Html Page Uploaded to Server in Html Vs Cgi

Interface which offers a standard protocol for Web servers to execute programs install

This article is about the software interface between a Spider web server and programs. For other uses, see CGI (disambiguation).

In computing, Common Gateway Interface (CGI) is an interface specification that enables web servers to execute an external plan, typically to process user requests.^[1]

Such programs are often written in a scripting language and are commonly referred to as CGI scripts, just they may include compiled programs.^[2]

A typical use case occurs when a Web user submits a Spider web form on a web page that uses CGI. The form'due south data is sent to the Spider web server inside an HTTP request with a URL denoting a CGI script. The Web server then launches the CGI script in a new reckoner process, passing the class information to it. The output of the CGI script, usually in the class of HTML, is returned past the script to the Web server, and the server relays it back to the browser as its response to the browser's asking.^[3]

Adult in the early 1990s, CGI was the earliest common method available that allowed a Web page to be interactive. Although nonetheless in use, CGI is relatively inefficient compared to newer technologies and has largely been replaced by them.^{[iv] [ unreliable source? ]}

History [edit]

The official CGI logo from the spec announcement

In 1993 the National Center for Supercomputing Applications (NCSA) team wrote the specification for calling command line executables on the www-talk mailing list.^{[5] [6] [7]} The other Web server developers adopted it, and it has been a standard for Web servers ever since. A piece of work group chaired by Ken Coar started in November 1997 to become the NCSA definition of CGI more formally defined.^[eight] This work resulted in RFC 3875, which specified CGI Version i.one. Specifically mentioned in the RFC are the post-obit contributors:^[3]

• Rob McCool (writer of the NCSA HTTPd Web Server)
• John Franks (author of the GN Spider web Server)
• Ari Luotonen (the programmer of the CERN httpd Web Server)
• Tony Sanders (author of the Plexus Spider web Server)
• George Phillips (Spider web server maintainer at the University of British Columbia)

Historically CGI programs were often written using the C language. RFC 3875 "The Common Gateway Interface (CGI)" partially defines CGI using C,^[3] in saying that environment variables "are accessed past the C library routine getenv() or variable environ".

The name CGI comes from the early days of the Spider web, where Web masters wanted to connect legacy information systems such every bit databases to their Web servers. The CGI program was executed past the server that provided a mutual "gateway" between the Web server and the legacy information organisation.

Purpose of the CGI specification [edit]

Each Web server runs HTTP server software, which responds to requests from web browsers. By and large, the HTTP server has a directory (folder), which is designated as a document drove – files that can be sent to Web browsers connected to this server.^[9] For example, if the Web server has the domain name example.com, and its document collection is stored at /usr/local/apache/htdocs/ in the local file organization, then the Web server volition answer to a request for http://example.com/index.html by sending to the browser the (pre-written) file /usr/local/apache/htdocs/alphabetize.html.

For pages constructed on the wing, the server software may defer requests to separate programs and relay the results to the requesting customer (normally, a Web browser that displays the page to the end user). In the early days of the Web, such programs were usually small and written in a scripting language; hence, they were known as scripts.

Such programs usually require some additional information to be specified with the request. For instance, if Wikipedia were implemented every bit a script, one thing the script would need to know is whether the user is logged in and, if logged in, under which name. The content at the height of a Wikipedia page depends on this information.

HTTP provides ways for browsers to pass such information to the Web server, eastward.g. as part of the URL. The server software must and then laissez passer this information through to the script somehow.

Conversely, upon returning, the script must provide all the information required by HTTP for a response to the request: the HTTP status of the asking, the document content (if bachelor), the document type (e.thou. HTML, PDF, or plain text), et cetera.

Initially, different server software would use unlike ways to exchange this data with scripts. Equally a result, it wasn't possible to write scripts that would work unmodified for different server software, even though the information beingness exchanged was the same. Therefore, it was decided to specify a fashion for exchanging this information: CGI (the Common Gateway Interface, as it defines a mutual way for server software to interface with scripts). Webpage generating programs invoked past server software that operate co-ordinate to the CGI specification are known as CGI scripts.

