(sorta)OT: Apache / CGI / fP / printing

Fairlight fairlite at fairlite.com
Fri Jun 11 16:46:40 PDT 2004 

Simon--er, no...it was Walter Vaughan--said:
> 
> Great googly moogly. I've never had much luck with dclerk. Howie wrote 
> fpweb IIRC with dclerk, but I've only had dependable luck running 
> reports to import and export data from filePro.

I was told by two people that using *report is faster than using *clerk by
about 30%.  I've never had the occasion to test this claim, however.

I've seen both used.  I personally use *report, mostly because I can use -sr
with it and avoid some issues.

> Apache does not supply a TERM variable. filePro [dr]report will not run 
> without the TERM variable being set.

That's not it, Walter.  Doug may or may not be gone for the weekend, and I
wouldn't usually repost without authorisation, but if he wants an answer, I
would assume that presenting the fuller diagnostics is acceptable since no
secure information is presented.  Doug wrote me:

  "I shouldn't have just said failed .. It fails to print .. But everything
  else works.  I have it generating a small return HTML on return from the
  system "dreport ...", dreport runs, generated the output (I've redirected
  it to a file to test it), but The spooler doesn't print.  I've check the
  requests log in the spooler, and it doesn't Appear there, so I am guessing
  the problem is with the spooler somewhere (Environment and/or path
  issues)."

That it runs points to TERM being covered already.

My guess is that something about the path isn't clear.  Maybe fP knows the
print spooling command by only 'lp' and lp isn't in apache's path.  Who
knows.

> But I would recommend that you post your final script here for  people 
> very experienced in catching security holes to glance at. I don't think 
> that I've given you anything that is wide open, but  I'd feel better if 
> Mark gave it a 5 second look-see.

*chuckle*  I can infer that I'm either that much of a harping PITA, or I can
take that as a compliment--I think I'll choose the later.  Thanks, Walter.  :)
Bill Campbell has been doing CGI for about the same amount of time as
I have, and would also be a great candidate for peer review.  Actually, it's
not just doing CGI, it's that we're also both admins.  There are a lot of
people doing CGI that don't realise their code is dangerous because they
don't deal with the system at the OS level, and therefore don't have a
grasp of -why- some things are dangerous.

I can say up-front that if I see chmod 0777 | 0666 anywhere, it gets an
immediate fail.  Fix anything like that before posting it.  :)

mark->
-- 
Bring the web-enabling power of OneGate to -your- filePro applications today!

Try the live filePro-based, OneGate-enabled demo at the following URL:
               http://www2.onnik.com/~fairlite/flfssindex.html

More information about the Filepro-list mailing list