Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use AppleScripts to generate web pages Apps
I have been trying to figure out how to run an AppleScript to generate a web page for a long time. I tried using Perl and PHP, but always got an error message because the script was running as a different user than who was logged in at the time. Changing the Apache setup to run as a different user does not solve this problem. But you can make it work by using Server Side Includes (SSI). If you set up Apache to run as the user that is logged into the system, you can run AppleScripts inside your webpages by using SSI and the osascript program. The first thing to do is to set up Apache to run as the user that is normally logged into the system. Since I am usually the only one logged into my computer, I have Apache run as me. You need to edit (with root privileges) the /etc/httpd/httpd.conf file. Find the line that says:
User www
and change it to
User myName 
Replace myName with the short name of the logged in user. Then you need to enable server side includes in the same file. Uncomment these two lines:
#Addtype test/html .shtml
#AddHandler server-parsed .shtml
and then restart the webserver (sudo apachectl graceful, or via the Sharing preferences panel). You should now be able to use Applescripts inside your webpages. You can do this by using:

<!--#exec cmd="/usr/bin/osascript MYAPPLESCRIPTNAME"-->
You can either replace MYAPPLESCRIPTNAME with a file, or with the script written out. I use this with some other programs to control my EyeTV program from the web. Also, you can use this to view your iCal calendars over the web or view the current track in iTunes.

[robg adds: I'm not sure if there are any security issues to consider with Apache running as the logged in user -- logic tells me that there are, but I couldn't find any obvious red flags with a quick Google search. If anyone is aware of any dangers, please post a comment!]
    •    
  • Currently 2.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[10,631 views]  

Use AppleScripts to generate web pages | 13 comments | Create New Account
Click here to return to the 'Use AppleScripts to generate web pages' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use AppleScripts to generate web pages
Authored by: inchhigh on Dec 22, '03 11:20:23AM
you run the webserver as it's own user/group so that you can control what can be accessed from the webserver. Thus if there is a security problem with the webserver, or a badly designed script, you can limit the possible damage. In most cases if someone were to exploit a hole in apache (unlikely in current versions) or a hole in a badly designed script (much more likely) they may be able to execute code with the privileges of the user the webserver is running as. So if the webserver is running as you, all of your files would be available with both read AND write access.

If you are going to use this technique for running applescripts, I would recommend going a little farther and figuring out why the scripts won't run when the user/group is www. I'm guessing perhaps the scripts don't have execute permissions for www, and they do for the user that created them, thus when you change the user to yourself, they run. A much better idea would be to create a new group (webgroup) and add yourself and www to it, then assign the group ownership of the scripts to that new group, and make sure that the group permissions allow executing.

chgrp webgroup scriptname
chmod g+rx scriptname

or if you don't want to go about creating a new group, just set the group to www

chgrp www scriptname
chmod g+rx scriptname

I have not tested this with applescripts, but this is the general rule with all other scripts running under apache.

[ Reply to This | # ]

Use AppleScripts to generate web pages
Authored by: larkost on Dec 22, '03 11:37:03AM

Doing this is definitely a security hazard, for 2 reasons:

If anyone compromises apache in any way, they are now running as your main user, and that means they are running as an administrator... lots of problems there.

Your applescript is also running as your main user, and holes here are identical to the other problem.

A much better solution would be to run the applescript as a CGI. There is a quick example of how to do this is on Apple's web site. The jist of it is a "on handle CGI request this_request" handler. If you absolutely need this script to run as a specific user (SECURITY HOLE), then you can use the setuid bit (man chmod and look at the entries for 4000 and 2000). You can also use this trick to do so in SSI or PHP.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: Graff on Dec 22, '03 02:27:34PM
A much better solution would be to run the applescript as a CGI. There is a quick example of how to do this is on Apple's web site. The jist of it is a "on handle CGI request this_request" handler.

From what I understand this will only truly work on Mac OS X Server. To do the same thing on regular Mac OS X you need to use something like the program acgi dispatcher.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: grrl_geek on Dec 23, '03 01:15:48PM

No, you can run CGI scripts on regular OS X, there just isn't a GUI tool to do so. You have to edit httpd.conf by hand, but it's not hard.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: grrl_geek on Dec 23, '03 01:20:24PM

I'm sorry, I should have looked at your link before commenting. I didn't realize that there were special things to consider with AppleScript.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: klktrk on Dec 22, '03 01:50:45PM

Hear! Hear! Ditto what the two above said. Remember also, that if your Web server is 'online'... ie. accessible from the greater Web, then you're not only putting your own personal machine and data at risk, but you're also putting the online community at risk. Someone finds a hole in one of your scripts (it happens all the time), and gains your admin privileges. Using that access, they can create a spam relay, or a spamvertizer site, or launch denial of service attacks, or store child porn ... etc etc....

There are GOOD reasons, Apache is set up the way it is. Circumventing it's security policies puts us all at risk...



