On Wed, 04 Dec 2002 13:53:55 -0700, "Jason R. Mastaler"
<[EMAIL PROTECTED]> wrote:
> > if not os.environ.has_key("SCRIPT_NAME"): raise
> What is the ``SCRIPT_NAME'' environment variable,
SCRIPT_NAME holds the root path portion of a URL. If you surf
"http://my.domain.com/cgi-bin/tmda.cgi?somevar=1"; then SCRIPT_NAME
will be "/cgi-bin/tmda.cgi".
> and what is it set
> by?
Apache.
> Is this something specific to tmda-cgi, or is it used other places
> as well? This seems like a hack to me.
There's a wide variety of variables your webserver sets in the
environment when it calls a CGI. Testing to see if one of them exists
seemed like a simple enough route to go to determine if we are running
as a CGI.
If you feel that SCRIPT_NAME is too generic and might be overloaded
namespace, then how about GATEWAY_INTERFACE, HTTP_HOST, or
DOCUMENT_ROOT? I'm really easy-going here. I just want to make sure
that we don't always fault when the crypt_file can't be read.
> How about being more explicit, and only inhibit an IOError if users
> have told TMDA they are using "no-su" mode?
>
> Something like CGI_MODE = "no-su" ?
That's a possibility, but it adds more risk. The CGI has to know if
it is in no-su mode long before we get a chance to read the Defaults
file, so that information is also set in another location. I am
always hesitant to put the same piece of data in two different
locations. What do you do if they don't agree?
How about I have the CGI set an environment variable such as
TMDA_CGI_MODE = "no-su"? We could check that pretty safely and it
wouldn't have to rely on a second variable like Defaults.CGI_MODE to
match up. The added bonus is that the user would still get their
fault for a unreadible crypt_key file if they weren't using the CGI.
Gre7g.
_________________________________________________
tmda-workers mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-workers
