|
|
|
CGICGI scripts are the most common way of doing scripting, being supported by virtually every web server. They work by starting an external program for each request. The program can be a compiled program or a script written in something else, for example like perl or python. The advantages of CGI scripts are that they can be used to run any kind of scripts written in any language, and that they are portable between different web servers. The disadvantages are that they are resource hungry, needing to start an external program for each request. CGI scripts are also one of the most common security hazards on the web. Most often because they were not written with security in mind. In Challenger, CGI scripts are supported through the CGI executable support. The module can be configured to either run the CGI scripts as the user who has written them, or to run all CGI scripts as a user with low privileges. It is possible to use CGI scripts together with RXML. Either by letting the output of the CGI script be parsed with the RXML parser or by executing the CGI scripts with the <cgi> tag. Even if CGI scripts are run so they cannot hurt the server itself, they can often hurt the user who owns them. Most users do not understand how CGI scripts work, but will download and install them from the net, with no thought of security. It is often better to provide the functions the user's want as RXML tags. The user will understand RXML tags better, since they are like HTML tags, and the administrator will get better control over the server. |
|||||||||||||||||||