André Warnier wrote:
Karel Kubat wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On Feb 12, 2009, at 8:59 AM, Jürgen Mathwich wrote:
I 've got a problem regarding apache's environ handling. I know about
the usage of SetEnv and
PassEnv. To use them I have to know the key/name of every single
environ variable.
When doing a
# cat /proc/<APACHE-PID>/environ
it shows me more variables than the cgi knows about. Now I have a
project where I need to pass all
the vars without knowing their keys to the cgi (just ALL of them),
but I don't have any idea how to
solve this in a easy way.
Maybe some of you had a similar problem in the past and know how to
solve it.
This will depend on the platform of your CGI programs. E.g., in Perl
there is the hash %ENV. In C there is the third argument to main(),
**envp. In shell script you can use your above way, but more portable
is running /usr/bin/env.
Hi.
I don't think that works.
It is Apache who decides which of the environment values *of Apache*.
gets passed to the cgi-bin environment. The cgi-bin script then only
sees *these* environment values.
So whatever you do in the cgi-bin script (no matter which language it is
written in), is never going to show you more than what Apache passes on.
To take the problem from the other end : by default, Apache only passes
some environment values to cgi-bin scripts. Those are the ones defined
by the cgi-bin specs (such as DOCUMENT_ROOT etc..). The reasons for
that are linked to security and to the cost of setting up that environment.
To force Apache to pass more values, exist the (static) configuration
directives PassEnv and SetEnv. But as the OP says, this means you have
to know in advance which environment values you want to pass.
I don't think that there is a way to do otherwise, and maybe rightly so.
Now the real question is, what kind of project would require ALL Apache
environment values to be made available to the cgi-bin script ?
I mean, if you don't even know the name of an environment variable of
Apache, then why would you need the cgi-bin to get its value ?
In other words, what are you going to do with it, if you don't even know
what it's for ?
Re-reading the above, I want to add something, because it seems to me
that it is still not clear enough :
Suppose that you would find a way to do that (pass ALL Apache
environment values to ALL cgi-bin scripts). In my opinion, you are then
creating a BIG security problem. Exmple : one of these environment
values (which you did not notice until now), may contain an
administrative password to some confidential database. That value would
then suddenly become available to all cgi-bin scripts that run under Apache.
Another aspect is name conflicts : if you are doing this to allow a
number of applications that you do not really know, to find values they
need, then how can you guarantee that two different applications are not
using the same environment value name, for different things ?
In other words, you may have thought of this as a cheap substitute for a
lot of painful work, but I really don't think it is a good idea.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
