Sep 10 - server side & CGI

homework

• google "html hidden form"
  • e.g. http://www.w3.org/MarkUp/html-spec/html-spec_8.html
• what they look like in the code
• what they can be used for
• ways *not* to use them (i.e. "price=3.43" foolishness)

client / server overview

• sockets
• blocking / nonblocking
• threads, forks

web servers

• brief history
• config files
  • /etc/apache2 on csmarlboro.org ; world readable
• threads vs forks
  • discuss processes, and looking at 'em
• apache modules
  • htaccess - basic authentication
    • http://httpd.apache.org/docs/2.2/howto/htaccess.html
    • http://csmarlboro.org/mahoney/protected/ ... and visit from the command line
    • aside: /etc/group and www-data on csmarlboro.org
  • PHP, perl - mod_php, mod_perl ; run inside apache
  • CGI - external script runs in its own process outside apache,
  • FastCGI
    • advantages : less memory footprint, works with other servers
    • disadvantages : more work in configure & startup
  • many, many others

• nginx
• lighttpd
• node.js (discuss here ?)
• framework specific test / deploy tools

python cgi

• cgi hello world. This page echos back the http request headers.
• mad libs example. This page formats some user input variables into a story. (can you find the security hole?)
• cookie example. This page remembers the name you tell it.
• log example. This page keeps track of how many times it has been visited in a log file.
• security hole example. This page displays user input text as ascii art. Can you find the security hole?
• "third party" cookies. This page looks different after you have visited this page on cs.marlboro.edu.

When making your own cgi scrips

• Python cgi api reference
• another useful reference

other example

• sliding block
• function image display in perl
• sam at http://csmarlboro.org/sam/sliding_block

security

• cross script | shell escape
• buffer overflows

attachments

name last modified size

---

cgi-examples.zip Sep 11 2012 4:58 pm 6.44kB