[FASTCGI] FastCGI with Oracle

A. M. ArunKumar arun at eagle-india.com
Mon Dec 7 23:28:39 EST 2009

I understand the security risk explained. 


Well mine is FastCGI application started through apache ExecCGI system.  


I have to lookup how to setup the application as FastCGI internal
application.  Let me try and get back to you all





From: Tom Bowden [mailto:charles_thomas at mac.com] 
Sent: Monday, December 07, 2009 11:55 PM
To: Rob Lemley
Cc: darren.garvey at gmail.com; A. M. ArunKumar;
fastcgi-developers at mailman.pins.net
Subject: Re: [FASTCGI] FastCGI with Oracle


I am trying to remember where I read this in the fastcgi/fastcgx
documentation -- but somewhere they recommend not using setenv within the
accept loop.  Perhaps each iteration of FCGII_Accept/FCGIX_Accept it clears
and resets?

It's a real security risk (IMHO).... an old hacker trick is to modify the
path (for example) to point to your own version of a sh (sushi, etc).


I've only used mod_fcgid -- with AddHandler -- and its (still) confusing me.





On Dec 7, 2009, at 11:47 AM, Rob Lemley wrote:

Darren Garvey wrote:

2009/12/4 A. M. ArunKumar <arun at eagle-india.com> 

The solution which you gave has helped me.  But its not after accept its
before that. we need to set it back in the C++ program.  I used the setenv
function in c++ and now its connecting to oracle. 

Is this how it is supposed to happen? I don't see why the FastCGI library
should clear environment variables for the whole application...

We really can't tell what is happening because we need to know more about
how A.M. ArunKumar is starting the fastcgi server app.   I think he's using
the apache mod_fastcgi but we don't know if it's external FastCGI, internal
FastCGI, or FastCGI started through the apache ExecCGI system.

I know from experience that the mod_fastcgi FastCgiServer directive (ie
"internal" fastcgi server) with the "-initial-env name=[value]" option
passes the values into the specified application which is started by the
mod_fastcgi process manager.

So from that, I assume that ArunKumar is NOT running an "internal" fastcgi
server via the FastCgiServer directive.

ArunKumar, can you give us more details about how you're
initializing/executing/starting your FastCGI server C++ app?

If you're running it as a "FastCgiExternalServer" and starting via some
other means (such as init scripts, daemontools, or the windows service
manager), then it's true, the environment variables will not be passed
through the FastCGI connection to the external fastcgi server app.  The only
thing I know of like this is the FastCgiExternalServer "-pass-header"
option, which I'm thinking would pass the headers only upon receipt of a
request from the client.

I haven't worked with the apache "SetHandler" and "AddHandler" directives to
know how environment variables work with those.



FastCGI-developers mailing list

FastCGI-developers at mailman.fastcgi.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.pins.net/mailman/private.cgi/fastcgi-developers/attachments/20091208/f3e09e57/attachment.html>

More information about the FastCGI-developers mailing list