类似调度的 CGI 方法
意见: 我想禁止直接调用某些脚本,这些脚本具有通过操作系统级别 (Linux) 的 Web 可从菜单访问的功能。
我希望调用一个authorize.pl脚本来检查会话有效性,检查用户权限等。然后它将重定向到目标脚本。
这会绕过权限吗? 我是否可以限制公共目标脚本的执行,但将目标脚本设置为 authorize.pl
所属组可访问? 这是否反映了当前的做法?
Opinions: I want to disallow direct invocation of certain scripts, that have functionality accessible from a menu, via Web at the OS level (Linux).
I was hoping to call a authorize.pl script that checks the session validity, checks user privileges etc. Then it will redirect to the target script.
Does this get around permissions? Could I restrict execute on the target scripts from public, but set target scripts accessible to group to which authorize.pl
belongs? Does this reflect any current practice?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您计划重定向到与authorize.pl 组所属的目标脚本无关的内容,则这些脚本必须可由网络服务器用户执行。
为什么要在操作系统级别执行此操作? 使用普通旧的基于会话的授权(在每个脚本中完成检查)是标准做法。
不要调用authorize.pl并重定向到目标,而是创建一个名为Authorization.pm的模块并在每个脚本中使用它,首先调用验证函数。 如果不存在正确的凭据,此函数将重定向到登录页面(或采取其他适当的操作)。
类似的东西
If you plan to redirect to the target scripts the group authorize.pl belongs to is irrelevant, the scripts have to be executable by the webserver user.
Why do you want to do this at OS level? Using plain old session-based authorization where the check is done in each script is the standard practice.
Instead of calling authorize.pl and redirecting to target, create a module called Authorization.pm and use it in each script, calling a validation function first thing. This function would redirect to a login page (or take another appropriate action) if the proper credentials are not present.
Something along the lines of
我们在想(1)我们可以预编译授权脚本以提高速度,(2)我们可以批量阻止具有数据库功能的脚本请求以提高安全性。 但我明白你的意思,必须将权限设置为“用户执行”才能使脚本与客户端通信:当通过授权客户端浏览器请求目标脚本将位置重定向打印给用户时。
We were thinking (1) we could precompile the authorize script for speed, (2) we could wholesale block requests of scripts with database function to increase security. But I see what your saying, permissions have to be set to User Execute for the script to communicate with the client: when the location redirect is printed to the user by authorize the client browser requests the target script.