Michael Holzer writes:
>
> Mark Bixby wrote:
>
> >
> > For a more real example, visit this URL:
> >
> >         http://mbloaner.dis.cccd.edu/cgi-bin/showjob
> >
>
> Hello Mark,
>
> I tried the example and as I understand only hardcoded commands
> can be executed this way.
>
> Some background about the application:
>
> Software configuration management with source code on UX that
> needs to be uploaded to MPE, then compiles on MPE and
> download results (compile listing,..) to UX
> My requirement is to execute many fixed commands (upload)
> each with a variable file name during one UX based event.
>
> Could this be accomplished with this are another solution?

Web servers allow you to include script parameters on a URL.  For example:

        http://my.host/my.script?parm1=value1&parm2=value2    ...etc...

So you should be able to tell a web CGI script to execute multiple commands
(with command operands).

There are hopefully obvious security implications about this.  I.e. it would
be very dangerous to allow unrestricted use of something like:

        [log in to unmask]@" target="_blank">http://my.host/do_hpcicommand?command=abortjob&[log in to unmask]@

Make your CGI scripts *VERY* picky about what parameters they will accept!
--
Mark Bixby                      E-mail: [log in to unmask]
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support               Voice: +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)