would do for mod_perl, but there's actually a concept in CGI called PATH_INFO. It allows you to pass arguments without needing the question mark to deliniate a QUERY_STRING:

http://server:port/path/script/PATH_INFO

Of course, the problem is that most web server administrators go with the default CGI script location of 'cgi-bin', or 'cgi' or something similar, which would be a giveaway. The only real requirement is that you have access to define which files get executed. This control may have been delegated to .nsconfig or .htaccess files, depending on the setup.

And of course, there's also the use of other dynamicly generated pages, other than CGI, such as by using SSI, ColdFusion, PHP, ASP, or any other text-preprocessor. Of course, once again, you will need to have that parsing configured on the webserver, but it's possible to either use only index pages, and refer to them as directories, so that the browser never sees the file extension, or to configure something like the old execute hack in Netscape web server. (if the file is marked as being executable, no matter its extension, it gets parsed or executed, or whatever you want).

Replies are listed 'Best First'.
Re^3: perl hide by html....
by kelan (Deacon) on May 02, 2005 at 17:54 UTC

    Of course, once again, you will need to have that parsing configured on the webserver, but it's possible to either use only index pages, and refer to them as directories, so that the browser never sees the file extension

    Wouldn't the index page need to be setup to be executable by file extension, though? Or do webservers usually have a configuration option to allow exection by filename rather than just extension?

[reply]

      If you're using mod_rewrite, you can set options on just about anything, but that's not quite what I was alluding to.

      For what I was talking about in that particular case, what you'd do is set your DirectoryIndex or equivalent in your web server, so that instead of referencing your pages as something like the following:

      • http://server/path/page1.html
      • http://server/path/page2.html
      • http://server/path/page3.html

      You instead use:

      • http://server/path/page1
      • http://server/path/page2
      • http://server/path/page3

      Each one of those is actually a directory, so in the case of Apache, it's going to redirect you to:

      • http://server/path/page1/
      • http://server/path/page2/
      • http://server/path/page3/

      And in each of those directories, you'll have the appropriate file extension for whatever you're trying to trigger. (index.shtml, index.php, index.jsp, index.cfm, index.cgi, etc, which you've defined as being your directory index, and configured your server to handle the extension correctly)

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://453016]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2024-04-20 04:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found