More CGI Comments

• Mail folder: WWW Talk Jan 94-present
• Next message: Paul "S." Wain: "Re: HomePage URL without a file name.How?"
• Previous message: Dale Dougherty: "Re: HTML icon set was: Additions to the CGI archive"
• Reply: John Franks: "Re: More CGI Comments"

From: rhb@hotsand.att.com
Date: Thu, 6 Jan 94 20:52:12 EST
Original-From: hotsand!rhb (Rich Brandwein)
Message-id: <9401070152.AA20069@hotsand.dacsand>
To: www-talk@nxoc01.cern.ch
Subject: More CGI Comments
Content-Length: 1275

After playing with CGI-based httpd servers for awhile and writing scripts
to them, I have the following observations/questions:

1) If you let users export information via their UserDir (i.e., ~/public_html
by default), how can you gracefully allow them to create anything that requires
a shell execution without giving everyone write access to the cgi-bin
directory or creating cgi aliases for all users in srm.conf?

2) To get at any of the authentication information (e.g., the $REMOTE_USER variable)
it seems that my pages that want to use any of this info need to all become shell scripts
(which means that they'll need to be in cgi-bin type directories).  Once I authenticate
someone, it seems that I generally want to know the user on every page served in many
apps (in fact, it would certainly be nice to log this info - I can't differentiate
authenticated users from the log file if they're coming from the same server...).

3) Because of (1), (2) and my general preferences of arranging files, I find it would be
much easier to identify executables on the server side by being able to use a server
defined suffix (notwithstanding the previous arguments against this) for these files
(e.g., .cgi).  

Rich

----
Rich Brandwein
AT&T Bell Labs
rich.brandwein@att.com