More CGI Comments
rhb@hotsand.att.com
From: rhb@hotsand.att.com
Date: Thu, 6 Jan 94 20:52:12 EST
Original-From: hotsand!rhb (Rich Brandwein)
Message-id: <9401070152.AA20069@hotsand.dacsand>
To: www-talk@nxoc01.cern.ch
Subject: More CGI Comments
Content-Length: 1275
After playing with CGI-based httpd servers for awhile and writing scripts
to them, I have the following observations/questions:
1) If you let users export information via their UserDir (i.e., ~/public_html
by default), how can you gracefully allow them to create anything that requires
a shell execution without giving everyone write access to the cgi-bin
directory or creating cgi aliases for all users in srm.conf?
2) To get at any of the authentication information (e.g., the $REMOTE_USER variable)
it seems that my pages that want to use any of this info need to all become shell scripts
(which means that they'll need to be in cgi-bin type directories). Once I authenticate
someone, it seems that I generally want to know the user on every page served in many
apps (in fact, it would certainly be nice to log this info - I can't differentiate
authenticated users from the log file if they're coming from the same server...).
3) Because of (1), (2) and my general preferences of arranging files, I find it would be
much easier to identify executables on the server side by being able to use a server
defined suffix (notwithstanding the previous arguments against this) for these files
(e.g., .cgi).
Rich
----
Rich Brandwein
AT&T Bell Labs
rich.brandwein@att.com