More CGI Comments

Rich Brandwein (hotsand!rhb)
Sat, 8 Jan 94 15:26:23 EST

Subject: More CGI Comments
content-length: 2073

After playing with CGI-based httpd servers for awhile and writing scripts
to them, I have the following observations/questions:

1) If you let users export information via their UserDir (i.e., ~/public_html
by default), how can you gracefully allow them to create anything that requires
a shell execution without giving everyone write access to the cgi-bin
directory or creating cgi aliases for all users in srm.conf?

2) To get at any of the authentication information (e.g., the $REMOTE_USER variable)
it seems that my pages that want to use any of this info need to all become shell scripts
(which means that they'll need to be in cgi-bin type directories). Once I authenticate
someone, it seems that I generally want to know the user on every page served in many
apps (in fact, it would certainly be nice to log this info - I can't differentiate
authenticated users from the log file if they're coming from the same server...).

3) Because of (1), (2) and my general preferences of arranging files, I find it would be
much easier to identify executables on the server side by being able to use a server
defined suffix (notwithstanding the previous arguments against this) for these files
(e.g., .cgi).

By the way, I totally agree with the message about one of the listservs running amok.
It took quite some time to post this, and this is an excerpt of one of the
messages I've received back:

----- Transcript of session follows -----
/W3/hypertext/WWW/Administration/Mailing/www-talk: line 391: add... User unknown
sh: /usr/local/bin/deliver: not found
"|/usr/local/bin/deliver -b /userd/tbl/hypertext/WWW/Archive/www-talk.archive"... unknown mailer error 1
sh: /usr/local/bin/deliver: not found
"|/usr/local/bin/deliver -b /userd/tbl/Mailboxes/WWW_Talk_Unread.mbox/mbox"... unknown mailer error 1
550 "|/usr/lib/sendmail -odi -oi -f www-talk-members"... User unknown

----- Unsent message follows -----


Rich Brandwein
AT&T Bell Labs