[FASTCGI] FastCGI with Oracle

Rob Lemley rclemley at booksys.com
Tue Dec 8 11:37:30 EST 2009


*fcgiapp.h:* FCG*X*_Accept() and FCG*X*_Accept_r() do not touch the
global environment (extern char **environ).
*fcgi_stdio.h:* FCG*I*_Accept() resets the environment.

*fcgiapp.h*  the direct API to fastcgi.  Does not touch the global
environment.

*fcgi_stdio.h*   an even higher level interface that should make it
easier to convert existing CGI programs to FastCGI.  As Gordon said,
"much like a regular CGI application".  This interface is implemented
"on top of" fcgiapp.h.

Rob


Gordon Colburn wrote:
>
> I recently ran into this issue using static fast CGI servers with
> mod_fastcgi. Tom is correct; FCGI_accept resets the environment each
> time it is called. Any environment variables that are set using the
> -initial-env parameter of the FastCgiServer directive will be
> available in the environment when the application is first started,
> but once FCGI_accept is called they will no longer be available. I
> think the reason this is done is that mod_fastcgi passes request
> specific information in the environment much like a regular CGI
> application does and to do this it resets the environment each time
> FCGI_accept is called.
>
>  
>
> ------------------------------------------------------------------------
>
> *From:*
> fastcgi-developers-bounces+gordon=group309.com at mailman.fastcgi.com
> [mailto:fastcgi-developers-bounces+gordon=group309.com at mailman.fastcgi.com]
> *On Behalf Of *A. M. ArunKumar
> *Sent:* Monday, December 07, 2009 11:29 PM
> *To:* 'Tom Bowden'; 'Rob Lemley'; '??'
> *Cc:* darren.garvey at gmail.com; fastcgi-developers at mailman.pins.net
> *Subject:* Re: [FASTCGI] FastCGI with Oracle
>
>  
>
> I understand the security risk explained.
>
>  
>
> Well mine is FastCGI application started through apache ExecCGI system. 
>
>  
>
> I have to lookup how to setup the application as FastCGI internal
> application.  Let me try and get back to you all
>
>  
>
> Thanks
>
> Arun
>
> ------------------------------------------------------------------------
>
> *From:* Tom Bowden [mailto:charles_thomas at mac.com]
> *Sent:* Monday, December 07, 2009 11:55 PM
> *To:* Rob Lemley
> *Cc:* darren.garvey at gmail.com; A. M. ArunKumar;
> fastcgi-developers at mailman.pins.net
> *Subject:* Re: [FASTCGI] FastCGI with Oracle
>
>  
>
> I am trying to remember where I read this in the fastcgi/fastcgx
> documentation -- but somewhere they recommend not using setenv within
> the accept loop.  Perhaps each iteration of FCGII_Accept/FCGIX_Accept
> it clears and resets?
>
> It's a real security risk (IMHO).... an old hacker trick is to modify
> the path (for example) to point to your own version of a sh (sushi, etc).
>
>  
>
> I've only used mod_fcgid -- with AddHandler -- and its (still)
> confusing me.  
>
>  
>
>  
>
> Tom
>
>  
>
> On Dec 7, 2009, at 11:47 AM, Rob Lemley wrote:
>
>  
>
> Darren Garvey wrote:
>
> 2009/12/4 A. M. ArunKumar <arun at eagle-india.com
> <mailto:arun at eagle-india.com>>
>
> The solution which you gave has helped me.  But its not after accept
> its before that. we need to set it back in the C++ program.  I used
> the setenv function in c++ and now its connecting to oracle.
>
> Is this how it is supposed to happen? I don't see why the FastCGI
> library should clear environment variables for the whole application...
>
>
> We really can't tell what is happening because we need to know more
> about how A.M. ArunKumar is starting the fastcgi server app.   I think
> he's using the apache mod_fastcgi but we don't know if it's external
> FastCGI, internal FastCGI, or FastCGI started through the apache
> ExecCGI system.
>
> I know from experience that the mod_fastcgi FastCgiServer directive
> (ie "internal" fastcgi server) with the "-initial-env name=[value]"
> option passes the values into the specified application which is
> started by the mod_fastcgi process manager.
>
> So from that, I assume that ArunKumar is NOT running an "internal"
> fastcgi server via the FastCgiServer directive.
>
> ArunKumar, can you give us more details about how you're
> initializing/executing/starting your FastCGI server C++ app?
>
> If you're running it as a "FastCgiExternalServer" and starting via
> some other means (such as init scripts, daemontools, or the windows
> service manager), then it's true, the environment variables will not
> be passed through the FastCGI connection to the external fastcgi
> server app.  The only thing I know of like this is the
> FastCgiExternalServer "-pass-header" option, which I'm thinking would
> pass the headers only upon receipt of a request from the client.
>
> I haven't worked with the apache "SetHandler" and "AddHandler"
> directives to know how environment variables work with those.
>
> Rob
>
> _______________________________________________
>
> FastCGI-developers mailing list
>
> FastCGI-developers at mailman.fastcgi.com
> <mailto:FastCGI-developers at mailman.fastcgi.com>
>
> http://mailman.pins.net/mailman/listinfo.cgi/fastcgi-developers
>
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.pins.net/mailman/private.cgi/fastcgi-developers/attachments/20091208/4ed982eb/attachment.html>


More information about the FastCGI-developers mailing list