r3wp [groups: 83 posts: 189283]
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

World: r3wp

[CGI] web server issues

DanielSz
26-Jul-2007
[691]
Yeah, I remember some tips you contributed to the rebolzine on posting 
to web forms, way back... Anyway, I think I won't tinker with the 
http scheme, kinda dpressing thought, especially since I have great 
hopes to achieve what I need using curl and the shell capability 
of Rebol. Let curl do that work, afte r all, that's what' it's meant 
to do best.
Graham
26-Jul-2007
[692x2]
I found the script .. written in 2002.
Undocumented .. but basically it took a directory of jpegs and zip 
files and uploaded them to a java based webserver that required custom 
headers
DanielSz
26-Jul-2007
[694x2]
Great, can I see it?
And the good news is: curl does it flawlessly. I just saved myself 
two weeks of headaches. I am a reboller, but not a purist, if I find 
a better tool to do something, that's cool with me.
Graham
26-Jul-2007
[696]
Sent.
DanielSz
26-Jul-2007
[697]
Received. Thanks, indeed.
james_nak
30-Aug-2007
[698]
Anyone know the answer to this one? 

I have a cgi script that sends an email out. The problem is that 
I want to send to an address that has the same domain name as the 
website but whose mail server is not located there (It's an Exchange 
Server). Any other address works fine as expected. I think it has 
to do with the mx records but, the weird thing is that if I generate 
an email via php, it goes through. Therefore I'm thinking Rebol can 
do it too. 