This specification was chop-chop adopted and is all the same supported past all well-known server software, such as Apache, IIS, and (with an extension) node.js-based servers.

An early use of CGI scripts was to process forms. In the beginning of HTML, HTML forms typically had an "action" attribute and a button designated as the "submit" button. When the submit button is pushed the URI specified in the "action" attribute would be sent to the server with the information from the form sent as a query cord. If the "action" specifies a CGI script so the CGI script would exist executed and information technology then produces an HTML page.

Using CGI scripts [edit]

A Spider web server allows its owner to configure which URLs shall be handled by which CGI scripts.

This is usually washed by mark a new directory within the document collection as containing CGI scripts – its name is often cgi-bin. For case, /usr/local/apache/htdocs/cgi-bin could be designated as a CGI directory on the Spider web server. When a Spider web browser requests a URL that points to a file within the CGI directory (e.g., http://example.com/cgi-bin/printenv.pl/with/additional/path?and=a&query=string), then, instead of simply sending that file (/usr/local/apache/htdocs/cgi-bin/printenv.pl) to the Web browser, the HTTP server runs the specified script and passes the output of the script to the Spider web browser. That is, annihilation that the script sends to standard output is passed to the Web client instead of being shown on-screen in a final window.

Equally remarked above, the CGI specification defines how additional data passed with the request is passed to the script. For instance, if a slash and additional directory name(s) are appended to the URL immediately afterward the name of the script (in this example, /with/boosted/path), and then that path is stored in the PATH_INFO environment variable before the script is chosen. If parameters are sent to the script via an HTTP GET asking (a question mark appended to the URL, followed past param=value pairs; in the example, ?and=a&query=cord), then those parameters are stored in the QUERY_STRING surround variable before the script is called. If parameters are sent to the script via an HTTP Post request, they are passed to the script's standard input. The script can then read these environment variables or data from standard input and arrange to the Web browser's request.^[10]

Example [edit]

The following Perl plan shows all the environment variables passed by the Web server:

                        #!/usr/bin/env perl            =head1 DESCRIPTION            printenv — a CGI programme that just prints its environs            =cut            impress            "Content-Blazon: text/plain\due north\n"            ;            for            my            $var            (            sort            keys            %ENV            )            {            printf            "%southward=\"%due south\"\n"            ,            $var            ,            $ENV            {            $var            };            }          

If a Spider web browser issues a asking for the environment variables at http://instance.com/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with%20percent%20encoding, a 64-scrap Windows 7 Web server running cygwin returns the following information:

            COMSPEC="C:\Windows\system32\cmd.exe"            DOCUMENT_ROOT="C:/Program Files (x86)/Apache Software Foundation/Apache2.4/htdocs"            GATEWAY_INTERFACE="CGI/one.1"            Dwelling="/dwelling/SYSTEM"            HTTP_ACCEPT="text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"            HTTP_ACCEPT_CHARSET="ISO-8859-1,utf-8;q=0.7,*;q=0.7"            HTTP_ACCEPT_ENCODING="gzip, deflate, br"            HTTP_ACCEPT_LANGUAGE="en-us,en;q=0.v"            HTTP_CONNECTION="keep-alive"            HTTP_HOST="example.com"            HTTP_USER_AGENT="Mozilla/5.0 (Windows NT six.ane; WOW64; rv:67.0) Gecko/20100101 Firefox/67.0"            PATH="/home/System/bin:/bin:/cygdrive/c/progra~2/php:/cygdrive/c/windows/system32:..."            PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"            PATH_INFO="/foo/bar"            PATH_TRANSLATED="C:\Plan Files (x86)\Apache Software Foundation\Apache2.4\htdocs\foo\bar"            QUERY_STRING="var1=value1&var2=with            %2            0percent            %2            0encoding"            REMOTE_ADDR="127.0.0.1"            REMOTE_PORT="63555"            REQUEST_METHOD="Go"            REQUEST_URI="/cgi-bin/printenv.pl/foo/bar?var1=value1&var2=with            %2            0percent            %ii            0encoding"            SCRIPT_FILENAME="C:/Program Files (x86)/Apache Software Foundation/Apache2.4/cgi-bin/printenv.pl"            SCRIPT_NAME="/cgi-bin/printenv.pl"            SERVER_ADDR="127.0.0.1"            SERVER_ADMIN="(server admin's email address)"            SERVER_NAME="127.0.0.1"            SERVER_PORT="80"            SERVER_PROTOCOL="HTTP/ane.ane"            SERVER_SIGNATURE=""            SERVER_SOFTWARE="Apache/two.4.39 (Win32) PHP/seven.3.seven"            SYSTEMROOT="C:\Windows"            TERM="cygwin"            WINDIR="C:\Windows"          

