|
Most users within Informatics are given permission to publish personal web pages and most are also allowed CGI script access (1st and 2nd year undergraduates being the notable exception). Users are responsible for anything that they publish and are bound by the Computing Regulations.
If you have permission for either (or both) of these, then you will find the corresponding directories:
/public/homepages/<user>/weband
/public/homepages/<user>/cgi... visible in the DICE filesystem, where <user> is your DICE username. For the rest of this document we will take user 'fred' as an example of <user>
The disk space in /public/homepages/ subject to a disk quota, currently 5MB for taught students, 20MB for research students and 50MB for staff. Special cases will be considered, and should be directed towards support.
The web server is a slightly tweaked (mainly for the user CGI) version of Apache 2.2.
The file /public/homepages/fred/web/index.html will be visible on the web as the URL http://homepages.inf.ed.ac.uk/fred/index.html .
Similarly the CGI program /public/homepages/fred/cgi/myscript will be exposed as http://homepages.inf.ed.ac.uk/cgi/fred/myscript .
Anything you place in /public should be considered as just that, ie "public". Though you can restrict pages via .htaccess files and file permissions, faulty CGI scripts or misconfiguration of any .htaccess files, can render the permissions meaningless. You also have to consider that for the apache server to be able to serve your pages to the outside world, it must be able to read them, so they need to be world readable within the filesystem.
Currently the apache supports Server Side Includes (mod_include) and PHP (mod_php5). Files ending in .shtml and .html are parsed with mod_include, and files ending in .phtml and .php are parsed with mod_php.
One important thing to note, is that - for security reasons - the homepages web server does not have access to any of your networked home directories. This means you cannot put symbolic links in from /public/homepages/fred/web/file.html to /home/fred/somefile.html, or access /home from scripts etc.
Also the utility wget, which is often exploited to
download cracks and further exploits to the machine, has been renamed
Wget (ie with a capital "W"). This should lessen the
chance of it being abused, but still allows you to use it as you know
the name to call it with. This may change again if we discover it
being exploited via it's new name.
Content-type: text/html <html> ... </html>
Note the blank line between the Content-type line and the first HTML tag.
#!/usr/bin/perl
use CGI::Carp qw(fatalsToBrowser set_message);
BEGIN {
sub handle_errors {
my $msg = shift;
print '<h1>An error occurred</h1>';
print '<p>The following error occurred in your CGI:';
print '<pre>'.$msg.'</pre>';
}
set_message( \&handle_errors );
}
AddHandler php5-script .html
#!/usr/bin/php <?php echo "Content-Type: text/html\n\n"; ?> <!-- rest of the original file here -->and move it into your homepages/<username>/cgi/ area, remembering to make it executable.
<?php
ini_set("error_reporting", E_ALL);
ini_set("display_errors", TRUE);
?>
Options IncludesNOEXECSo you will not be able to execute scripts or commands from SSI.
<?php
$dbconn = pg_connect ("host=$server dbname=$db user=$username password=$password sslmode=disable")
?>
Other languages should have a similar way of forcing a non-SSL connection.
Try the general web FAQ. Any techical problems with the homepages service should be reported via the web support form http://www.inf.ed.ac.uk/systems/support/form/.
Author: neilb
Last updated: 2008/07/25 16:20:20
|
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: school-office@inf.ed.ac.uk Please contact our webadmin with any comments or corrections. Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh |
