ch19_01.htm

By Tom Christiansen and Nathan Torkington ISBN 1-56592-243-3 First Edition, published August 1998

CLASS="programlisting"
>http://mox.perl.com/cgi-bin/program</PRE
><P
CLASS="para"
>The GET and POST methods differ in another respect: <EM
CLASS="emphasis"
>idempotency</EM
><A
CLASS="indexterm"
NAME="ch19-idx-1000005355-0"
></A
>. This simply means that making a GET request for a particular URL once or multiple times should be no different. This is because the HTTP protocol definition says that a GET request may be cached by the browser, or server, or an intervening proxy. POST requests cannot be cached, because each request is independent and matters. Typically, POST requests changes or depends on the state of the server (query or update a database, send mail, or purchase a computer).</P
><P
CLASS="para"
>Most servers log requests to a file (the <EM
CLASS="emphasis"
>access log</EM
><A
CLASS="indexterm"
NAME="ch19-idx-1000005356-0"
></A
>) for later analysis by the webmaster. Error messages produced by CGI programs don't go to the browser by default. Instead they are also logged to a file (the <EM
CLASS="emphasis"
>error log</EM
><A
CLASS="indexterm"
NAME="ch19-idx-1000005357-0"
></A
><A
CLASS="indexterm"
NAME="ch19-idx-1000005357-1"
></A
><A
CLASS="indexterm"
NAME="ch19-idx-1000005357-2"
></A
>), and the browser simply gets a "500 Server Error" message saying that the CGI program didn't uphold its end of the CGI bargain.</P
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="ch19-idx-1000005358-0"
></A
><A
CLASS="indexterm"
NAME="ch19-idx-1000005358-1"
></A
>Error messages are useful in debugging any program, but they are especially so with CGI scripts. Sometimes, though, the authors of CGI programs either don't have access to the error log or don't know where it is. Having error messages sent to a more convenient location is discussed in <A
CLASS="xref"
HREF="ch19_03.htm"
TITLE="Redirecting Error Messages"
>Recipe 19.2</A
>. Tracking down errors is covered in <A
CLASS="xref"
HREF="ch19_04.htm"
TITLE="Fixing a 500 Server Error"
>Recipe 19.3</A
>.</P
><P
CLASS="para"
><A
CLASS="xref"
HREF="ch19_10.htm"
TITLE="Debugging the Raw HTTP Exchange"
>Recipe 19.9</A
> shows how to learn what your browser and server are really saying to one another. Unfortunately, some browsers do not implement the HTTP specification correctly, and you can use the tools in this recipe to investigate whether your program or your browser is the cause of a problem.</P
></DIV
><DIV
CLASS="sect2"
><H3
CLASS="sect2"
><A
CLASS="title"
NAME="ch19-chap19_security_0"
>Security</A
></H3
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="ch19-idx-1000005359-0"
></A
><A
CLASS="indexterm"
NAME="ch19-idx-1000005359-1"
></A
>CGI programs let anyone run a program on your system. Sure, you get to pick the program, but the anonymous user from Out There can send it unexpected values and try to trick it into doing the wrong thing. Thus security is a big concern on the Web.</P
><P
CLASS="para"
>Some sites address this concern by banning CGI programs. Sites that can't do without the power and utility of CGI programs must find ways to secure their CGI programs. <A
CLASS="xref"
HREF="ch19_05.htm"
TITLE="Writing a Safe CGI Program"
>Recipe 19.4</A
> gives a checklist of considerations for writing a secure CGI script, and it briefly covers Perl's tainting mechanism for guarding against accidental use of unsafe data. <A
CLASS="xref"
HREF="ch19_07.htm"
TITLE="Executing Commands Without Shell Escapes"
>Recipe 19.6</A
> shows how your CGI program can safely run other programs.</P
></DIV
><DIV
CLASS="sect2"
><H3
CLASS="sect2"
><A
CLASS="title"
NAME="ch19-chap19_html_0"
>HTML and Forms</A
></H3
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="ch19-idx-1000005360-0"
></A
><A
CLASS="indexterm"
NAME="ch19-idx-1000005360-1"
></A
>Some HTML tags let you create forms, where the user can fill in values that will be submitted to the server. The forms are composed of widgets, like text entry fields and check boxes. CGI programs commonly return HTML, so the CGI module has helper functions to create HTML for everything from tables to form widgets.</P
><P
CLASS="para"
>In addition to <A
CLASS="xref"
HREF="ch19_08.htm"
TITLE="Formatting Lists and Tables with HTML Shortcuts"
>Recipe 19.7</A
>, this chapter also has <A
CLASS="xref"
HREF="ch19_12.htm"
TITLE="Creating Sticky Widgets"
>Recipe 19.11</A
