CGI An Example. CGI Model (Pieces)



Similar documents
People Data and the Web Forms and CGI CGI. Facilitating interactive web applications

How to write a CGI for the Apache Web server in C

10. Java Servelet. Introduction

People Data and the Web Forms and CGI. HTML forms. A user interface to CGI applications

7 Why Use Perl for CGI?

INTRUSION DETECTION AND PREVENTION SYSTEM: CGI ATTACKS. A Thesis. Presented to. The Faculty of the Department of Computer Science

Perl/CGI. CS 299 Web Programming and Design

Chapter 27 Hypertext Transfer Protocol

USING CGI WITH LABVIEW

CGI Programming on the World Wide Web

Web Services April 21st, 2009 with Hunter Pitelka

CGI Programming. Examples

HOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

Chapter 8. Forms and Form Processing

Forms, CGI Objectives. HTML forms. Form example. Form example...

LabVIEW Internet Toolkit User Guide

Dispatcher. PDF Generated : :40:15.

The HTTP Plug-in. Table of contents

CTIS 256 Web Technologies II. Week # 1 Serkan GENÇ

OVERVIEW OF ASP. What is ASP. Why ASP

INT322. By the end of this week you will: (1)understand the interaction between a browser, web server, web script, interpreter, and database server.

reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002)

Internet Technologies 4-http. F. Ricci 2010/2011

Lecture 2. Internet: who talks with whom?

Network Technologies

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

Outline Definition of Webserver HTTP Static is no fun Software SSL. Webserver. in a nutshell. Sebastian Hollizeck. June, the 4 th 2013

APACHE WEB SERVER. Andri Mirzal, PhD N

The Web: some jargon. User agent for Web is called a browser: Web page: Most Web pages consist of: Server for Web is called Web server:

Web Programming. Robert M. Dondero, Ph.D. Princeton University

CONTENT of this CHAPTER

Dynamic Content. Dynamic Web Content: HTML Forms CGI Web Servers and HTTP

Addressing Application Layer Attacks with Mod Security

CGI Programming. What is CGI?

HireDesk API V1.0 Developer s Guide

Implementation of Embedded Web server using TEA algorithm

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

Designing and Implementing Forms 34

Application Example: WWW. Communication in the WWW. WWW, HTML, URL and HTTP. Loading of Web Pages. The Client/Server model is used in the WWW

mod_tcl TCL inside the Apache web server

The Application Layer. CS158a Chris Pollett May 9, 2007.

Fachgebiet Technische Informatik, Joachim Zumbrägel

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

at () in C:\wamp\www\icaatom-1.2.0\icaatom \plugins\sfLucenePlugin\lib\vendor\Zend\Search\Lucene\Document.php line

Protocolo HTTP. Web and HTTP. HTTP overview. HTTP overview

Interfacing the Apache Web Server to APLX

10CS73:Web Programming

PHP Debugging. Draft: March 19, Christopher Vickery

Introduction to the. Barracuda Embedded Web-Server

COMP 112 Assignment 1: HTTP Servers

WWW. World Wide Web Aka The Internet. dr. C. P. J. Koymans. Informatics Institute Universiteit van Amsterdam. November 30, 2007

ICANWK414A Create a common gateway interface script

FF/EDM Intro Industry Goals/ Purpose Related GISB Standards (Common Codes, IETF) Definitions d 4 d 13 Principles p 6 p 13 p 14 Standards s 16 s 25

Adding web interfaces to complex scientific computer models brings the following benefits:

What is Distributed Annotation System?

Instructor: Betty O Neil

WIRIS quizzes web services Getting started with PHP and Java

MONETA.Assistant API Reference

The Web History (I) The Web History (II)

Nuance Mobile Developer Program. HTTP Services for Nuance Mobile Developer Program Clients

When choosing where to install and run the log analyzer, be aware that it requires access to the following log files:

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

TCP/IP Networking, Part 2: Web-Based Control

1 Introduction: Network Applications

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?

Remote Access API 2.0

Lesson 4 Web Service Interface Definition (Part I)

HTTP Protocol. Bartosz Walter

MailForm Copyright 2000 Left Side Software Pty Ltd

WEB DATABASE PUBLISHING

Internet Technologies Internet Protocols and Services

Specify the location of an HTML control stored in the application repository. See Using the XPath search method, page 2.

