The HyperText Markup Language (HTML) upon which the World Wide Web's content is based allows you to create only essentially static documents. A subset of the Standard Generalized Markup Language, (SGML), it's a platform-independent page description language which, like the Adobe Corporation's PostScript© language, specifies formatting of the content of a document, but doesn't allow on-the-fly creation of content. Nor does it permit actions to be taken in response to input from the client end of the client-server equation. How then do those ubiquitous home page guestbooks, the rolling counters which track how many "hits" a page has generated since its author created it and handy keyword search forms work? They operate by using the Common Gateway Interface (CGI) standard (currently at version 1.1) supported by most modern HyperText Transfer Protocol (HTTP) "daemons" (Web servers). Basically, CGI permits an HTML document to call an executable program, pass input to it and display the program's output in a dynamically-created document. The National Center for Supercomputing Applications (NCSA--the folks who brought us the original Mosaic Web browser) offers an excellent (and brief) overview of CGI on their hoohoo server at http://hoohoo.ncsa.uiuc.edu/cgi/intro.html. It makes the point that a CGI program can be written in any language that the system it runs on will execute. Thus, CGI programs get written in everything from assembly language to compiled C programs to Unix shell scripts to Basic (in approximate order of speed of execution.) Speed is an issue for CGI programs, because, while the program is running, the user on the client end is staring at a blank browser screen. Likewise, security is a major issue with CGI programs because, necessarily, when you enable CGI, you are permitting anyone with browser access to run programs on your Web server. That's why most HTTPD servers have a directory reserved for CGI programs (the NCSA server uses /cgi-bin) to which only the Webmaster has write access and from which any CGI program should be invoked. If it's not in the CGI directory, the Web server shouldn't run it. NCSA has a lot of material available on CGI, including a primer, security tips, how to handle CGI forms and a lot more. Point your browser at http://hoohoo.ncsa.uiuc.edu/cgi/ for the complete set of links. The version 1.1 CGI specification (http://hoohoo.ncsa.uiuc.edu/cgi/interface.html) is also available from NCSA and, if you're going to get into CGI programming in any depth, you'll want to get and study a copy of the spec. Brian Exelbierd (bex@ncsu.edu) of the Computer And Technologies Theme (CATT) (http://www.catt.ncsu.edu/index.html) maintains the "CGI for the Non-Programmmer" page (http://www.catt.ncsu.edu/~bex/tutor/index.html). His examples are all written in Perl, the interpreted scripting language which has become popular among Unix and non-Unix programmers alike. Mark Hedlund (hedlund@best.com) has put together the "CGI Programmer's Reference", (http://www.best.com/~hedlund/cgi-faq/), which includes the CGI Frequently Asked Questions (FAQ) and the beginnings of a categorical list of existing gateways, including Brandon Gillespie's (brandon@paradise.declab.usu.edu) popular Perl-based email gateway, Mailto, (ftp://sticky.usu.edu/pub/brandon/Mailto-1.6.tar.gz). It also includes links to the NCSA site and to Lincoln D. Stein's (lstein@genome.wi.mit.edu) World Wide Web Security FAQ (http://www-genome.wi.mit.edu/WWW/faqs/www-security-faq.html). Stein is the author of "How to Set Up and Maintain a World Wide Web Site: the Guide for Information Providers" (Addison-Wesley, 1995, ISBN 0-201-63389-2), a 496-page, $29 book which belongs on the shelf of any would-be Webmaster. His WWW Security FAQ covers the spectrum of security concerns without burying the reader in jargon (although, if you read his discussion of best practices in allocating charater buffers in the section on CGI scripts, you'll need to put on your C programmer's propeller beanie). Stein also maintains the "CGI.pm - a Perl5 CGI Library" page (http://www-genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html) for Perl programmers. It offers a rich set of Perl functions for creating forms. There are many other CGI archives and tutorials available on the Web. LPAGE Internet Services of Sacramento, California, offers a tutorial in CGI for Visual Basic programmers (http://lpage.com/cgi/) who want to write for O'Reilly & Associates' WebSite server for WindowsNT and 95. For Macintosh programmers interested in using Frontier for the WebSTAR server, Chong-Yee Khoo (cyk10@cus.cam.ac.uk) maintains an Applescript/Frontier CGI Tour page (http://cy-mac.welc.cam.ac.uk/cgi.html) which includes demos and downloadable source code for simple counters, slide shows, a couple of nifty administration scripts for Mac Webmasters and a set of what he calls "useless CGIs" (including one which displays the URL of the previous page you visited). Russell E. Owen (owen@astro.washington.edu) of the University of Washington Astronomy Department offers his "ROFM, a FileMaker Pro CGI" (http://rowen.astro.washington.edu/) which allows MacHTTP or WebSTAR users to search and add records to Filemaker Pro databases. Felipe Campos (felipe@www.utexas.edu) of the University of Texas' College of Education Learning Technology Center makes his Felipe'S AppleScript CGI Examples (http://edb518ea.edb.utexas.edu/scripts/cgix/cgix.html) available for MacHTTP Webmasters. You'll need the Script Editor, the latest version of MacHTTP, and the Scriptit Osax to use his code. Chris Stephens (stephenc@pcmail.cbil.vcu.edu) offers AppleScript CGIs, (including the ubiquitous guestbook), a DEC VMS counter CGI (ported to VMS by his friend Scott Bullington, scott@macc.visc.edu) and Unix CGIs (including guestbook AND counter) on his Shareware CGIs page (http://128.172.69.106:8080/cgi-bin/cgis.html). Stephens' scripts are actually postcardware--you register them by sending him a postcard. Thomas Boutell (boutell@boutell.com) makes his current version of "cgic: an ANSI C library for CGI Programming" (http://sunsite.unc.edu/boutell/cgic/cgic.html) available for use in any application, commercial or noncommercial, at no cost. However, he requires that you include a copyright paragraph in a credits page accessible from the public and online documentation of your program. (He also allows you to use it uncredited, if you're willing to pay him a one-time fee of $500). Meanwhile, Enterprise Integration Technologies (creators of the Secure HyperText Transfer Protocol or S-HTTP) offers a CGI Library (http://wsk.eit.com/wsk/dist/doc/libcgi/libcgi.html) page of functions for C programmers. Their code examples are downloadable from ftp.eit.com. Finally, any serious CGI programmer will want to haunt Usenet's comp.infosystems.www.authoring.cgi newsgroup for tips, tricks and possible employment, as well as pointers to a broad variety of other excellent CGI authoring and reference resources. (Copyright© 1995 by Thom Stark--all rights reserved) |