CGI Programming
The CGI mechanism is different from the one previously used on the Main
Departmental Web Server. Your CGI programs must now be in files whose names
end in ".cgi" and they must be in the directory "~/public_html/cgi-bin".
It is strongly recommended that you set the permissions
on that directory so that it is not searchable. When you create it you
should do:
cd ~/public_html
mkdir cgi-bin
chmod 711 cgi-bin
Whenever you set up CGI programs in that directory you should set it up so
that they are not readable or executable by anyone but you.
This can be done with:
cd ~/public_html/cgi-bin
chmod 700 *
This way people on the Web cannot view your CGI programs and look for security
holes in them.
You reference the CGI programs as "/~username/cgi-bin/script.cgi", usually in an
"ACTION" attribute. For example if the user "kensmith" had a CGI script
named "foo.cgi" (the file "foo.cgi" on UNIX would need to be
"~kensmith/public_html/cgi-bin/foo.cgi") it would be referenced as:
<FORM ACTION="/~kensmith/cgi-bin/script.cgi" METHOD="POST">
... for the web server to find it.
|