NAME

configure-link-cgi - configure a CGI that reports on or repairs links.


SYNOPSIS

configure-link-cgi.pl [options] cgi-file-name


DESCRIPTION

Each CGI program should be hardcoded with it's own configuration. At the same time we want to use one central program file. This is achieved by simply building scripts which set variables and then run the main cgi program.

This program should be run only once the basics of the linkcontroller system have been configured for the current user with configure-link-control


OPTIONS

The --reporter option will generate a CGI which reports on the status of links. The --fixer option will generate one which can fix links. If both are given then both are generated. If neither are given then a reporter is generated by default.


TRUST

The CGI bin program trusts the perl libraries.

The CGI bin program trusts the diretory structure and that the link_report.cgi program can be called safely.


SECURITY

The program was written to pass Perl's tainting mechanism.

The program deletes various environment variables.

    $ENV{PATH} = "/bin:/usr/bin";
    delete @ENV{qw(HOME IFS CDPATH ENV BASH_ENV)};   # Make %ENV safer

This means that the users own configuration file in the users home directory will be ignored. The reason for this is that CGIs aren't guaranteed to be run by the right user. Hardcode any of the configuration you want to copy from there.


ISSUES

I don't think the following are bugs, but I might be wrong so you should be aware of them.

-
We use the WWW::Link_Controller::ReadConf module to get configuration. This goes poking around in home directories for configuration files and doesn't check that the files are secure??

-
There are probably issues. If you need security call in a security audit company to check this file over. Donating the results is appreciated.


BUGS

None, but see ISSUES ;-)


SEE ALSO

the verify-link-control manpage; the extract-links manpage; the build-schedule manpage the link-report manpage; the fix-link manpage; the link-report.cgi manpage; the fix-link.cgi manpage the suggest manpage; the link-report.cgi manpage; the configure-link-control manpage

The LinkController manual in the distribution in HTML, info, or postscript formats, included in the distribution.

http://scotclimb.org.uk/software/linkcont/ - the LinkController homepage.