Scripting
One of the most exciting things about the web is that you can make
your own applications, that will be reachable by anyone in the world.
Furthermore, programming for the web is often simpler than traditional
GUI programming. Even small applications can get nice graphical user
interfaces by creating dynamic HTML pages. Challenger is one of the
best environments for creating such applications.
As with all good things, there are drawbacks. Since an application
on the web is reachable by any number of users, some with malicious
intent, programming errors can have drastic effects. While many users
may not understand this, the administrator of a web server must.
The important thing is that all user input must be handled with
caution. Where the programmer thought he would get a small name he
might get ten megabytes of machine code. If the program fails to
handle that kind of input, troubles might follow.
Building web applications with Challenger in Pike reduces the risks
and consequences of making such mistakes, but it does in no way
eliminate them.
Challenger also supports CGI scripts for doing scripting. It is far
easier to make fatal mistakes when programming CGI scripts than it is
with Pike scripts or modules. Most CGI scripts that can be downloaded
from the web have not been written with security in mind. As system
administrator, you must determine which scripts are safe and which
ones are not, and consider your site's security policy.
It is always a good idea to keep track of Challenger's log files.
If outside users try to break in through CGI scripts, it will most
often show up in the log files. Especially since they will usually try
to break in through a few common CGI scripts.
This chapter describes Challenger's various ways of supporting
script programming from a system administrator's viewpoint.
|