I've used set-net  for the smtp server and have set it a different 
server completely but still no go.
And I'm in the process of having the MX records changed.
Graham
30-Aug-2007
[699]
what is the trace/net say?
james_nak
31-Aug-2007
[700]
Oh, Haven't tried that. I'll see.
Gabriele
31-Aug-2007
[701]
usually PHP uses the sendmail command directly, not SMTP, so it can't 
be compared unfortunately (ie the fact tha php can send mails does 
not guarantee that rebol can). but, you could use CALL and call sendmail 
directly too if there is no other option.
Graham
31-Aug-2007
[702]
why not try using set-net [ email localhost ]
james_nak
6-Sep-2007
[703]
Thanks all. In the end I switched hosts and their mx records work 
so problem solved.
Pekr
17-Sep-2007
[704x3]
I mentioned the possibility (to overcome REBOL web-hosting) to place 
rebol executable directly in the /cgi-bin/ directory. Someone on 
ML mentioned I should not do that, security wise, as calling http://www.my-domain/cgi-bin/rebol
will spawn a process, which will run endlessly or so ...
I just wanted to ask - wasn't there some change in the past, to prevent 
such case? Would it be sufficient to rename rebol.exe to something 
like EDB433BDD7C13851C7C68CB31A5ACF33A80CD2CC? :-)
Or what about building special rebol version using SDK, running by 
default in cgi mode, quitting imediatelly, if there is not get or 
post string?
Chris
17-Sep-2007
[707]
My understanding is the latter would be slower.  Also, QM (as an 
example) doesn't generally require a get query or post data (primarily 
uses path info).
Gabriele
18-Sep-2007
[708]
petr, it is much better to just put rebol in another dir. there is 
no reason to have it in /cgi-bin/
Pekr
18-Sep-2007
[709x3]
aha, but can it be dir of my own site?
I mean - let's say I don't have telnet available - just ftp to upload 
my site ...
but even then, putting it in another dir, in order to be able to 
run rebol, I have to set it as runnable too, no? So what is the difference 
in having it in cgi-bin or other directory, if permissions have to 
be equal?
Rebolek
18-Sep-2007
[712]
Pekr, well they don't have to. Script's permissons are different 
from some random visitor's permissions. Script is local and not remote.
Gabriele
18-Sep-2007
[713]
the scripts have to be in cgi-bin, the interpreter can (and should) 
be somewhere else, where it is not accessible.
Pekr
18-Sep-2007
[714]
Gabriele - where it is not accessible? That means I need other then 
FTP access. That ruins easy REBOL deployment ...
Gabriele
18-Sep-2007
[715]
why? ftp access only gives access to cgi-bin? usually, you have your 
own home dir, with www and cgi-bin dirs inside.
Pekr
18-Sep-2007
[716x2]
I'll check, but with hosting I have I seem to have root set to my 
web root.
So, in terms of my website, if I put rebol executable e.g. into /rebol/rebol.exe, 
is it any different security-wise to /cgi-bin/rebol.exe?
Gabriele
18-Sep-2007
[718x3]
making rebol accessible is a security risk. i don't know of anything 
bad that you can make it do, but i'm sure it would not be too hard 
to make any interpreter do something bad if you allow it to be launched 
by anyone :)
yes, /rebol/rebol.exe will not be executed by the web server, unless 
it is specifically configured to do so.
if it's in cgi-bin, maybe i could do something like http://yoursite/cgi-bin/rebol?-s--do delete... 
etc.
Pekr
18-Sep-2007
[721]
hmm, then ice thing is, that when I run http://www.my-domain.com/cgi-bin/rebol
--do "print 123", Apache returns error, stating I have no permission 
to do that. If I run cgi-bin/rebol, my browser does not seem to return, 
so I expect interpreter to run infinitely?
Gabriele
18-Sep-2007
[722]
(it shouldn't be that easy, but you get the idea)
Pekr
18-Sep-2007
[723]
hmm, woult there be an option to prepare special version of interpreter, 
using SDK, not allowing to accept any parameters, run only in CGI 
mode?
Gabriele
18-Sep-2007
[724]
maybe, but is it really worth it? i don't think anyone would put 
perl in cgi-bin for eg. so why rebol?
Pekr
18-Sep-2007
[725x2]
because ppl endlessly complain, there are no rebol web-hosts. So 
I thought I might have universal solutoin. Just find yourself web-host, 
which allows cgi scripts, and you are done ...
I don't need it on my server, was trying to help other guys to not 
feel pressed from ISPs
Gabriele
18-Sep-2007
[727]
afaik, any host that allows any cgi-bin will also allow you to upload 
rebol somewhere not in cgi-bin and then use it.
amacleod
18-Sep-2007
[728x2]
Any ISP that gives you FTP access to your account and CGI does provide
access for rebol
Pekr
18-Sep-2007
[730]
ah, so I really don't understand guys' point on ML, complaining that 
web-hosts are REBOL unfriendly. I tried with two, and those had no 
problem uploading rebol for me ...
amacleod
18-Sep-2007
[731]
What I have found to be a problem is accessing MySQL accounts from 
client based rebol scripts. They seem to only allow server based 
access.
Pekr
18-Sep-2007
[732x2]
amacleod. And how?
With one host, I e.g. have: /home, /www, /tmp, /logs ... should I 
put into /home?
Gabriele
18-Sep-2007
[734x2]
indeed, i think they are just lazy, and want rebol to work out of 
the box. they just have to upload it. it will work with 99% of the 
hosts right away. and the host should be able to easily solve that 
1% case, unless they are morons and only allow php etc. by policy.
yes, /home, maybe /home/bin or something like that. (/home/rebol/... 
would be ok too)
Pekr
18-Sep-2007
[736x2]
But other hosting my friend has, is just and only his www root ....
Gabriele - exactly my opinion ....
Gabriele
18-Sep-2007
[738]
mysql: some hosts only allow socket access and not tcp access to 
mysql (because that's the default config for some distros.) but, 
that's something that they can enable without problems.
amacleod
18-Sep-2007
[739]
I have a rebol view app that I use to acces a MySQL database. I had 
it working  and then ,y ISP decided to add security and no longer 
allow MySQL access unless its a script on the server. Ofcourse they 
did not inform me and it took some time to track down the problem..
Pekr
18-Sep-2007
[740]
That is why I was trying to suggest to rename rebol to some AAAAAAABBBBBBBCCCC 
name, unpredictable, so it will get hardly noticed, even if someone 
would try ... (unless you do some bug and your shabang line gets 
reported back to browser :-)