Introduction to PERL Part 4 (1) Working with Files (2)CGI Security.

Slides:



Advertisements
Similar presentations
Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizards Guide to PHP by David Lash.
Advertisements

Copyright © 2003 Pearson Education, Inc. Slide 6b-1 The Web Wizards Guide to PHP by David Lash.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.
LIS651 lecture 3 taming PHP Thomas Krichel
LIS651 lecture 3 functions & sessions Thomas Krichel
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Java Script Session1 INTRODUCTION.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CGI Programming.
Copyright © 2003 Pearson Education, Inc. Slide 6b-1 The Web Wizard’s Guide to PHP by David Lash.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.
CGI programming in Perl Learning Objectives: 1. To understand how a CGI program works in Perl and how to make it runnable in web browsers 2. To learn how.
Cookies & file i/o in perl. Survey (html form in notes)
Reading and Writing Data Files Why do you need reading and writing data files in your CGI programming? Web server does not have permission to create file.
Chapter 10 Maintaining State Information Using Cookies.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
Introduction to Programming the WWW I CMSC Summer 2004 Lecture 12.
Cookies and Security Saving the “state”
JavaScript, Fourth Edition
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
Introduction to Programming the WWW I CMSC Summer 2004 Lecture 6.
USING PERL FOR CGI PROGRAMMING
Introduction to Programming the WWW I CMSC Summer 2004 Lecture 11.
CGI Security COEN 351. CGI Security Security holes are exploited by user input. We need to check user input against Buffer overflows etc. that cause a.
Building PERL Scripts on a Windows system* *and running those scripts on an Apache server!
Chapter 8 Cookies And Security JavaScript, Third Edition.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
PHP1-1 PHP Lecture 2 Xingquan (Hill) Zhu
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
9 1 DBM Databases CGI/Perl Programming By Diane Zak.
CGI Programming. What is "CGI"? Common Gateway Interface A means of running an executable program via the Web. CGI is not a Perl-specific concept. Almost.
1 Basic Perl CGI Programming. 2 Issues How and when your program is invoked. Generating Response –HTTP Headers –HTML (or whatever document type you want)
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
Slide 7-1 CHAPTER 7 Managing Multiple-Form Applications: Writing scripts with multiple screens.
PHP2. PHP Form Handling The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input. Name: Age:
11 1 Cookies CGI/Perl Programming By Diane Zak Objectives In this chapter, you will: Learn the difference between temporary and persistent cookies.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
CSU - DEO Introduction to CGI - Fort Collins, CO Copyright © XTR Systems, LLC Introduction to the Common Gateway Interface (CGI) Instructor: Joseph DiVerdi,
Storing and Retrieving Data
5 1 Data Files CGI/Perl Programming By Diane Zak.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.
Intermediate CGI & CGI.pm Webmaster II - Fort Collins, CO Copyright © XTR Systems, LLC CGI Programming & The CGI.pm Perl Module Instructor: Joseph DiVerdi,
ECMM6018 Enterprise Networking for Electronic Commerce Tutorial 7
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 - Introduction to Common Gateway Interface (CGI) Outline 7.1Introduction 7.2A Simple HTTP Transaction.
CGI in Context CGI is Common Gateway Interface, supporting a greater degree of interaction between the user and a Web page, most commonly by means of a.
PHP and Sessions. Session – a general definition The GENERAL definition of a session in the “COMPUTER WORLD” is: The interactions (requests and responses)
8 th Semester, Batch 2008 Department of Computer Science SSUET.
 A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests.
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Web Page Designing With Dreamweaver MX\Session 1\1 of 9 Session 3 PHP Advanced.
Unit-6 Handling Sessions and Cookies. Concept of Session Session values are store in server side not in user’s machine. A session is available as long.
Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizard’s Guide to PHP by David Lash.
COOKIES Gloria Soria Network Security COSC 356. What is a Cookie? A cookie is a piece of text that a Web Server can store on a user's hard disk. Cookies.
FILES AND EXCEPTIONS Topics Introduction to File Input and Output Using Loops to Process Files Processing Records Exceptions.
Lesson 11. CGI CGI is the interface between a Web page or browser and a Web server that is running a certain program/script. The CGI (Common Gateway Interface)
University of Kansas Department of Electrical Engineering and Computer Science Dr. Susan Gauch April 21, 2005 I T T C Introduction to Web Technologies.
Chapter 7 - Introduction to Common Gateway Interface (CGI)
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
ITM 352 Cookies.
Introduction to Programming the WWW I
Internet Programming Work with Files in PHP
Presentation transcript:

Introduction to PERL Part 4 (1) Working with Files (2)CGI Security

Working with Files So far programs cannot store data values in- between times when they are started. –Working with files enable programs to store data, which can then be used at some future time. Will describe ways to work with files in CGI/Perl programs, including –opening files, – closing files, – and reading from and writing to files

Using the open() Function Use to connect a program to a physical file on a Web server. It has the following format: –file handle - Starts with a letter or number—not with “ $ ”, ”, or “ % ”. (Specify in all capital letters. (By Perl convention.) –filename - name of file to connect to. If resides in the same file system directory then just specify the filename (and not the entire full file path).

More On open() function open() returns 1 (true) when it successfully opens and returns 0 (false) when this attempt fails. A common way to use open() $infile = “mydata.txt”; open (INFILE, $infile ) || die “Cannot open $infile : $!”; Execute die only when open fails Output system message Connect to mydata.txt.

Using the File Handle to Read Files Use the file handle to refer to the file once opened Combine with the file handle with the file input operator (“ <> ”) to read a file into your program. For example, the following opens a file and then outputs the first and third lines of the file. –Program uses indata.txt containing: Apples are red Bananas are yellow Carrots are orange Dates are brown

Example Program $infile="mydata.txt"; open (INFILE, $infile ) || die "Cannot open $infile: = ; print $infile[0]; print $infile[2]; close (INFILE); Then the output of this program would be Apples are red Carrots are orange

Reading One Line At a Time: Reading a very large file into the list consumes a lot of computer memory. –Better is to read one line at a time. For example the following would print each line of the input file. $infile=”mydata.txt”; open (INFILE, $infile ) || die “Cannot open $infile: $!”; while ( ) { $inline=$_; print $inline; } close (INFILE); Automatically set to the next input line.

Example Program 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. use CGI::Carp "fatalsToBrowser"; 4. print header, start_html('Inventory List'); 5. $infile="infile.txt"; 6. open (INFILE, $infile ) || die "Cannot open $infile: $!"; 7. while ( ) { 8. $inline=$_; 9. ($ptno, $ptname, $num, $price ) = split ( /:/, $inline ); 10. print "We have $num $ptname ($ptno). "; 11. print "The cost is $price dollars.", br; 12. } 13. close (INFILE); 14. print end_html

Output...

write-only-append: allows you to write and append data to the end of a file. – If the file exists, it will write to the end of the existing file. Otherwise will create it. –To specify this mode, use >> before the filename in the open() function. open(OFILE, “>>myfile.txt”) || die “Cannot open: $!”; Example way to write to print OFILE “My program was here”; Writing to Files

Reading and Writing Files 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. use CGI::Carp "fatalsToBrowser"; 4. print header, start_html('My Page'); 5. print ' ', "WELCOME TO MY SITE "; 6. $ct = &counter(); 7. print br, ' ', "You Are Visitor $ct "; 8. print end_html; 9. sub counter { 10. $ctfile="/home/perlpgm/logfiles/counter.txt"; 11. open (CTFILE, "<". $ctfile ) || die "Cannot open $infile: $!"; = ; 13. $count=$inline[0] + 1; 14. close (CTFILE); 15. open (CTFILE, ">$ctfile" ) || die "Cannot open $infile: $!"; 16. flock (CTFILE, 2); 17. print CTFILE "$count"; 18. close (CTFILE); 19. return $count; 20. }

Output...

Example Guest Book 1.#!/usr/bin/perl 2. use CGI ':standard'; 3. use CGI::Carp "fatalsToBrowser"; 4. print header, start_html('Logger'); 5. $comments = param('ucomments'); 6. $logfile=">>/inetpub/wwwroot/logfiles/mydata.txt"; 7. open (OUTFILE, $logfile ) || die "Cannot open $infile: $!"; 8. $remrefer=$ENV{'HTTP_REFERER'}; 9. ( $sec, $min, $hr, $Day, $mon, $year ) = localtime(time); 10. $year=$year+1900; 11. $mon = $mon + 1; 12. print OUTFILE "$mon/$Day/$year:$hr:$min:$remrefer:$comments\n"; 13. print 'Just Logged:', br,"$mon/$Day/$year:$remrefer:$comments"; 14. close (INFILE); 15. print end_html;

Cookies Cookies provide a way for Web server applications to store small pieces of data on the end user’s machine. Cookies can be easily refused by the end user and therefore cannot be relied upon to always be available to the CGI/Perl program. Data set by cookies can be available for long periods of time, even when the end user leaves the site and comes back months later.