Computer Networks. Lecture 7: Application layer: FTP and HTTP. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

URLs and HTTP. ICW Lecture 10 Tom Chothia

SAS/IntrNet 9.4: Application Dispatcher

Introduction to Computer Security

You can do THAT with SAS Software? Using the socket access method to unite SAS with the Internet

APACHE HTTP SERVER 2.2.8

SAS/IntrNet 9.3: Application Dispatcher

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

WebObjects Deployment Guide Using JavaMonitor. (Legacy)

By Bardia, Patit, and Rozheh

10.1 The Common Gateway Interface

Web Server Manual. Mike Burns Greg Pettyjohn Jay McCarthy November 20, 2006

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP - Message Format. The Client/Server model is used:

HTTP Caching & Cache-Busting for Content Publishers

World Wide Web. Before WWW

FileMaker Server 15. Custom Web Publishing Guide

8/9/16. Server-Side Web Programming Intro. The Hamburger Model. To make a Web server based program

COMMERCIAL-IN-CONFIDENCE

1Intro. Apache is an open source HTTP web server for Unix, Apache

Transcription:

CGI An Example go to http://127.0.0.1/cgi-bin/hello.pl This causes the execution of the perl script hello.pl Note: Although our examples use Perl, CGI scripts can be written in any language Perl, C, C++, VB, Python, SmallTalk, Assembly, Lisp etc... 40 - CGI CSC309 1 CGI Model (Pieces) Clients: web browsers ie IE, Netscape Web Server (WS): Apache, Netscape Enterprise, IIS CGI Protocol: Specifying what a request/responce looks like Handler programs: Any executable residing on the web server 40 - CGI CSC309 2 1

Interaction Client makes a request by specifying a URL+additional info. WS (in the URL) receives the request. WS identifies the request as a CGI request WS locates the program corresponding to the request. WS starts up the handling program (heavy weight process creation!!) WS feeds request parameters to handler (through stdin or environment variables). 40 - CGI CSC309 3 Interaction (continued) Handler executes Output of the handler is sent via stdout back to the webserver for rerouting back to the requesting web browser. Output is typically a web page. Handler terminates. 40 - CGI CSC309 4 2

Interaction (continued) 40 - CGI CSC309 5 CGI Together the HTTP server and the CGI script are responsible for servicing a client request by sending back responses. The client request comprises a Universal Resource Identifier (URI) a request method additional information about the request provided by the transport mechanism 40 - CGI CSC309 6 3

CGI CGI defines the abstract parameters, known as metavariables, which describe the client's request. Together with a concrete programmer interface this specifies a platform-independent interface between the script and the HTTP server. 40 - CGI CSC309 7 Script URI The Script-URI has the syntax of generic-rl as defined in section 2.1 of RFC 1808 <scheme>://<host><port>/<path>?<query> The various components of the Script-URI are defined by some of the metavariables (see Metavariables below); 40 - CGI CSC309 8 4

Script URI (more detail) script-uri = protocol "://" SERVER_NAME ":" SERVER_PORT enc-script enc-pathinfo "?" QUERY_STRING where 'protocol' is obtained from SERVER_PROTOCOL, 'enc-script' is a URL-encoded version of SCRIPT_NAME 'enc-path-info' is a URL-encoded version of PATH_INFO 40 - CGI CSC309 9 Script URI (example) script-uri = protocol "://" SERVER_NAME ":" SERVER_PORT enc-script enc-path-info "?" QUERY_STRING http://finance.yahoo.com/q?s=nt.to&d=t Item Value protocol http SERVER_NAME finance.yahoo.com SERVER_PORT not specified (default to 80) enc-script q enc-path-info not specified QUERY_STRING s=nt.to&d=t 40 - CGI CSC309 10 5

Data Input to the CGI Script Information about a request comes from the request header associated message-body. Servers MUST make portions of this information available to scripts. 40 - CGI CSC309 11 Request Metadata (Metavariables) AUTH_TYPE CONTENT_LENGTH CONTENT_TYPE GATEWAY_INTERFACE PATH_INFO PATH_TRANSLATED QUERY_STRING REMOTE_ADDR REMOTE_HOST REMOTE_IDENT REMOTE_USER REQUEST_METHOD SCRIPT_NAME SERVER_NAME SERVER_PORT SERVER_PROTOCOL SERVER_SOFTWARE 40 - CGI CSC309 12 6

