Re: virtual domain name and relative URLs

>This worked, but I discovered that it introduced a security hole. Anyone
>could potentially install a copy of the form in their web account and run
>messages thru the myorg.com email server. We've since plugged the
>hole by adding code to the FormHandler script to check the
>HTTP_REFERER value.

Sorry if this seems like a non-answer, but even before you started
using virtual servers (and checking the referer), anybody could put
a form on any server ANYwhere and still have it invoke your CGI.

>So my question is, is there a way for the sysadmin to configure the
>server so that we webmasters can use relative URLs and virtual domain
>names together?

Not sure there's a single answer that can apply to all web sites.
So without a comprehensive look at how your web server is used and
managed, I'd perhaps stick to your sysadmin's advice.  In any case,
I suspect the "security hole" as you describe it already exists.
If you really don't want any ol' person using their OWN forms on
your CGI's, then maybe add a password field in the form that the
CGI checks for.  I say this, tho', without really knowing what is
desired to be accessible and what needs to be protected.

 -John Koch                               -  -  -  __o
 Knowledge Systems, Inc.              -  -  - -  _ \<,_
 <John.ksi(at)webplus.net>                   - -   (_)/ (_)

HWG: hwg-servers mailing list archives, maintained by Webmasters @ IWA