[5057] in WWW Security List Archive
RE: Somewhat off-topic question...
daemon@ATHENA.MIT.EDU (DeepSummer-HomeofWebSiteDesignsExt)
Sun Apr 13 14:56:41 1997
From: Deep Summer - Home of Web Site Designs Extraordinare
<frank@deepsummer.com>
To: "hdemel@rbcds.com" <hdemel@rbcds.com>,
"'Kevin M Lynn'"
<klynn@surfsoft.com>
Cc: "www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>
Date: Sun, 13 Apr 1997 09:38:41 -0600
Errors-To: owner-www-security@ns2.rutgers.edu
How about HTML based solutions: why not just slap a
form on your page, using method POST, with the action
pointing to their CGI?
I've done this several times just to get pages to pass
web validators to satisify clients who want things
just perfect (which is something I'm sort of demanding
of myself).
http://foobar.com/cgi-bin/pager?client=joblo?num=18001112222
(using GET)
translates nicely to:
<form method="POST" action="http://foobar.com/cgi-bin/pager">
<input type="HIDDEN" name="client" value="joblo">
<input type="HIDDEN" name="num" value="18001112222">
<input type="SUBMIT" value="PAGE JOBLO">
</form>
(using POST)
with the added bonus that most HTTP clients prompt on method
POST, whereas many don't (by default anyway) on method GET.
This is a plus because the user feels more certain they've
actually done something (helps prevent multiple presses of
a meth=GET button/anchor.
-frank
----------
From: Kevin M Lynn[SMTP:klynn@surfsoft.com]
Sent: Friday, April 11, 1997 5:44 AM
To: hdemel@rbcds.com
Cc: www-security@ns2.rutgers.edu
Subject: Re: Somewhat off-topic question...
I did this once by setting up a perl cgi to save the stuff to files.. and
then a cron job to process the files that were stored in a directory..
On Thu, 10 Apr 1997 hdemel@rbcds.com wrote:
> TO: www-security@ns2.rutgers.edu
>
>
> All -
>
> This is sort of a reverse-security issue of which I hope some of you could
> give me a solution. I'm looking to change a phone-line-based solution to a
> non-encrypted-Internet solution. I suppose it's not really a security
> issue, but I'm using the 'reverse-security' thing as an excuse to tap some
> knowledgable brains for an answer.
>
> Currently, we use a home-grown web-based front end pager-sending program
> which dials up our pager provider via an 800 number and sends pages. The
> paging provider also offers web-based paging via a form page, but they use
> POST as the method to submit to their form, and they don't support GET. If
> they supported GET, I would just put the pager ID and message on the URL and
> connect to their site autonomously. I don't know how to do this using POST.
>
> My guess is I'd have to set variables like REQUEST_METHOD and
> CONTENT_LENGTH, and somehow open a socket and send STDIN to them, or
> something. There's where I get confused; I don't know how to do it
> (variable setting and passing and piping STDIN to them).
>
> Any ideas (Perl-based?) would be extremely appreciated.
>
> Thx,
>
> Harris Demel
>