Some, but not all, of these variables are defined by the CGI standard. Some, such as PATH_INFO, QUERY_STRING, and the ones starting with HTTP_, pass data forth from the HTTP request.

From the surround, it can be seen that the Spider web browser is Firefox running on a Windows 7 PC, the Spider web server is Apache running on a system that emulates Unix, and the CGI script is named cgi-bin/printenv.pl.

The plan could and so generate whatever content, write that to standard output, and the Web server will transmit it to the browser.

The following are surround variables passed to CGI programs:

• Server specific variables:
  • SERVER_SOFTWARE: proper name/version of HTTP server.
  • SERVER_NAME: host proper noun of the server, may be dot-decimal IP address.
  • GATEWAY_INTERFACE: CGI/version.
• Request specific variables:
  • SERVER_PROTOCOL: HTTP/version.
  • SERVER_PORT: TCP port (decimal).
  • REQUEST_METHOD: proper name of HTTP method (run across to a higher place).
  • PATH_INFO: path suffix, if appended to URL after program proper noun and a slash.
  • PATH_TRANSLATED: respective full path as supposed by server, if PATH_INFO is present.
  • SCRIPT_NAME: relative path to the programme, like /cgi-bin/script.cgi.
  • QUERY_STRING: the part of URL after ? character. The query string may be composed of *name=value pairs separated with ampersands (such as var1=val1 & var2=val2...) when used to submit form data transferred via GET method as defined by HTML application/x-world wide web-form-urlencoded.
  • REMOTE_HOST: host proper name of the client, unset if server did not perform such lookup.
  • REMOTE_ADDR: IP accost of the client (dot-decimal).
  • AUTH_TYPE: identification type, if applicable.
  • REMOTE_USER used for sure AUTH_TYPEs.
  • REMOTE_IDENT: run across ident, simply if server performed such lookup.
  • CONTENT_TYPE: Cyberspace media type of input data if PUT or Postal service method are used, as provided via HTTP header.
  • CONTENT_LENGTH: similarly, size of input information (decimal, in octets) if provided via HTTP header.
  • Variables passed by user agent (HTTP_ACCEPT, HTTP_ACCEPT_LANGUAGE, HTTP_USER_AGENT, HTTP_COOKIE and possibly others) contain values of respective HTTP headers and therefore take the same sense.

The programme returns the issue to the Web server in the form of standard output, beginning with a header and a blank line.

The header is encoded in the aforementioned way as an HTTP header and must include the MIME type of the document returned.^[eleven] The headers, supplemented by the Web server, are generally forwarded with the response dorsum to the user.

