------------------------------------------------------------------------------
Also see cgi_whynot in this directory
------------------------------------------------------------------------------
Where/How can I create a CGI Executable
Note this is specific to Apache and NCSA Webservers, simular methods
are used on other web servers.
To execute a CGI program, the Web server (httpd) must be told of the
programs existance. With out this the httpd server has no real way of
determining what is an executable and what isn't.
Here are the two normal methods of doing this....
1/ Place the CGI executable in a "cgi-bin". All files regardless of their
suffix in a "cgi-bin" will be treated by the web server as an
executable. That is ".cgi" or ".pl" or any other suffix is NOT required.
The server configuration files declare what directories is a "cgi-bin".
Also for security reasons "cgi-bin" directories are usally outside the
normal WWW document tree and are refered to via a "path alias" (called a
script alias) which declares which cgi-bin is being refered to.
For example: I have a cgi-bin called "ant-bin", which points to the
directory "/home/anthony/bin/cgi-bin" inside my home directory on the
web server I am using. A program called "test" in that directory can
be accessed with "http://www.cit.gu.edu.au/ant-bin/test", or from a
web page on that server with just "/ant-bin/test".
In the NCSA Httpd (and Apathe) configuration file "srm.conf" (on newer
systems that file is merged into "httpd.conf"), the following configuration
lines declares both the normal global "cgi-bin" of the server directory of
the server and my own personal "ant-bin" cgi-bin directory.
ScriptAlias /cgi-bin/ /var/www/cgi-bin
ScriptAlias /ant-bin/ /home/anthony/bin/cgi-bin/
IE: the URL http://www.ict.gu.edu.au/ant-bin/test
will execute my CGI script /home/anthony/bin/cgi-bin/test
Other "ScriptAlias"es can be created to provide personal cgi-bins
for other users.
2/ You can also use ".htaccess" to turn on the ExecCGI server option,
if the webserver configuration permits (Apache Web Servers).
EG: in your home directory create a .htaccess file with an options
line containing `ExecCGI', to tell the server this is allowed.
=======8<--------CUT HERE----------
#
# Change the HTTP Servers access rights within my home pages.
#
# Default Server Options are :-
# Indexes FollowSymLinks IncludesNoExec
#
# Other Options are
# Indexes Generate a directory index if no index.html
# FollowSymLinks Follow symbolic links as normal
# SymLinksIfOwnerMatch allow symbolic link if the link and file match
# ExecCGI execute .cgi files for the resulting document
# Includes Full server side includes
# IncludesNoExec server side includes but don't execute anything
#
# I do NOT want any automatic directory index files.
#
Options -Indexes +ExecCGI
=======8<--------CUT HERE----------
When this is done any file ending in the .cgi suffix will be thought of
by the httpd server as a CGI executable.
WARNING: this feature may be turned off on some web servers such as those
provided to students or by Internet service providers. Such web sites may
insist on the use of cgi-bins to store such executables so they can be
located and checked by the webmaster.
The .cgi method (Options +ExecCGI) is a late addition to www servers
to allow the use of CGI programs outside CGI bins but is not recommended
by security manuals as:
* Such scripts are located INSIDE the www document tree, which
makes it possible for hackers to search for and possibly
read/re-write/hack such scripts.
* Web Masters can't find them easily to check for security holes
and problems, as they could be anywhere in the document tree.
* A .cgi suffix is not very nice anyway and makes it obvious it is a
CGI script and not just a normal document.
On the plus side the ".cgi" program is located in the same directory as
the web forms, documentation and other html pages which are using the CGI
programs. That is everything for a particular project is all located in
the one place making for easier maintenance, archiving, software job
control systems (eg: RCS or CVS, etc), distribution, etc.
You can also run a CGI script without a .cgi extension.
You simply add to the .htaccess file something like..
=======8<--------