Security Updates for CGI posts

Added a Check post URI function to all CGI files, and Added 2 methods of security to main Output CGI files to check for un-authorised DOM elements, etc.

The security is ‘very basic’, and – the POST page could/should be automated (as with $$$ quote button in KitCADi3) with a “loading screen” while performing the POST, hidden textfield or form element, etc.

The Canvas output for KitCADi3 contains the biggest hole (and may be modified like the wpfe output).

2 Responses to “Security Updates for CGI posts”

  1. Admin Says:

    Use the kitcadi3_cgi.conf file to configure settings and security options. The kitcadi3_cgi.conf file will be updated over time to allow more options.

  2. Admin Says:

    Updated the kitcad_cgi.conf file to version 1.01
    Also added extra JavaScript security into post forms
    (still could drive a truck through – next update will include a domain detector to allow authorised domains, current check only looks for KitCADi3 web page with a codebar frame – if no codebar frame is found then a UN-AUTHORISED TECHNOLOGY message is displayed instead)