Here is a simple CGI program written in Python 3 along with the HTML that handles a uncomplicated addition problem.^[12]

add together.html:

                        <!DOCTYPE html>            <            html            >            <            body            >            <            form            action            =            "add together.cgi"            method            =            "POST"            >            <            fieldset            >            <            legend            >Enter two numbers to add together</            fable            >            <            label            >First Number:            <            input            blazon            =            "number"            proper name            =            "num1"            ></            label            ><            br            />            <            label            >Second Number:            <            input            type            =            "number"            name            =            "num2"            ></            label            ><            br            />            </            fieldset            >            <            push            >Add together</            button            >            </            form            >            </            body            >            </            html            >          

add.cgi:

                        #!/usr/bin/env python3            import            cgi            ,            cgitb            cgitb            .            enable            ()            input_data            =            cgi            .            FieldStorage            ()            print            (            'Content-Blazon: text/html'            )            # HTML is post-obit            print            (            ''            )            # Get out a bare line            print            (            '<h1>Addition Results</h1>'            )            try            :            num1            =            int            (            input_data            [            "num1"            ]            .            value            )            num2            =            int            (            input_data            [            "num2"            ]            .            value            )            except            :            impress            (            '<output>Deplorable, the script cannot turn your inputs into numbers (integers).</output>'            )            raise            SystemExit            (            1            )            print            (            '<output>            {0}                          +                        {1}                          =                        {two}            </output>'            .            format            (            num1            ,            num2            ,            num1            +            num2            ))          

This Python three CGI plan gets the inputs from the HTML and adds the two numbers together.

Deployment [edit]

A Spider web server that supports CGI can be configured to interpret a URL that it serves every bit a reference to a CGI script. A common convention is to have a cgi-bin/ directory at the base of operations of the directory tree and treat all executable files within this directory (and no other, for security) as CGI scripts. Another popular convention is to employ filename extensions; for case, if CGI scripts are consistently given the extension .cgi, the Web server tin can be configured to interpret all such files as CGI scripts. While user-friendly, and required by many prepackaged scripts, it opens the server to assault if a remote user can upload executable code with the proper extension.

In the case of HTTP PUT or POSTs, the user-submitted data are provided to the program via the standard input. The Spider web server creates a subset of the environment variables passed to it and adds details pertinent to the HTTP environment.

Uses [edit]

CGI is ofttimes used to process input data from the user and produce the appropriate output. An case of a CGI program is one implementing a wiki. If the user agent requests the name of an entry, the Web server executes the CGI program. The CGI programme retrieves the source of that entry'due south page (if i exists), transforms it into HTML, and prints the effect. The Web server receives the output from the CGI program and transmits it to the user agent. And so if the user agent clicks the "Edit page" button, the CGI program populates an HTML textarea or other editing command with the folio'due south contents. Finally if the user amanuensis clicks the "Publish page" button, the CGI program transforms the updated HTML into the source of that entry'southward page and saves it.

Security [edit]

CGI programs run, by default, in the security context of the Spider web server. When showtime introduced a number of example scripts were provided with the reference distributions of the NCSA, Apache and CERN Web servers to show how shell scripts or C programs could be coded to make use of the new CGI. One such instance script was a CGI program called PHF that implemented a simple phone book.

In common with a number of other scripts at the fourth dimension, this script made use of a role: escape_shell_cmd(). The function was supposed to sanitize its argument, which came from user input and then pass the input to the Unix beat out, to be run in the security context of the Web server. The script did not correctly sanitize all input and allowed new lines to be passed to the vanquish, which effectively allowed multiple commands to be run. The results of these commands were and so displayed on the Web server. If the security context of the Web server allowed it, malicious commands could exist executed by attackers.

This was the beginning widespread instance of a new blazon of Spider web based attack, where unsanitized information from Web users could pb to execution of code on a Web server. Because the example code was installed past default, attacks were widespread and led to a number of security advisories in early 1996.^[13]

Alternatives [edit]

For each incoming HTTP asking, a Spider web server creates a new CGI process for handling it and destroys the CGI procedure after the HTTP asking has been handled. Creating and destroying a process tin can eat much more CPU and memory than the actual work of generating the output of the procedure, especially when the CGI program still needs to be interpreted by a virtual machine. For a loftier number of HTTP requests, the resulting workload can apace overwhelm the Spider web server.