>, which shows how to create forms that retain their values over multiple calls. <A
CLASS="xref"
HREF="ch19_13.htm"
TITLE="Writing a Multiscreen CGI Script"
>Recipe 19.12</A
> shows how to make a single CGI script that produces and responds to a set of pages, for example, a product catalog and ordering system.</P
></DIV
><DIV
CLASS="sect2"
><H3
CLASS="sect2"
><A
CLASS="title"
NAME="ch19-chap19_web_related_0"
>Web-Related Resources</A
></H3
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="ch19-idx-1000005361-0"
></A
><A
CLASS="indexterm"
NAME="ch19-idx-1000005361-1"
></A
>Unsurprisingly, some of the best references on the Web are found on the Web:</P
><DL
CLASS="variablelist"
><DT
CLASS="term"
>WWW Security FAQ</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.w3.org/Security/Faq/"
>http://www.w3.org/Security/Faq/</A
></P
></DD
><DT
CLASS="term"
>Web FAQ</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.boutell.com/faq/"
>http://www.boutell.com/faq/</A
></P
></DD
><DT
CLASS="term"
>CGI FAQ</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.webthing.com/tutorials/cgifaq.html"
>http://www.webthing.com/tutorials/cgifaq.html</A
></P
></DD
><DT
CLASS="term"
>HTTP Specification</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.w3.org/pub/WWW/Protocols/HTTP/"
>http://www.w3.org/pub/WWW/Protocols/HTTP/</A
></P
></DD
><DT
CLASS="term"
>HTML Specification</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.w3.org/TR/REC-html40/"
>http://www.w3.org/TR/REC-html40/</A
></P
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.w3.org/pub/WWW/MarkUp/"
>http://www.w3.org/pub/WWW/MarkUp/</A
></P
></DD
><DT
CLASS="term"
>CGI Specification</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.w3.org/CGI/"
>http://www.w3.org/CGI/</A
></P
></DD
><DT
CLASS="term"
>CGI Security FAQ</DT
><DD
CLASS="listitem"
><P
CLASS="para"
><A
CLASS="systemitem.url"
HREF="http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt"
>http://www.go2net.com/people/paulp/cgi-security/safe-cgi.txt</A
></P
></DD
></DL
><P
CLASS="para"
>We recommend Lincoln Stein's fine book, <EM
CLASS="emphasis"
>Official Guide to Programming with Cgi.pm</EM
> (John Wiley and Associates, 1998), Tom Boutell's aging but worthwhile <EM
CLASS="emphasis"
>CGI Programming in C and Perl</EM
> (Addison-Wesley, 1996) and <EM
CLASS="emphasis"
>HTML: The Definitive Guide</EM
> (3rd Edition; O'Reilly &amp; Associates, 1998) by Chuck Musciano and Bill Kennedy. The best periodical to date is the monthly <EM
CLASS="emphasis"
>Web Techniques</EM
> magazine, targeted at web programmers.</P
></DIV
></DIV
></DIV
><DIV
CLASS="htmlnav"
><P
></P
><HR
ALIGN="LEFT"
WIDTH="684"
TITLE="footer"><TABLE
WIDTH="684"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="sect1"
HREF="ch18_10.htm"
TITLE="18.9. Program: expn and vrfy"
><IMG
SRC="../gifs/txtpreva.gif"
ALT="Previous: 18.9. Program: expn and vrfy"
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="book"
HREF="index.htm"
TITLE="Perl Cookbook"
><IMG
SRC="../gifs/txthome.gif"
ALT="Perl Cookbook"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="sect1"
HREF="ch19_02.htm"
TITLE="19.1. Writing a CGI Script"
><IMG
SRC="../gifs/txtnexta.gif"
ALT="Next: 19.1. Writing a CGI Script"
BORDER="0"></A
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="228"
>18.9. Program: expn and vrfy</TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="index"
HREF="index/index.htm"
TITLE="Book Index"
><IMG
SRC="../gifs/index.gif"
ALT="Book Index"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="228"
>19.1. Writing a CGI Script</TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="684"
TITLE="footer"><FONT
SIZE="-1"
></DIV<!-- LIBRARY NAV BAR --> <img src="../gifs/smnavbar.gif" usemap="#library-map" border="0" alt="Library Navigation Links"><p> <a href="copyrght.htm">Copyright &copy; 2002</a> O'Reilly &amp; Associates. All rights reserved.</font> </p> <map name="library-map"> <area shape="rect" coords="1,0,85,94" href="../index.htm"><area shape="rect" coords="86,1,178,103" href="../lwp/index.htm"><area shape="rect" coords="180,0,265,103" href="../lperl/index.htm"><area shape="rect" coords="267,0,353,105" href="../perlnut/index.htm"><area shape="rect" coords="354,1,446,115" href="../prog/index.htm"><area shape="rect" coords="448,0,526,132" href="../tk/index.htm"><area shape="rect" coords="528,1,615,119" href="../cookbook/index.htm"><area shape="rect" coords="617,0,690,135" href="../pxml/index.htm"></map> </BODY
></HTML
>