[FASTCGI] FastCGI with Oracle

Tom Bowden charles_thomas at mac.com
Mon Dec 7 13:24:33 EST 2009


I am trying to remember where I read this in the fastcgi/fastcgx  
documentation -- but somewhere they recommend not using setenv within  
the accept loop.  Perhaps each iteration of FCGII_Accept/FCGIX_Accept  
it clears and resets?
It's a real security risk (IMHO).... an old hacker trick is to modify  
the path (for example) to point to your own version of a sh (sushi,  
etc).

I've only used mod_fcgid -- with AddHandler -- and its (still)  
confusing me.


Tom

On Dec 7, 2009, at 11:47 AM, Rob Lemley wrote:

> Darren Garvey wrote:
>> 2009/12/4 A. M. ArunKumar <arun at eagle-india.com>
>> The solution which you gave has helped me.  But its not after  
>> accept its before that. we need to set it back in the C++  
>> program.  I used the setenv function in c++ and now its connecting  
>> to oracle.
>> Is this how it is supposed to happen? I don't see why the FastCGI  
>> library should clear environment variables for the whole  
>> application...
>
> We really can't tell what is happening because we need to know more  
> about how A.M. ArunKumar is starting the fastcgi server app.   I  
> think he's using the apache mod_fastcgi but we don't know if it's  
> external FastCGI, internal FastCGI, or FastCGI started through the  
> apache ExecCGI system.
>
> I know from experience that the mod_fastcgi FastCgiServer directive  
> (ie "internal" fastcgi server) with the "-initial-env name=[value]"  
> option passes the values into the specified application which is  
> started by the mod_fastcgi process manager.
>
> So from that, I assume that ArunKumar is NOT running an "internal"  
> fastcgi server via the FastCgiServer directive.
>
> ArunKumar, can you give us more details about how you're  
> initializing/executing/starting your FastCGI server C++ app?
>
> If you're running it as a "FastCgiExternalServer" and starting via  
> some other means (such as init scripts, daemontools, or the windows  
> service manager), then it's true, the environment variables will  
> not be passed through the FastCGI connection to the external  
> fastcgi server app.  The only thing I know of like this is the  
> FastCgiExternalServer "-pass-header" option, which I'm thinking  
> would pass the headers only upon receipt of a request from the client.
>
> I haven't worked with the apache "SetHandler" and "AddHandler"  
> directives to know how environment variables work with those.
>
> Rob
>
> _______________________________________________
> FastCGI-developers mailing list
> FastCGI-developers at mailman.fastcgi.com
> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.pins.net/mailman/private.cgi/fastcgi-developers/attachments/20091207/3bbecf06/attachment.html>


More information about the FastCGI-developers mailing list