General Scripting
PLEASE NOTE: Biz-hosting Technical
Support does not provide scripting support. However we
have provided the following articles which cover some
common scripting problems.
Choose an article below:
Our Windows IIS6 Servers support PHP, Perl, compiled CGI, ISAPI
and SHTML scripting.
However if you require ASP scripting you need to specifically ask biz-hosting to
enable web scripting on your domain. The domain name is then moved to a Windows
Server with ASP.
This option is free of charge but it will take approximately 24 hours to be
fully operational on the new server.
Please contact Biz-hosting if you would like this upgrade.
Any email sent from scripts running in your web space will be
automatically routed through our outbound SMTP servers.
This means that email must be sent to or from an email address on
yourdomain.co.uk.
Scripts in languages such as PHP, Perl, Python, ASP and ASP.NET
can present security problems. However, you can take a number of relatively
simple steps to improve the security of the scripts you run
Form to mail scripts:
Form to mail scripts allow people to fill out a contact, or similar, form on
your website. Whatever they enter is then emailed to you.
They are regularly used by spammers, who hijack your script to send unsolicited
email. Through a few simple checks, you can ensure that your form to mail script
is only used by your website and sends to the email address you choose.
SQL injections
SQL injections enable unscrupulous users to directly manipulate your database.
From displaying data that should remain private, to dropping entire tables, SQL
injections can be a serious problem but are easily resolved.
For example:
If you dynamically create SQL statements, using parameters passed from a web
form or parameters in a URL, you might use something similar to the following
pseudo-code:
SQL = "SELECT * FROM users WHERE name = '" + userName + "';"
You might expect the userName variable to be just that, a username. However, if
the username comes from a script input, such as a form field, a malicious user
could type the following:
a'; DROP TABLE users;
When the script is executed, the SQL statement would become:
SELECT * FROM users WHERE name = 'a'; DROP TABLE users;
When the SQL statement is run, it would drop the user table from the database. A
mailicious user could do almost anything that your database user's permissions
allow.
You should:
use your scripting language's escaping functionality
use SQL variables, rather than concatenating scripting variables to create the
SQL statement
limit the database user's permissions to those needed by your application.
Suggestion:
You can prevent most illegitimate use of your form to mail scripts by checking
the referrer string of the page calling your script, before processing it.
Limitations:
If you use scripts to send email from a website, please be aware that:
all outbound email is routed through our outgoing email servers
we filter outbound email to ensure each message is sent from or to an email
address on yourdomain.co.uk
we limit the number of emails you can send in any thirty second period and any
ten minute period.
This helps us to prevent spammers from using our servers and improves the
service we can provide to you.
ASP components
Your ASP code can use any of the following components:
CDO (Microsoft's Collaborative Data Objects Library) - search the MSDN site for
CDO and CDONTS.
JMail - see www.dimac.net, and example scripts in this knowledgebase.
PHP on Windows
Use the PHP mail function and set the mail from using the following line of code
- replacing email@mydomain with the correct domain name.
ini_set("sendmail_from", " email@mydomain ");
Summary
iHTML (Inline HTML) is a powerful server-side scripting language that is
available on Windows servers.
iHTML is designed to do anything that requires server-side activity, and can do
everything for which ASP and CGI would normally be used.
iHTML can:
Connect to databases
Connect to remote web servers
Dynamically format pages
Add the current date to an existing page
Show the time on a page
Write .gif files 'on the fly'
Execute complex logic statements
Etc.
To use iHTML on a web page:
Put on the first line of the page.
Give the file a .ihtml extension.
For examples of iHTML go to: www.ihtml.com/learning/examples/
Permissions:
Full FTP access to the root directory is allowed. This includes the ability to
add/remove folders and files to/from all sub-directories.
Folders above the htdocs folder can only be accessed via FTP and server side
scripts.
The website has read only access (with script execute) to the files in the web
space (i.e. the files below htdocs).
Write permissions are not allowed on the website as this would be a security
risk exposing the website, and the server, to attack by hackers.
The cgi-bin directory has execute permissions.
The access rights to any sub-directories that you create, will be inherited from
the parent directory.
Note: Do not remove the existing folder structure. If you do, and try to
re-create it, the access permissions will not be set correctly.
Description
Execution times for PHP scripts on Windows servers can be greatly reduced by
using the gzip compression handler.
This can be achieved by including the following lines of code at the top of your
script:
ob_start("ob_gzhandler");
The Gzip works by compressing content before sending it back to the browser.
It is however reliant on the browser supporting compression. If the browser does
not support compression, the script will still run, but will not execute the
compression.
PHP on Windows
If you are using the PHP mail function you must set the ‘mail from’ using the
following line of code - replacing email@mydomain with the correct domain name.
ini_set("sendmail_from", " email@mydomain ");
Failure to do so will result in all form submissions failing. This is part of
our continuing efforts to reduce unauthorised use of scripts to generate bulk
unsolicited email.
PHP on Linux
If you are using the PHP mail function on our Linux platform you must add a
fifth –f parameter to the mail function specifying the from address:
mail( "yourname@yourdomain.com", "Feedback Form results",$message, "From:
$email", "-fuser@userdomain.com" );
Failure to do so will result in all form submissions failing. This is part of
our continuing efforts to reduce unauthorised use of scripts to generate bulk
unsolicited email.
Please note that the from address must be a valid email address on the
biz-hosting platform. Using a third party email address as the from field will
result in a submission failure.
Summary:
PERL scripts that have been written to run under UNIX often require changes in
order to run under Windows. For more information on this go to:
www.activestate.com
PERL scripts must be uploaded to your cgi-bin directory with a .pl or .cgi
extension.
|
