View Full Version : Is add on a security risk?
wcmauk
07-24-2007, 02:17 PM
I'm running a perl, tell a friend script on an add on domain, but when the cgi window opens , it notes that the url being forwarded (the add on domain) does not match the url of the webhost (my account), and will not send the email, noting that it is a security risk.
Is there a way around this, other than putting the domain on a separate webhost account?
Thanks
felgall
07-25-2007, 03:50 AM
Sounds like you need a separate copy of the script for each domain. If you are only using the one copy and it is doing a domain check then it will only work on the domain you configure it to work on.
Are you running it from cgi-bin? If so copy it to the cgi-bin on the add-on domain and reconfigure it to run on that domain. Provided that the add-on domain doesn't reference files above the root folder for that domain any code running there has no way of telling it is not the only domain on the account.
wcmauk
07-25-2007, 06:48 AM
I decided it wasn't the add on that was causing the problem, and to prove it to myself, took it to a free standing, single domain account.
I gotta tell ya, I'm lost.
The test page is http://www.tweitepumpkins.com/test.htm
the perl path and sendmail path are correct, and match what bluehost wantsl
The js path seems correct, and comes up on the url. http://www.tweitepumpkins.com/cgi-bin/tell_friend.cgi
so I'm coming down to
1. I've got the references on this html page (test.htm) wrong
or 2. a conflict with the other java on the page
or 3. something still with the server....I can't figure out what's the deal with the message at http://www.tweitepumpkins.com/cgi-bin/tell_friend.cgi
that says:
Security Error. The URL sent does not match the Web Host. Email will not be sent.
thanks for the help.
charlesp
07-25-2007, 07:35 PM
Are you using the correct extension? Is it tell_friend.cgi or tell_friend.pl or tell_friend.htm? Just a thought I am not at all familiar with perl and your test page ends with htm.:o
wcmauk
07-26-2007, 06:40 AM
Thanks for looking at it.
According to the download readme that came with tell_friend, the scripts are labeled correctly.
I do think the problem is in the http://www.tweitepumpkins.com/test.htm page though, as IE shows "error on page"
Powered by vBulletin® Version 4.1.10 Copyright © 2012 vBulletin Solutions, Inc. All rights reserved.