CGI
CGI scripts are the most common way of doing scripting, being
supported by virtually every web server. They work by starting an
external program for each request. The program can be a compiled
program or a script written in something else, for example like perl
or python.
The advantages of CGI scripts are that they can be used to run any
kind of scripts written in any language, and that they are portable
between different web servers. The disadvantages are that they are
resource hungry, needing to start an external program for each
request. CGI scripts are also one of the most common security hazards
on the web. Most often because they were not written with security in
mind.
In Challenger, CGI scripts are supported through the CGI
executable support. The module can be configured to either
run the CGI scripts as the user who has written them, or to run all
CGI scripts as a user with low privileges.
It is possible to use CGI scripts together with RXML. Either by
letting the output of the CGI script be parsed with the RXML parser
or by executing the CGI scripts with the <cgi> tag.
Even if CGI scripts are run so they cannot hurt the server itself,
they can often hurt the user who owns them. Most users do not
understand how CGI scripts work, but will download and install them
from the net, with no thought of security. It is often better to
provide the functions the user's want as RXML tags. The user will
understand RXML tags better, since they are like HTML tags, and the
administrator will get better control over the server.
CGI executable support
- Allow listing of cgi-bin directory
-
If set, the users can
get a directory listing of the cgi-bin directory.
- Allow symlinks
-
If set, allows symbolic links to
binaries owned by the directory owner. Other symlinks are still
disabled.
This option has an effect only if the Run user scripts as
owner variable is set and is available only when the server is
run as root. .
- CGI-bin path
-
The module's location in the virtual
filesystem. By default the module will also handle one or more
extensions, from any filesystem.
- CGI-script extensions
-
Extension of files to be
handled as CGI scripts. The Handle *.cgi variable has to be
set for this option to have any effect.
- Handle *.cgi
-
This handles files ending with the
extensions configured in the CGI-script extensions variable.
If set, files with these extensions will be handled as CGI scripts,
regardless from which filesystem they were fetched.
- Limits
-
- Priority
-
This option affects the nice value of the
CGI processes. If it is set to a higher value CGI scripts might get
more CPU than the actual web server, something which might not always
be a good idea.
- Log CGI errors to...
-
Where to log error messages from
a CGI script, or rather any output the script writes to stderr.
By default the error messages will be sent to the debug log file.
- Parse RXML in CGI-scripts
-
If this option is set the
output of the CGI script is sent through the RXML parser. The parsing
will take place after the CGI script has finished processing, nothing
will be sent to the user until the CGI script finishes. This option
will not work if you have CGI scripts that does animations or other
things that require them to send data over a long time to the user. It
is however possible to enable two CGI executable
support modules, one to handle scripts that are to be RXML
parsed and another to handle normal CGI scripts.
This is option is only available if you have chosen to More
options.
- Provide the <cgi> tag
-
If set it will be possible
to execute CGI scripts via the <cgi> tag.
- Run scripts as
-
Which user to run the CGI scripts as.
This will default to nobody if nothing is specified. This option is
only available when Challenger is run as root.
- Run user scripts as owner
-
If set, scripts in user
home directories will be run as the user. This overrides the Run
scripts as variable. This option is only available when the
server is run as root.
- Search path
-
The location of the CGI-bin directory in
the read file system.
- Set the supplementary group access list
-
If this
option is set the script will be run with membership in all the users
supplementary groups, i.e. the groups in the /etc/group
file.
- Treat non-executable files as ordinary files
-
If this
flag is set, files that does not have the executable bit set will be
treated as normal files and sent to the user. If the flag is not set
attempts to get such files will result in an error message.
|