www.uburst.com www.uburst.com

"CGI Redirects for Path Protection?"

Go back to the LobbyClick here to Go Back to Main ListingClick here to see helpClick here to Search the Forum

CGI Script Related Problems
Forum Type: Public
Moderator: edmunds
Time Zone: EST
Printer Friendly Format
Original Message
 
"CGI Redirects for Path Protection?"
Posted by Susan on Jan-19-01 at 00:56 AM (EST)
In the uShop order html, the path to the in/secure server is visible if you view source. What if there is an intermediary script?

i.e. you pass your order first to a redirector CGI script, which then passes the order to the secure server. Is data preserved across this redirect?

If that was possible, would you have to use GET or is POST still possible?

I heard aol users' browser (custom IE) only supported GET .. so uShop might not be working in places for like 20 million potential clients ..

Click to Send Alert Message to the Administrator Click to edit this messageClick here to reply to this messageClick here to reply to this message with quotesClick to goto the Table of Contents

 Table of Contents

RE: CGI Redirects for Path Protecti..., Bill Weiner, Jan-19-01, (1)
CGI Redirects and "Login"..., Susan, Jan-19-01, (2)
RE: CGI Redirects and "Login&q..., Bill Weiner, Jan-22-01, (3)

 

 
Click here to goto Click here to goto the Lobby
Messages in this discussion
 
1 . "RE: CGI Redirects for Path Protection?"
Posted by Bill Weiner on Jan-19-01 at 06:15 AM (EST)
In regard to your (uShop 2.x?) questions:

1) Are you referring to seeing the information in the URL via the GET method in uShop 2.x?

2) In uShop 2.x, GET is the only method available (unless using the Authorize.Net add-on). uShop 3.x uses POST.

3) AOL browsers support both GET and POST.

Remove this Message: Administrator and Moderator onlyClick to Send Alert Message to the Administrator Click to edit this messageClick here to reply to this messageClick here to reply to this message with quotesClick to goto the Table of Contents
 
2 . "CGI Redirects and "Login" problem"
Posted by Susan on Jan-19-01 at 09:17 PM (EST)
> Are you referring to seeing the information in the URL via the GET method in uShop 2.x?

No, I was referring to when you view the source of the html page which has the uShop applet embedded, you can see the URL to the cgi script. This is in both 2.x and 3.x

Can you do the cgi redirect, (i.e. have the script_url aram point to the cgi redirect script which would then send the data to the actual uShop cgi script..) or does the data not persist over a redirect? i.e. must you click through the series of applets in order to get to a successful order?

And why when I hit "check out now", and have the path properly defined in the html .. permissions set properly (java dir 755, store dir 755, data dir 777, cgi-bin 755) and uploaded in ascii .. I always get the "login" instead of the order form? Am I missing something here?

Remove this Message: Administrator and Moderator onlyClick to Send Alert Message to the Administrator Click to edit this messageClick here to reply to this messageClick here to reply to this message with quotesClick to goto the Table of Contents
 
3 . "RE: CGI Redirects and "Login" problem""
Posted by Bill Weiner on Jan-22-01 at 06:29 AM (EST)
In regard to using a CGI re-direct to try to hide the URL of the uShop CGI script.... I suppose you could try to setup such a redirect (at that point the uShop data is passed through a POST)... but there is really no harm in showing the URL of the uShop CGI script... so I don't know why you would really want to bother.

In regard to getting the uShop Login screen during the order process, depending on when exactly during the order process the Login screen is showing up, I would suggest checking these three things:

1) Make sure the "script_url" parameter of your uShopOrderButton applet is pointing to the correct URL of the "ushop.pl" script on your secure server.

2) Make sure that configuration question #4 at the top of the "ushop.pl" script ($secure_script_url) is properly pointing to the correct URL of the "ushop.pl" script on your secure server. It should be the exact same URL being used as the "script_url" parameter of your uShopOrderButton applet.

3) And if you made any modifications to the "order_template.html" file, make sure that the < FORM > tag at the top of the "order_template.html" file is in ALL-CAPS. This is because that particular < FORM > tag on the "order_template.html" file is case-sensitive ... so make sure it is all UPPERCASE.

In none of the above suggestions resolve the problem for you, give me a URL where I can try out your order process and I will take a look at it.

Remove this Message: Administrator and Moderator onlyClick to Send Alert Message to the Administrator Click to edit this messageClick here to reply to this messageClick here to reply to this message with quotesClick to goto the Table of Contents


Archive This Thread: Admin and Moderator OnlyRemove This Thread: Admin and Moderator Only
Click here to goto Click here to goto the Lobby

 

 

 

 

 

 

 

 

 

 

 

 
Questions or problems regarding this bulletin board should be directed to Webmaster
©1997-1999 by DCScripts. All rights reserved.