473,503 Members | 1,700 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Python CGI Script

Hello,

I'm a data-structures course TA trying to write a python CGI script
for automatically compiling and testing students' projects.
Unfortunately, I've run into some questions while writing this, which I
couldn't solve with the various (and helpful) python-CGI documentation.
(It's possible that I'm posting to the wrong group; if so, I'd
appreciate suggestions for the appropriate group.)
1. In my HTML page, I have the following:

<form method="post" action="submission_processor.py"
enctype="multipart/form-data">
....
</form>

In the above, submission_processor.py is the python CGI script. I
didn't write a URL in the action field, since I'm first testing
everyting on a local machine (running FC4). The first line of
submission_processor.py is

#!/usr/bin/python

and I've done

chmod +x submission_processor.py

When I hit the "submit" button, my browser (Firefox on FC4) doesn't
run the script; it asks me whether it should open
submission_processor.py or save it to disk. I couldn't figure out why.

2. My HTML page has the option for an instructor to list the various
submissions and scores. Obviously, this should be inaccessible to
students. The instructor has a password for doing this, therefore.
Suppose I place the password inside a python script, and give this
script only +x permission for others. Is this adequate as far as security?
Thanks in advance for answering these questions.
Efrat
Oct 2 '05 #1
2 2009
Efrat Regev wrote:
Hello,

I'm a data-structures course TA trying to write a python CGI script
for automatically compiling and testing students' projects.
Unfortunately, I've run into some questions while writing this, which I
couldn't solve with the various (and helpful) python-CGI documentation.
(It's possible that I'm posting to the wrong group; if so, I'd
appreciate suggestions for the appropriate group.)
1. In my HTML page, I have the following:

<form method="post" action="submission_processor.py"
enctype="multipart/form-data">
...
</form>

In the above, submission_processor.py is the python CGI script. I
didn't write a URL in the action field, since I'm first testing
everyting on a local machine (running FC4). The first line of
submission_processor.py is

#!/usr/bin/python

and I've done

chmod +x submission_processor.py

When I hit the "submit" button, my browser (Firefox on FC4) doesn't
run the script; it asks me whether it should open
submission_processor.py or save it to disk. I couldn't figure out why.
You also have to have the executable script inside a directory that is
recognised as being a script directory (usually achieved with an Apache
ScriptAlias directive), or have the server otherwise recognise .py files
as executable (just setting the +x mode bit isn't enough).

In the absence of such knowledge the server just returns the content of
the file rather than the content produced by *executing* the file.
2. My HTML page has the option for an instructor to list the various
submissions and scores. Obviously, this should be inaccessible to
students. The instructor has a password for doing this, therefore.
Suppose I place the password inside a python script, and give this
script only +x permission for others. Is this adequate as far as security?
That depends on whether you wanted to use HTTP security (provided
automatically by the web server) or application security (provided by
your code).

In the case of a script which is for general running but where some of
the script's functionality shouldn't be generally available you are
stuck with the latter. It's OK to have passwords in your script as long
as you are sure that the script isn;t going to be served up as content
like it currently is!

Thanks in advance for answering these questions.
Efrat


regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/

Oct 2 '05 #2
Efrat,

I am afraid a CGI script is never *executed* by the browser. Instead, it sends
the URL to a server, expects the server to execute the script, and display the
server's response. If you just put a file name then (it seems, I never even
tried that) Firefox uses the local file store as a 'server' in that respect.

If you want to test a CGI script on your own machine, you should run a web
server on your own machine. That server should also be set up in a way that it
recognizes a '.py' file as a CGI script to be executed by Python (not all
servers may recognize the #! trick...).

This may look scary, but it is not that bad. Apache has a number of precompiled
binary versions that you can install on your machine; you can also use servers
like W3C's jigsaw (this relies on Java) or others. These are all free and easy
to install and, well, manageable to configure. Actually, in case you run on a
MacOS X by any chance, Apache is already installed afaik...