GET (part of http-spec) Default method for communicating query information to the script Simply specify the URL as above Don't need a form Everything after the? in the URL appears in the QUERY_STRING environment variable Limited amount of information can be passed this way URL may have a length restriction on the server Environment variable may be restricted 40 - CGI CSC309 13 GET (part of http-spec) You must do your own URL-Encoding (see below). URL- Encoding in this case is up to the web page designer and script writer. It is a good idea to conform to standards (see below). In forms Can specify method=get Form data will be URL-Encoded (see below) by the browser before sent to the server. QUERY_STRING is visible in the URL (at the browser) and appear in server logs (which are sometimes public). 40 - CGI CSC309 14 7

POST (part of http-spec) In forms Can specify method=post Form data will be URL-Encoded (see below) by the browser before sent to the server. Can not be used from URL Form data appears in the scripts stdin (standard in) Can still populate QUERY_STRING using the URL Arbitrarily long form data can be communicated (some browsers may have limits (ie 7k)). Form data is not visible in the URL, usually does not appear in server logs. 40 - CGI CSC309 15 URL-Encoding Standard way to send many name/value pairs in a single string (QUERY_STRING or stdin) Specified in RFC 2396 'Uniform Resource Identifiers (URI): Generic Syntax' Why encode? Prevent confusion between CGI URL and HTML tags Can think of a CGI script as a function, send arguments by specifying name/value pairs. Forms consist of many elements, usually want all available to the script so need a way to pack and unpack them into a single string (QUERY_STRING or stdin) Use a standard set of libraries to pack and unpack cgi arguments 40 - CGI CSC309 16 8

Rules of URL-Encoding All submitted form data will be concatenated into a single string of ampersand (&) separated name=value pairs, one pair for each form tag. Like this: form_tag_name_1=value_1&form_tag_name_2=value_2 &... Spaces in a name or value are replaced by a plus (+) sign. This is because url's cannot have spaces in them and under METHOD=GET, the form data is supplied in the query string in the url. Other characters (ie, =, &, +) are replaced by a percent sign (%) followed by the two-digit hexadecimal equivalent of the punctuation character in the Ascii character set. Otherwise, it would be hard to distinguish these characters inside a form variable from those between the form variables in the first rule above. 40 - CGI CSC309 17 Hello Example Follow http://127.0.0.1/cgi-bin/hello.pl Taking this one step at a time: Using the command prompt, telnet to 127.0.0.1, port 80 and issue the following HTTP Get get /cgi-bin/hello.pl http/1.0 This executes the script hello.pl. The transcript is here Notice the http header that comes back to the client! 40 - CGI CSC309 18 9

Environment Example Follow http://127.0.0.1/cgibin/environment.pl?var1=val1&var2=val2&var3=val3 Taking this one step at a time telnet to 127.0.0.1, port 80 and issue the following HTTP Get get /cgibin/environment.pl?var1=val1&var2=val2&var3=val3 http/1.0 This executes the script environment.pl which prints its environment. The transcript is here Notice where the query variables end up? 40 - CGI CSC309 19 Form Example See form.html Notes: Observe the url-encoded form variables in the GET form Observe stdin in the POST form Observe the hidden variables in both forms 40 - CGI CSC309 20 10

Output from the CGI Script Standard output (stdout) is redirected to the webserver for relay to the client (browser) May or may not include a header Non-Parsed Header Output Output not parsed by the web server consists of a complete http response message. Parsed Header Output: Server creates a complete http response Consists of: header <-see below <-blank line separating header/body body <-message body (optionally null) where header consists of HTTP-fields (relayed to the client) as well as the additional CGI-Fields (interpreted by the server) 40 - CGI CSC309 21 Header Content-type Location Status Parsed Header Output Explanation MIME Type specify to the server that the cript is returning a reference to a document. Causes the webserver to generate a redirect. A browser may choose to load the specified page. Becomes the status code in the servers responce message extension-header additional fields recognized by the server 40 - CGI CSC309 22 11

Parsed Header Example Content-type: text/html (source webpage.pl) Content-type: image/jpeg (source getimage.pl) Location http://127.0.0.1/cgi-bin/redirect.pl (source redirect.pl) Note: This could have redirected to yahoo.com or any other URL. Taking this one step at a time telnet to 127.0.0.1, port 80 and issue the following HTTP Get get /cgi-bin/redirect.pl http/1.0 The transcript is here 40 - CGI CSC309 23 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information