The CGI mechanism is different from the one used on the main departmental web server. Your CGI programs must now be in files whose names end in
.cgi and they must be in the directory
~/public_html/cgi-bin. We strongly recommend that you set the permissions on that directory so that it is not searchable. When you create it you should do:
% cd ~/public_html % mkdir cgi-bin % chmod 711 cgi-bin
Whenever you set up CGI programs in that directory you should set it up so that they are not readable or executable by anyone but you. This can be done with:
% cd ~/public_html/cgi-bin % chmod 700 *
This way, people on the web cannot view your CGI programs and look for security holes in them.
You reference the CGI programs as
/~username/cgi-bin/script.cgi, usually in an
ACTION attribute. For example, if the user "kensmith" had a CGI script named
foo.cgi (the file
foo.cgi on UNIX would need to be
~kensmith/public_html/cgi-bin/foo.cgi) it would be referenced as:
<FORM ACTION="/~kensmith/cgi-bin/script.cgi" METHOD="POST">
... for the web server to find it.