LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 09-20-2002, 05:02 PM   #1
LiveMatter
LQ Newbie
 
Registered: Jul 2002
Posts: 5

Rep: Reputation: 0
Protect a CGI Script?


Hello,

I upload files to a server that other people have access to (they can get into the cig-bin) and I would like to protect my cgi sourcecode from them even though they can read it. Is there a way to encrypt and/or secure the data so no other people accessing the cgi-bin can use/alter/understand the code and use it (without some decent work etc.)?

Thanks,

LiveMatter
 
Old 09-20-2002, 05:13 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well is this script live on the net? if it's going to be read online, then you can only remove write attribs with chmod to group and other. of course if it's not for use, then remove the other rights too.
 
Old 09-20-2002, 05:19 PM   #3
LiveMatter
LQ Newbie
 
Registered: Jul 2002
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks, the scripts are live and the people who could read them have admin privilages so chmod wouldn't help. Is there some algorithm I could run the code through that might take a while to understand or something like that?
 
Old 09-20-2002, 05:30 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well sounds to me like you want a better system... you can encrypt things, but if they're live then you'd need to unencypt them all the time anyway.. and then you could always at least SEE the code then.
 
Old 09-20-2002, 06:11 PM   #5
LiveMatter
LQ Newbie
 
Registered: Jul 2002
Posts: 5

Original Poster
Rep: Reputation: 0
What if the moment the cgi-script is run from a web page it decrypts the text inside of it into code to run? That way I don't have to decrypt live scripts each time they are run. I guess it would have visible cgi commands, but some would be encrypted and it would take a while to understand how the entire script works because you would have read over the script to understand the code.
 
Old 09-20-2002, 06:52 PM   #6
buster
LQ Newbie
 
Registered: Sep 2002
Posts: 9

Rep: Reputation: 0
pre compile PERL

HI!

It's posible to precompile Perl scrips. I have this never done bevor, so don't ask me how. I only heard about it....
 
Old 09-20-2002, 07:02 PM   #7
LiveMatter
LQ Newbie
 
Registered: Jul 2002
Posts: 5

Original Poster
Rep: Reputation: 0
cool

neat, i'll check it out

thanks
 
Old 09-21-2002, 06:33 PM   #8
AltF4
Member
 
Registered: Sep 2002
Location: .at
Distribution: SuSE, Knoppix
Posts: 532

Rep: Reputation: 31
try:

perlcc -o myproggy myproggy.pl
 
Old 09-22-2002, 11:01 PM   #9
buster
LQ Newbie
 
Registered: Sep 2002
Posts: 9

Rep: Reputation: 0
thats creates errors on my machine

I use: perlcc -B proggy.cgi -o a.out

-B creates bytecode
 
Old 09-23-2002, 10:34 AM   #10
TheLinuxDuck
Member
 
Registered: Sep 2002
Location: Tulsa, OK
Distribution: Slack, baby!
Posts: 349

Rep: Reputation: 33
The files you're uploading, I'm assuming that they are perl scripts?

I think that you're going to need some kind of directory that only you can access. Without the protection of the OS, you're going to have to do ALOT of work to protect files against people being able to read the source, especially if they can run the scripts.

Having others have access to the scripts, via a shell or some kind of browse method, pretty much negates the possibility of securing your scripts. One method is to do as others have suggested, and compile the source... now, I don't know any who has had success with this, but then again, I've never really talked to anyone about it.

Your best bet is just to not upload to a place that others can access.
 
Old 09-23-2002, 02:06 PM   #11
buster
LQ Newbie
 
Registered: Sep 2002
Posts: 9

Rep: Reputation: 0
I hat tested perlcc. It works fine!
An other fine side effect is that the scripts run faster than interpreted.

I think compling is the best security for you.
 
Old 09-23-2002, 02:35 PM   #12
TheLinuxDuck
Member
 
Registered: Sep 2002
Location: Tulsa, OK
Distribution: Slack, baby!
Posts: 349

Rep: Reputation: 33
Quote:
Originally posted by buster
I hat tested perlcc. It works fine!
An other fine side effect is that the scripts run faster than interpreted.

I think compling is the best security for you.
If he can get it to work, then I agree. (=

After I posted last, I decided to test out perlcc on some scripts for a site I maintain. I took the simplest one (which isn't all that simple), and compiled it. The resultant binary was 730k! YIKES! That's not very good optimisation... heheh.. and for what the binary was doing, I could rewrite in C and keep the binary under 50k, easy.

Also, it didn't work. not only that, but compiling wouldn't allow the taint switch, and also, the ByteLoader module returns a WHOLE bunch of errors.

Overall, my first experience was a major dud and gave me no incentive to try again. (=

Perhaps I merely overlooked something. (=

Oh well...
 
Old 09-23-2002, 09:21 PM   #13
buster
LQ Newbie
 
Registered: Sep 2002
Posts: 9

Rep: Reputation: 0
did you compile the code whit the same version which you run it?
The byteloader has changed since v5.6.1.

I tested only v5.6.1 with v5.6.0 i had also some strange problems.

What are the errors?

730k hm... maybe the scripts are executable without #!/usr/bin/perl?
 
Old 09-24-2002, 08:41 AM   #14
TheLinuxDuck
Member
 
Registered: Sep 2002
Location: Tulsa, OK
Distribution: Slack, baby!
Posts: 349

Rep: Reputation: 33
Yea, I comiled with the same version I run it with.. I'm using 5.6.0.

I'll try compiling it again without the shebang line, and see what happens. (=
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Directory listing - Calling shell script from a CGI script seran Programming 6 08-11-2005 11:08 PM
python cgi script and premature end of script headers Neruocomp Programming 1 07-28-2005 11:43 AM
cgi uaseradd script help newuser455 Programming 3 01-29-2005 06:29 PM
How to Password Protect a CGI script kdepa Linux - General 1 05-02-2004 01:57 PM
pipe in a cgi script lukas_z Linux - Software 0 08-10-2003 03:43 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 01:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration