Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to PERL Part 4 (1) Working with Files (2)CGI Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to PERL Part 4 (1) Working with Files (2)CGI Security."— Presentation transcript:

1 Introduction to PERL Part 4 (1) Working with Files (2)CGI Security

2 Working with Files So far programs cannot store data values in- between times when they are started. –Working with files enable programs to store data, which can then be used at some future time. Will describe ways to work with files in CGI/Perl programs, including –opening files, – closing files, – and reading from and writing to files

3 Using the open() Function Use to connect a program to a physical file on a Web server. It has the following format: –file handle - Starts with a letter or number—not with “ $ ”, “ @ ”, or “ % ”. (Specify in all capital letters. (By Perl convention.) –filename - name of file to connect to. If resides in the same file system directory then just specify the filename (and not the entire full file path).

4 More On open() function open() returns 1 (true) when it successfully opens and returns 0 (false) when this attempt fails. A common way to use open() $infile = “mydata.txt”; open (INFILE, $infile ) || die “Cannot open $infile : $!”; Execute die only when open fails Output system message Connect to mydata.txt.

5 Using the File Handle to Read Files Use the file handle to refer to the file once opened Combine with the file handle with the file input operator (“ <> ”) to read a file into your program. For example, the following opens a file and then outputs the first and third lines of the file. –Program uses indata.txt containing: Apples are red Bananas are yellow Carrots are orange Dates are brown

6 Example Program $infile="mydata.txt"; open (INFILE, $infile ) || die "Cannot open $infile: $!"; @infile = ; print $infile[0]; print $infile[2]; close (INFILE); Then the output of this program would be Apples are red Carrots are orange

7 Reading One Line At a Time: Reading a very large file into the list variable @infile consumes a lot of computer memory. –Better is to read one line at a time. For example the following would print each line of the input file. $infile=”mydata.txt”; open (INFILE, $infile ) || die “Cannot open $infile: $!”; while ( ) { $inline=$_; print $inline; } close (INFILE); Automatically set to the next input line.

8 Example Program 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. use CGI::Carp "fatalsToBrowser"; 4. print header, start_html('Inventory List'); 5. $infile="infile.txt"; 6. open (INFILE, $infile ) || die "Cannot open $infile: $!"; 7. while ( ) { 8. $inline=$_; 9. ($ptno, $ptname, $num, $price ) = split ( /:/, $inline ); 10. print "We have $num $ptname ($ptno). "; 11. print "The cost is $price dollars.", br; 12. } 13. close (INFILE); 14. print end_html

9 Output...

10 write-only-append: allows you to write and append data to the end of a file. – If the file exists, it will write to the end of the existing file. Otherwise will create it. –To specify this mode, use >> before the filename in the open() function. open(OFILE, “>>myfile.txt”) || die “Cannot open: $!”; Example way to write to print OFILE “My program was here”; Writing to Files

11 Reading and Writing Files 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. use CGI::Carp "fatalsToBrowser"; 4. print header, start_html('My Page'); 5. print ' ', "WELCOME TO MY SITE "; 6. $ct = &counter(); 7. print br, ' ', "You Are Visitor $ct "; 8. print end_html; 9. sub counter { 10. $ctfile="/home/perlpgm/logfiles/counter.txt"; 11. open (CTFILE, "<". $ctfile ) || die "Cannot open $infile: $!"; 12. @inline = ; 13. $count=$inline[0] + 1; 14. close (CTFILE); 15. open (CTFILE, ">$ctfile" ) || die "Cannot open $infile: $!"; 16. flock (CTFILE, 2); 17. print CTFILE "$count"; 18. close (CTFILE); 19. return $count; 20. }

12 Output...

13 Example Guest Book 1.#!/usr/bin/perl 2. use CGI ':standard'; 3. use CGI::Carp "fatalsToBrowser"; 4. print header, start_html('Logger'); 5. $comments = param('ucomments'); 6. $logfile=">>/inetpub/wwwroot/logfiles/mydata.txt"; 7. open (OUTFILE, $logfile ) || die "Cannot open $infile: $!"; 8. $remrefer=$ENV{'HTTP_REFERER'}; 9. ( $sec, $min, $hr, $Day, $mon, $year ) = localtime(time); 10. $year=$year+1900; 11. $mon = $mon + 1; 12. print OUTFILE "$mon/$Day/$year:$hr:$min:$remrefer:$comments\n"; 13. print 'Just Logged:', br,"$mon/$Day/$year:$remrefer:$comments"; 14. close (INFILE); 15. print end_html;

14 Cookies Cookies provide a way for Web server applications to store small pieces of data on the end user’s machine. Cookies can be easily refused by the end user and therefore cannot be relied upon to always be available to the CGI/Perl program. Data set by cookies can be available for long periods of time, even when the end user leaves the site and comes back months later.

15 Setting a Cookie Can request that a browser cookie be saved in memory (deleted when user exits browser)or onto disk (retained until an expiration date). Syntax of an in memory cookie : Must output before the MIME Content-type line.

16 Setting Cookie Expiration Date When need to retain a cookie between browser sessions, need to set expiration date Again this line must be output before the MIME Content-type line

17 A Sample Program That Sets A Cookie 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. $name=param('name'); 4. $prefers=param('prefers'); 5. print "Set-Cookie: cust_name=$name; expires=04-Jul-2003 00:00:0 GMT\n"; 6. print "Set-Cookie: cust_prefer=$prefers; expires=04-Jul-2003 00:00:0 GMT\n"; 7. 8. print header, start_html('set cookie'); 9. print br, "Thanks $name Lets now look at $prefers... "; 10. 11. print end_html;

18 Output...

19 Example Cookie Reading Program 1. #!/usr/bin/perl 2. use CGI ':standard'; 3. print header, start_html("Welcome "); 4. $cust_name=cookie( 'cust_name'); 5. $prefers=cookie('cust_prefer'); 6. print ' '; 7. if ($cust_name) { 8. print "Welcome back $cust_name to our humble hardware site."; 9. } else { 10. print ' '; 11. print 'Welcome to our humble hardware site. '; 12. } 13. if ( $prefers eq "hand tools" ) { 14. print br,'We have hammers on sale for 5 dollars!'; 15. } elsif ( $prefers eq "power tools" ){ 16. print br, 'We have power drills on sale for 25 dollars!'; 17. } else { 18. print br, ' '; 19. print ' We have drills and hammers on special today! '; 20. } 21. print " ", end_html;

20 Output...

21 Hidden Fields Hidden fields are HTML form fields that you can use to set name/value CGI variables without displaying them on a form. Hidden fields provide a method to manage user sessions by maintaining the state of each session. –Hidden fields are not a secure method to keep data. You can create sophisticated multiple-screen applications, such as shopping carts and surveys, by using hidden fields.

22 CGI Security What about web server security? –Letting anyone run programs on your server can be risky –Be sure to set up your web server properly What about CGI script security? –Disallow risky operations like pointer arithmetic, array access without bounds checking, etc. –Perl is designed to prevent such problems –But must be aware of outside execution (``) Check perldoc perlsec for security information

23 A Bad Example 1.#!/usr/athena/bin/perl 2.# A REALLY BAD IDEA! 3.print "who is here? "; $user = <>; 4.$output = `You are $user`; 5.print "$output\n"; It could become: Who is here? rjbarbal Who is here? ; rm -rf /

24 CGI Taint Mode 1.#!/usr/athena/bin/perl -T 2.use strict; #important 3.use warnings; #important 4.# Prompt and get user input 5.print “Who are you? "; 6.my $user = <>; 7.# Untaint user input 8.if ($user =~ /^(\w*)$/) { 9.$user = $1; 10. } else { die "Illegal username"; 11.} # Make path safe 12.$ENV{'PATH'} = '/bin:/usr/bin:/usr/athena/bin/'; 13.# Command is now safe my 14.$output = `You are $user`; 15. print "$output\n";

25 More Tainted CGI 1.#!/usr/athena/bin/perl -T 2.use strict; 3.use warnings; 4.use CGI qw( :standard ); 5.# Make path safe $ENV{'PATH'} = '/bin:/usr/bin:/usr/athena/bin/'; 6.print header(), 7. start_html('A Simple Example'), 8. h1('A Simple Example'), 9. start_form(), “Who are you? ", 10. textfield('user'), 11. submit(), 12. end_form(), 13. hr(); 14.# Get user input 15.my $user = param('name'); 16.if ($user) { 17.# Untaint user input 18. if ($user =~ /^(\w*)$/) 19. { $user = $1; # Command is now safe 20. my $output = `finger $user`; 21. print pre("$output\n"), hr(); 22. } else { # User input is unsafe 23. print p("Invalid username. Please try again."); 24.} } 25. print end_html();

26 Web Sites www.perl.com, The Source for Perlwww.perl.com www.perl.org, Perl Mongers, the Perl advocacy peoplewww.perl.org learn.perl.org, For people learning Perllearn.perl.org jobs.perl.org, Employers seeking Perl programmersjobs.perl.org use.perl.org, Perl community news and discussionuse.perl.org www.perldoc.com, Perl documentationwww.perldoc.com www.cpan.org, Comprehensive Perl Archive Networkwww.cpan.org www.tpj.com, The Perl Journal, a magazinewww.tpj.com

27 Documentation Commands: –man perl –perldoc On the web: –http://www.perl.com/CPAN/ –http://www.perldoc.com/

28 The End

Download ppt "Introduction to PERL Part 4 (1) Working with Files (2)CGI Security."

Similar presentations

Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizards Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 7-1 The Web Wizards Guide to PHP by David Lash.
Copyright © 2003 Pearson Education, Inc. Slide 6b-1 The Web Wizards Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 6b-1 The Web Wizards Guide to PHP by David Lash.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.
LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
LIS651 lecture 3 functions & sessions Thomas Krichel 2008-11-08.

LIS651 lecture 3 functions & sessions Thomas Krichel
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Java Script Session1 INTRODUCTION.

Java Script Session1 INTRODUCTION.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
CGI Programming.

CGI Programming.
Copyright © 2003 Pearson Education, Inc. Slide 6b-1 The Web Wizard’s Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 6b-1 The Web Wizard’s Guide to PHP by David Lash.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.

Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 8 Managing End-User Sessions.
CGI programming in Perl Learning Objectives: 1. To understand how a CGI program works in Perl and how to make it runnable in web browsers 2. To learn how.

CGI programming in Perl Learning Objectives: 1. To understand how a CGI program works in Perl and how to make it runnable in web browsers 2. To learn how.
Cookies & file i/o in perl. Survey (html form in notes)

Cookies & file i/o in perl. Survey (html form in notes)
Reading and Writing Data Files Why do you need reading and writing data files in your CGI programming? Web server does not have permission to create file.

Reading and Writing Data Files Why do you need reading and writing data files in your CGI programming? Web server does not have permission to create file.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.

Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

Similar presentations

Ads by Google