More CGI Comments

Rich Brandwein (hotsand!rhb)
Thu, 6 Jan 94 20:52:12 EST

After playing with CGI-based httpd servers for awhile and writing scripts
to them, I have the following observations/questions:

1) If you let users export information via their UserDir (i.e., ~/public_html
by default), how can you gracefully allow them to create anything that requires
a shell execution without giving everyone write access to the cgi-bin
directory or creating cgi aliases for all users in srm.conf?

2) To get at any of the authentication information (e.g., the $REMOTE_USER variable)
it seems that my pages that want to use any of this info need to all become shell scripts
(which means that they'll need to be in cgi-bin type directories). Once I authenticate
someone, it seems that I generally want to know the user on every page served in many
apps (in fact, it would certainly be nice to log this info - I can't differentiate
authenticated users from the log file if they're coming from the same server...).

3) Because of (1), (2) and my general preferences of arranging files, I find it would be
much easier to identify executables on the server side by being able to use a server
defined suffix (notwithstanding the previous arguments against this) for these files
(e.g., .cgi).


Rich Brandwein
AT&T Bell Labs