ezpass hints

3-3-02, 03:41 PM

I just spent several hours being initiated into CGI while trying to protect directories using EZpass. While the instructions given for using EZpass were somewhat clear, I'd like to add what I learned from my mistakes for any other true beginners.

You will need some form of FTP client (WS_FTP) that will allow you to change permissions. Just using Dreamweaver's FTP utility won't work.

If you're having trouble getting the script to run (error 500 or permission denied) check to see that the permissions not only on the ezpass.cgi file but also the directory the file is in (probalby cgi-bin) are set to allow you to access and execute the script (755).

You'll probably need to change the path in the first line of the ezpass.cgi file to "#!/usr/bin/perl". (Not sure if you really need to remove the "-T" at the end of the line.)

CHMOD 755 is the equivalent of rwx r-x r-x. If your FTP utility doesn't display numbers (such as 755), use the following numbers to add up to 755. (Permissions: Owner:Read (4) Write (2) Execute (1); Group:Read (4) Execute (1); Other: Read (4) Execute (1))

The "secret" directory referred to in the instructions is its own directory, not the directory you want to protect.

When you're running the script to generate the .htaccess and .htpasswd files, the path for your "secret" directory should not include the root directory (htdocs). If you include the root directory in the form, the path that is generated in the .htaccess file will look something like "htdocs/htdocs/secret/.htpasswd" and your password won't work. If this happens either rerun the script without "htdocs" in the path or edit the path in the .htaccess file to remove one of the "htdocs".

Now that I've figured out what mistakes I made in trying to set up the protected directory, I figure the next time won't take quite so long.

I hope this will save somebody some time.

3-3-02, 06:17 PM

You'll absolutely want to KEEP the -T on the end of the shebang line.

What the does is puts the perl interpreter into taint checking mode for that script.

Taint checking makes sure that the script will validate any information that comes from an outside source before using it. This helps make the script very secure.

Best of Luck,

-Scott

3-3-02, 06:53 PM

Good point Scott,

If anyone finds they need to remove the -t in order for a script to run, then something has changed within the script since you downloaded it.

Scripts that come with taint mode turned on should only be ran in taint mode. It is not necessary to use taint mode to have a secure script, taint basically validates some security aspects of the script. If the script came with taint turned on, then the script likely has some security issues that taint is protecting.

I would never run a taint enabled script with -t removed unless I verified that the script was secure when ran without taint.

Thanks for the tips sherming, I'm sure they will come in handy

~bud

3-3-02, 03:41 PM	#1
sherming Posts: n/a	ezpass hints I just spent several hours being initiated into CGI while trying to protect directories using EZpass. While the instructions given for using EZpass were somewhat clear, I'd like to add what I learned from my mistakes for any other true beginners. You will need some form of FTP client (WS_FTP) that will allow you to change permissions. Just using Dreamweaver's FTP utility won't work. If you're having trouble getting the script to run (error 500 or permission denied) check to see that the permissions not only on the ezpass.cgi file but also the directory the file is in (probalby cgi-bin) are set to allow you to access and execute the script (755). You'll probably need to change the path in the first line of the ezpass.cgi file to "#!/usr/bin/perl". (Not sure if you really need to remove the "-T" at the end of the line.) CHMOD 755 is the equivalent of rwx r-x r-x. If your FTP utility doesn't display numbers (such as 755), use the following numbers to add up to 755. (Permissions: Owner:Read (4) Write (2) Execute (1); Group:Read (4) Execute (1); Other: Read (4) Execute (1)) The "secret" directory referred to in the instructions is its own directory, not the directory you want to protect. When you're running the script to generate the .htaccess and .htpasswd files, the path for your "secret" directory should not include the root directory (htdocs). If you include the root directory in the form, the path that is generated in the .htaccess file will look something like "htdocs/htdocs/secret/.htpasswd" and your password won't work. If this happens either rerun the script without "htdocs" in the path or edit the path in the .htaccess file to remove one of the "htdocs". Now that I've figured out what mistakes I made in trying to set up the protected directory, I figure the next time won't take quite so long. I hope this will save somebody some time.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

3-3-02, 06:17 PM	#2
sdbarker Posts: n/a	You'll absolutely want to KEEP the -T on the end of the shebang line. What the does is puts the perl interpreter into taint checking mode for that script. Taint checking makes sure that the script will validate any information that comes from an outside source before using it. This helps make the script very secure. Best of Luck, -Scott

3-3-02, 06:53 PM	#3
Bud Posts: n/a	Good point Scott, If anyone finds they need to remove the -t in order for a script to run, then something has changed within the script since you downloaded it. Scripts that come with taint mode turned on should only be ran in taint mode. It is not necessary to use taint mode to have a secure script, taint basically validates some security aspects of the script. If the script came with taint turned on, then the script likely has some security issues that taint is protecting. I would never run a taint enabled script with -t removed unless I verified that the script was secure when ran without taint. Thanks for the tips sherming, I'm sure they will come in handy ~bud