[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC] Changing the mechanism of the safe CGI script
From: |
Shigio YAMAGUCHI |
Subject: |
[RFC] Changing the mechanism of the safe CGI script |
Date: |
Mon, 21 Jun 2010 17:14:42 +0900 |
Hello all,
When the -S option is specified, current htags use path name
as a internal key. But but it is not preferable. I will change
the mechanism to use a unique key specified by user to conceal
real path name.
1. New htags requires a unique key as the parameter of the -S option.
(incompatible change)
2. Htags makes a file whose name is the key in shared area, and
put the path of the HTML directory in it.
3. To make the file name unique, a key that already exists
is not allowed without --over-write option.
[in /var/src]
$ htags ... -S key1
====
|
+----------------+-----+
v |
[/usr/local/share/gtags/sitekeys/key1] |
+-------------------------------- |
|/var/src/HTML | ... (2)
|
[/var/src/HTML/index.html] |
+-------------------------------- |
|... v
|<input type='hidden' name='id' value='key1'> ... (1)
====
The center CGI script can know the path of HTML directory by the following
method.
(1) get a unique key from the variable 'id'
=> 'key1'
(2) read directory name from '/usr/local/share/gtags/sitekeys/' + 'key1'
=> '/var/src/HTML'
This mechanism conceals the real path name.
Though a unique key can be calculated automatically, I don't think
it is preferable because many keys are generated without bounds.
What do you think?
--
Shigio YAMAGUCHI <address@hidden>
PGP fingerprint: D1CB 0B89 B346 4AB6 5663 C4B6 3CA5 BBB3 57BE DDA3
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [RFC] Changing the mechanism of the safe CGI script,
Shigio YAMAGUCHI <=