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: jkooy on Dec 23, '03 12:58:10AM

I guess I don't see it. I thought the whole point of using server side includes was so that you could not see the script or control it and therefore your security risk is minimal. Also, since there is really no way of posting to the AppleScript I don't see how anyone could just randomly gain control of the system. I guess what I could see happen is that someone could upload an shtml page to my website and use that to control my computer. But the only way that would happen is if they were able to gain access of my computer in the first place. I guess I don't really see what the security risk is. Can you explain more of what you mean? Thanks.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: grrl_geek on Dec 23, '03 01:03:06PM

I'm not a security expert by any means, but I can think of an example. Some scripts that allow input (and aren't coded correctly) are vulnerable to a buffer overflow exploit. From what I understand, this is when Mr. Evil Guy sends more data than expected, and then is able overwrite some of the system memory with his code. Exactly how one would do this I'm not sure, but I know it can be done. Is done, all the time.

It's easy to write bad code, and often hard to see what the problem is with it. If there's one thing I've learned about the internet, it's I'm good with computers, but there are a whole lot of people who are better than I. If a good product like Apache has things set up a particular way, there's a reason, and I should understand that reason before I mess with it.

---
~~~~~~~~~~~~~
Sinker sucker socks pants, apocryphal awry!



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: stetner on Dec 22, '03 06:19:59PM

I would also think that applescript would not be a good choice, it seems to me to have a very big startup hit (or maybe it is just my old G4 450MHz).



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: neptune on Dec 22, '03 11:14:58PM

I'm not sure what you wanted to generate using the Applescript, but I have been using Applescript to generate both html and hdml web pages for several years. I have created scripts with using the following format:
On idle
-- put code here
return 60 -- sets return rate to every 60 seconds
End idle

The script is compiled as an application with the "stay open" button checked in the Save dialog box. Hint: use "on run" to debug your script, then change to "on idle" at the end.

Whatever code is included will run repeatedly every 60 seconds. Of course you can set the rerun period to any number of seconds. The script creates a web page using the "write" command to a fileref number. Since the same file is continuously being overwritten with new values, times, or data, that new data is served to the outside whenever that page is called for by a web browser and appears as if it were created on the fly.

We use this technique for monitoring tanks that house thousands of fish - generally endangered species. The Applescript wakes up once a minute, talks to an special application specific to the data acquisition and control hardware that is actually talking to the sensors, and reformats those measurements into an hdml page. HDML is the markup language used in web enabled cell phones and is very similar to HTML, but the syntax is less forgiving of errors. The fisheries system operators can use their cell phones to view the status of pumps and heaters, as well as see temperature, pH, dissolved oxygen, pressures and flow rates, with the measurements no older than 60 seconds.

The on idle technique is easy to write and does not expose scripts to external hacking. Applescript could be used in this manner to create a web page with the current time, date, weather info, stock prices, etc.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: Graff on Dec 23, '03 12:14:29AM
On idle
-- put code here
return 60 -- sets return rate to every 60 seconds
End idle

The script is compiled as an application with the "stay open" button checked in the Save dialog box. Hint: use "on run" to debug your script, then change to "on idle" at the end.

Right, and remember that you can have both "on run" and "on idle" handlers in your script, along with other handlers that do other sorts of stuff.

The "on run" handler does stuff as soon as the script application is run. If you don't save the script as a stay-open application then it will quit once the "on run" handler is done. Even if you have an idle handler in your program you probably would still have a run handler to do setup sort of stuff.

The "on idle" handler is for performing tasks occasionally in a stay-open script application. It is good for monitoring, performing stuff in the background, idling until the script is re-activated by another program, etc.

There is also an "on quit" handler which traps the normal quitting of the script application and does some cleanup before quitting. Since a quit event will interrupt any other processing going on in the script application this is important. When you are done cleaning up a "continue quit" statement in the "on quit" handler will cause the application to end.

You can also define your own handlers which are basically functions. For example, a "DrawPage" handler which draws the web page when called by your run or idle handler. These handlers can be called by other scripts and programs.



[ Reply to This | # ]
Running AppleScripts without a display
Authored by: floop on Dec 23, '03 01:09:04AM

I really should do a little more research before giving my opinion but since no one else is...I too ran into this problem a while back. It does not seem possible to run AppleScripts from a user that it not the current user. Just try running osascript in the terminal when logged in as another user. You will get a message that includes "initCGDisplayState: cannot map display interlocks." This is under 10.2.8 and previous systems. Perhaps Panther is different, but it seems AppleScript must have a display to execute.

Also, Apple's page on using AppleScript as CGI's only seems to apply to OS X Server and <= System 9. It just would never work for me on standard OS X because of the display problem.

So there is a little more security risk running Apache as the current user. Security is a personal decision and the amount you need should be weighed against what is being protected. The only reason I stopped using this method was not security but rather that different users shared my machine and the AppleScripts would not work as soon as I logged out.

Does anyone know how to avoid the "initCGDisplayState: cannot map display interlocks." problem when running osascript from a user that doesn't have a display such as the www user?



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: tow_adam on Dec 23, '03 11:40:54AM

Under Panther, you can have multiple logged in users accessing their scripts via Apache. A separate instance of Apache (running under each userid) must be running, however, for each user for this to work.

Security concerns aside, there's a program that makes the job of using AppleScripts (or other scripting langugages) as web applications easy, Soybo -- http://www.soybo.com

I'm in the process of updating the application to have a simpler installation procedure. Give it a shot if you're looking to web-enabled your Mac OS X applications.

-adam



[ Reply to This | # ]