www-sql cgi prog overrides .htaccess restrictions.

Mr LEROY christophe (leroy@MEG.FR)
Mon, 09 Feb 1998 10:59:09 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stunt Pope: "Re: www-sql cgi prog overrides .htaccess restrictions."
Previous message: Aleph One: "Re: Another ld-linux.so problem"
Next in thread: Stunt Pope: "Re: www-sql cgi prog overrides .htaccess restrictions."

www-sql is a cgi program to access a mysql database via a http server
and create easyly some pages from a query result.

That program acts as a filter, using PATH_TRANSLATED feature to
access html files on your server tree, and it translates <! sql ...> tags
into html viewable text, letting other parts of the html file unchanged.

The problem is that www-sql performs nothing to verify if a user can
access the intended PATH_TRANSLATED file.

So, suppose your htdocs tree is /home/htdocs/
you have a subdirectory /home/htdocs/protected/ in which you have
you have restricted access using .htaccess file.
In your browser, enter URL http://your.server/protected/something.html:
you get prompted a username and a password.
Now, enter URL http://your.server/cgi-bin/www-sql/protected/something.html:
you get the requested file

www-sql is available into Incoming sunsite directory

Christophe Leroy

Next message: Stunt Pope: "Re: www-sql cgi prog overrides .htaccess restrictions."
Previous message: Aleph One: "Re: Another ld-linux.so problem"
Next in thread: Stunt Pope: "Re: www-sql cgi prog overrides .htaccess restrictions."