One of the most exciting things about the web is that you can make your own applications, that will be reachable by anyone in the world. Furthermore, programming for the web is often simpler than traditional GUI programming. Even small applications can get nice graphical user interfaces by creating dynamic HTML pages. Challenger is one of the best environments for creating such applications.

As with all good things, there are drawbacks. Since an application on the web is reachable by any number of users, some with malicious intent, programming errors can have drastic effects. While many users may not understand this, the administrator of a web server must.

The important thing is that all user input must be handled with caution. Where the programmer thought he would get a small name he might get ten megabytes of machine code. If the program fails to handle that kind of input, troubles might follow.

Building web applications with Challenger in Pike reduces the risks and consequences of making such mistakes, but it does in no way eliminate them.

Challenger also supports CGI scripts for doing scripting. It is far easier to make fatal mistakes when programming CGI scripts than it is with Pike scripts or modules. Most CGI scripts that can be downloaded from the web have not been written with security in mind. As system administrator, you must determine which scripts are safe and which ones are not, and consider your site's security policy.

It is always a good idea to keep track of Challenger's log files. If outside users try to break in through CGI scripts, it will most often show up in the log files. Especially since they will usually try to break in through a few common CGI scripts.

This chapter describes Challenger's various ways of supporting script programming from a system administrator's viewpoint.