Security Advisories (4)

CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

https://metacpan.org/dist/Jifty/changes

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

https://metacpan.org/dist/Jifty/changes

NAME

Jifty::Script::FastCGI - A FastCGI server for your Jifty application

DESCRIPTION

When you're ready to move up to something that can handle the increasing load your new world-changing application is generating, you'll need something a bit heavier-duty than the pure-perl Jifty standalone server. FastCGI is what you're looking for.

Because Apache's FastCGI dispatcher can't pass commandline flags to your script, you'll need to call jifty a bit differently:

AddHandler fastcgi-script fcgi
DocumentRoot /path/to/your/jifty/app/web/templates
FastCgiServer /path/to/your/jifty/app/bin/jifty -initial-env JIFTY_COMMAND=fastcgi
ScriptAlias /  /path/to/your/jifty/app/bin/jifty/

For lighttpd (http://www.lighttpd.net/), use this setting:

server.modules  = ( "mod_fastcgi" )
server.document-root = "/path/to/your/jifty/app/web/templates"
fastcgi.server = (
       "" => (
           "your_jifty_app" => (
               "socket"       => "/tmp/your_jifty_app.socket",
               "check-local"  => "disable",
               "bin-path"     => "/path/to/your/jifty/app/bin/jifty",
               "bin-environment" => ( "JIFTY_COMMAND" => "fastcgi" ),
               "min-procs"    => 1,
               "max-procs"    => 5,
               "max-load-per-proc" => 1,
               "idle-timeout" => 20,
           )
       )
   )

run

Creates a new FastCGI process.

To install Jifty, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Jifty

CPAN shell

perl -MCPAN -e shell
install Jifty

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

run

Module Install Instructions