Setting a Cookie Can request that a browser cookie be saved in memory (deleted when user exits browser)or onto disk (retained until an expiration date). Syntax of an in memory cookie : Must output before the MIME Content-type line.

Setting Cookie Expiration Date When need to retain a cookie between browser sessions, need to set expiration date Again this line must be output before the MIME Content-type line

A Sample Program That Sets A Cookie 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. $name=param('name'); 4. $prefers=param('prefers'); 5. print "Set-Cookie: cust_name=$name; expires=04-Jul :00:0 GMT\n"; 6. print "Set-Cookie: cust_prefer=$prefers; expires=04-Jul :00:0 GMT\n"; print header, start_html('set cookie'); 9. print br, "Thanks $name Lets now look at $prefers... "; print end_html;

Output...

Example Cookie Reading Program 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. print header, start_html("Welcome "); 4. $cust_name=cookie( 'cust_name'); 5. $prefers=cookie('cust_prefer'); 6. print ' '; 7. if ($cust_name) { 8. print "Welcome back $cust_name to our humble hardware site."; 9. } else { 10. print ' '; 11. print 'Welcome to our humble hardware site. '; 12. } 13. if ( $prefers eq "hand tools" ) { 14. print br,'We have hammers on sale for 5 dollars!'; 15. } elsif ( $prefers eq "power tools" ){ 16. print br, 'We have power drills on sale for 25 dollars!'; 17. } else { 18. print br, ' '; 19. print ' We have drills and hammers on special today! '; 20. } 21. print " ", end_html;

Output...

Hidden Fields Hidden fields are HTML form fields that you can use to set name/value CGI variables without displaying them on a form. Hidden fields provide a method to manage user sessions by maintaining the state of each session. –Hidden fields are not a secure method to keep data. You can create sophisticated multiple-screen applications, such as shopping carts and surveys, by using hidden fields.

CGI Security What about web server security? –Letting anyone run programs on your server can be risky –Be sure to set up your web server properly What about CGI script security? –Disallow risky operations like pointer arithmetic, array access without bounds checking, etc. –Perl is designed to prevent such problems –But must be aware of outside execution (``) Check perldoc perlsec for security information

A Bad Example 1.#!/usr/athena/bin/perl 2.# A REALLY BAD IDEA! 3.print "who is here? "; $user = <>; 4.$output = `You are $user`; 5.print "$output\n"; It could become: Who is here? rjbarbal Who is here? ; rm -rf /

CGI Taint Mode 1.#!/usr/athena/bin/perl -T 2.use strict; #important 3.use warnings; #important 4.# Prompt and get user input 5.print “Who are you? "; 6.my $user = <>; 7.# Untaint user input 8.if ($user =~ /^(\w*)$/) { 9.$user = $1; 10. } else { die "Illegal username"; 11.} # Make path safe 12.$ENV{'PATH'} = '/bin:/usr/bin:/usr/athena/bin/'; 13.# Command is now safe my 14.$output = `You are $user`; 15. print "$output\n";

More Tainted CGI 1.#!/usr/athena/bin/perl -T 2.use strict; 3.use warnings; 4.use CGI qw( :standard ); 5.# Make path safe $ENV{'PATH'} = '/bin:/usr/bin:/usr/athena/bin/'; 6.print header(), 7. start_html('A Simple Example'), 8. h1('A Simple Example'), 9. start_form(), “Who are you? ", 10. textfield('user'), 11. submit(), 12. end_form(), 13. hr(); 14.# Get user input 15.my $user = param('name'); 16.if ($user) { 17.# Untaint user input 18. if ($user =~ /^(\w*)$/) 19. { $user = $1; # Command is now safe 20. my $output = `finger $user`; 21. print pre("$output\n"), hr(); 22. } else { # User input is unsafe 23. print p("Invalid username. Please try again."); 24.} } 25. print end_html();

Web Sites The Source for Perlwww.perl.com Perl Mongers, the Perl advocacy peoplewww.perl.org learn.perl.org, For people learning Perllearn.perl.org jobs.perl.org, Employers seeking Perl programmersjobs.perl.org use.perl.org, Perl community news and discussionuse.perl.org Perl documentationwww.perldoc.com Comprehensive Perl Archive Networkwww.cpan.org The Perl Journal, a magazinewww.tpj.com

Documentation Commands: –man perl –perldoc On the web: – –

The End

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.