× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 1999

Re: HTTP Server Security Issue

  • Subject: Re: HTTP Server Security Issue
  • From: John Earl <johnearl@xxxxxxxxxxx>
  • Date: Mon, 26 Apr 1999 23:52:20 -0700
  • Organization: PowerTech Toolworks & The 400 School
 
Brad,

I was just reading that the major difference between the root "/" file system 
and
the QOpenSys file system is that the QOpenSys file systems supports case
sensitive object names and root, QDLS, and QSYS.LIB do not.     Could this
explain the behavior you saw?

jte

Stone, Brad V (TC) wrote:

> Recently I was playing around with a CGI program that I developed to run on
> our old V3R2 machine.  Now we are on V4R3.  In the past, I'm sure that when
> you were calling an RPG CGI program it had to be in uppercase in the URL.
>
> Now it seams it doesn't matter.  Using
> /cgi-bin/CGIPGM1
> or
> /cgi-bin/cgipgm1
>
> Will do the same thing and call the CGI program just fine.  Which leads to
> an interesting point:
>
> If you have a protection directive set up in your HTTP Config on
> CGIPGM1.PGM, if the user types the URL in in lower case, the protection is
> ignored.
>
> Taking this a step further, any combination of upper and lower case will be
> ignore except the EXACT protection directive you have given.  So, if your
> directive looks like this:
>
> Protect /QSYS.LIB/AS400CGI.LIB/CGIPGM.PGM CGIPGMP
>
> where CGIPGMP is a protection directive set up, if the user types in
> CGIPGM on the url, the protection will work.  If, on the other hand, they
> type in
> cgipgm
> CgiPgm
> cgiPgm
> etc.. etc...
>
> The protection is ignored.
>
> This has got to be a bug or else I'm missing something else here.  I'd like
> to hear from anyone using a protection directive on an CGI program and see
> if they have the same results.
>
> Bradley V. Stone
> Taylor Corporation - OASIS Programmer/Analyst
> bvstone@taylorcorp.com
>
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---



--
John Earl   johnearl@toolnet.com

PowerTech Toolworks  206-575-0711
PowerLock Network Security www.toolnet.com
The 400 School   www.400school.com
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.