I hope this helps

Ivan
-------- Original Message --------
From: Efrat Regev <ef*********@yahoo.com>
To:
Subject: Python CGI Script
Date: 30/9/2005 12:50
Hello,

I'm a data-structures course TA trying to write a python CGI script
for automatically compiling and testing students' projects.
Unfortunately, I've run into some questions while writing this, which I
couldn't solve with the various (and helpful) python-CGI documentation.
(It's possible that I'm posting to the wrong group; if so, I'd
appreciate suggestions for the appropriate group.)
1. In my HTML page, I have the following:

<form method="post" action="submission_processor.py"
enctype="multipart/form-data">
...
</form>

In the above, submission_processor.py is the python CGI script. I
didn't write a URL in the action field, since I'm first testing
everyting on a local machine (running FC4). The first line of
submission_processor.py is

#!/usr/bin/python

and I've done

chmod +x submission_processor.py

When I hit the "submit" button, my browser (Firefox on FC4) doesn't
run the script; it asks me whether it should open
submission_processor.py or save it to disk. I couldn't figure out why.

2. My HTML page has the option for an instructor to list the various
submissions and scores. Obviously, this should be inaccessible to
students. The instructor has a password for doing this, therefore.
Suppose I place the password inside a python script, and give this
script only +x permission for others. Is this adequate as far as security?
Thanks in advance for answering these questions.
Efrat

Oct 2 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
28
4575
Python as replacement for PHP?
by: Erik Johnson | last post by:
This is somewhat a NEWBIE question... My company maintains a small RDBS driven website. We currently generate HTML using PHP. I've hacked a bit in Python, and generally think it is a rather...
PHP
2
4885
Passing a String to a Python CGI Script
by: DeepBleu | last post by:
When one is using an HTML form via a web broswer, the user submits the form contents and these are passed to a CGI Python script on the web server. I need to write a client script that connects to...
Python
52
3700
perl to python
by: Olivier Scalbert | last post by:
Hello , What is the python way of doing this : perl -pi -e 's/string1/string2/' file ? Thanks Olivier
Python
4
3260
Mixing Python And Bash
by: Tom Purl | last post by:
I just wrote a Python script that is going to be called from bash script. If the Python script fails, I want the bash script to also stop running. Unfortunately, I can't seem to get that to work. ...
Python
17
3839
How to run Python in Windows w/o popping a DOS box?
by: Paul Rubin | last post by:
Dumb question from a Windows ignoramus: I find myself needing to write a Python app (call it myapp.py) that uses tkinter, which as it happens has to be used under (ugh) Windows. That's Windows...
Python
9
2061
A tool for Python - request for some advice
by: TPJ | last post by:
First I have to admit that my English isn't good enough. I'm still studying and sometimes I just can't express what I want to express. A few weeks ago I've written 'Python Builder' - a bash...
Python
3
2602
Zope, Python 2.4 pythonScripts import problem
by: krzychu | last post by:
Hi, I have installed brand new platform - Zope-2-7-6, Python 2.4.1, Plone 2.0.5, OS Debian 1:3.3.6-2. After import a old Plone site from the following platform Zope-2-7-4, Python 2.3.3, Plone...
Python
6
7476
/usr/bin/env python, force a version
by: manatlan | last post by:
I've got a trouble, and i think that anybody there can help me I've got a python script which i distribute in somes packages for *nix. This script is full of python and need python 2.4 ! And i'd...
Python
37
2429
a little more help with python server-side scripting
by: John Salerno | last post by:
I contacted my domain host about how Python is implemented on their server, and got this response: ------------------- Hello John, Please be informed that the implementation of python in our...
Python
6
9883
starting some Python script from C#
by: tatamata | last post by:
Hello. How can I run some Python script within C# program? Thanks, Zlatko
Python
0
7202
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7278
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
7328
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6991
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7458
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
4672
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3167
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3154
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1512
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us