The overhead involved in CGI procedure creation and destruction tin be reduced by the following techniques:

• CGI programs precompiled to machine code, e.yard. precompiled from C or C++ programs, rather than CGI programs interpreted by a virtual motorcar, due east.g. Perl, PHP or Python programs.
• Web server extensions such every bit Apache modules (east.g. mod_perl, mod_php, mod_python), NSAPI plugins, and ISAPI plugins which let long-running application processes handling more than i request and hosted within the Web server. Web 2.0 allows to transfer data from the client to the server without using HTML forms and without the user noticing.^[xiv]
• FastCGI, SCGI, and AJP which let long-running application processes handling more one request hosted externally to the Web server. Each application process listens on a socket; the Web server handles an HTTP request and sends it via some other protocol (FastCGI, SCGI or AJP) to the socket just for dynamic content, while static content are commonly handled straight by the Web server. This approach needs less awarding processes and then consumes less retention than the Web server extension arroyo. And unlike converting an awarding program to a Web server extension, FastCGI, SCGI, and AJP application programs remain independent of the Web server.
• Dki jakarta EE runs Djakarta Servlet applications in a Web container to serve dynamic content and optionally static content which replaces the overhead of creating and destroying processes with the much lower overhead of creating and destroying threads. It as well exposes the programmer to the library that comes with Java SE on which the version of Jakarta EE in use is based.

The optimal configuration for any Web application depends on application-specific details, corporeality of traffic, and complexity of the transaction; these trade-offs need to be analyzed to determine the best implementation for a given task and fourth dimension budget. Web frameworks offer an alternative to using CGI scripts to collaborate with user agents.

Run into too [edit]

• CGI.pm
• DOS Gateway Interface (DGI)
• FastCGI
• Perl Web Server Gateway Interface
• Rack (web server interface)
• Server Side Includes
• Spider web Server Gateway Interface

References [edit]

1. ^ Robinson <drtr@apache.org>, David. "The Common Gateway Interface (CGI) Version 1.ane". tools.ietf.org . Retrieved 16 February 2021.
2. ^ Robinson <drtr@apache.org>, David. "The Common Gateway Interface (CGI) Version i.ane". tools.ietf.org. Archived from the original on 11 Feb 2007. Retrieved 16 February 2021.
3. ^ ^{a b c} "RFC3875: The Common Gateway Interface (CGI) Version 1.one".
4. ^ Trieloff, Lars (5 January 2017). "2017: The Twelvemonth of cgi-bin…er, Serverless". Medium . Retrieved 16 February 2021.
5. ^ McCool, Rob (Nov 14, 1993). "Server Scripts". www-talk (Mailing list). Retrieved 2019-05-15 .
6. ^ "The Common Gateway Interface". Hoohoo NCSA HTTPd. NCSA. Archived from the original on 27 Jan 2010.
7. ^ "CGI: Common Gateway Interface". W3C. World wide web Consortium. Retrieved 2019-05-15 .
8. ^ "Common Gateway Interface RFC Project Page". Archived from the original on 25 August 2013.
9. ^ "Mapping URLs to Filesystem Locations Apache HTTP Server Version 2.two".
10. ^ Nelson, Anne Fulcher, and Nelson, William Harris Morehead. (2001). Building Electronic Commerce with Web Database Constructions. Boston, MA: Addison Wesley.
11. ^ "CGI Primer (Mirror at citycat.ru)".
12. ^ "Abacles HTML Forms". www.abacles.com. Archived from the original on 19 April 2016. Retrieved 6 Apr 2016.
13. ^ "phf CGI Script fails to guard against newline characters". Software Applied science Institute CERT Coordination Center . Retrieved 21 Nov 2019.
14. ^ Enrico Marino (11 September 2018). Information Management in the Distributed Web (PDF) (phd). Roma Tre University. Retrieved eleven February 2019.

External links [edit]

• GNU cgicc, a C++ grade library for writing CGI applications
• CGI, a standard Perl module for CGI request parsing and HTML response generation
• CGI Programming 101: Acquire CGI Today!, a CGI tutorial
• The Invention of CGI

marshallanium1976.blogspot.com

Source: https://en.wikipedia.org/wiki/Common_Gateway_Interface

Share this post