Dynamic content 1WUCM1. 2 Basic architecture of the web.

Slides:



Advertisements
Similar presentations
Chapter 6 Server-side Programming: Java Servlets
Advertisements

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
WEB1P servintro1 Introduction to servlets and JSP Dr Jim Briggs.
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
JSP Java Server Pages Reference:
Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.
Web architecture Dr Jim Briggs Web architecture.
The World Wide Web and the Internet Dr Jim Briggs 1WUCM1.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.
Servlets. Our Project 3-tier application Develop our own multi-threaded server Socket level communication.
SE-2840 Dr. Mark L. Hornick1 Java Servlet-based web apps Servlet Architecture.
CSCI 6962: Server-side Design and Programming History and Background.
Gayle J Yaverbaum, PhD Professor of Information Systems Penn State Harrisburg.
CGI Programming Languages Web Based Software Development July 21, 2005 Song, JaeHa.
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.
1 ‘Dynamic’ Web Pages So far, we have developed ‘static’ web-pages, e.g., cv.html, repair.html and order.html. There is often a requirement to produce.
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
1 Homework / Exam Exam 3 –Solutions Posted –Questions? HW8 due next class Final Exam –See posted schedule Websites on UNIX systems Course Evaluations.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,
CP3024 Lecture 3 Server Side Facilities. Lecture contents  Server side includes  Common gateway interface (CGI)  PHP Hypertext Preprocessor (PHP) pages.
FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)
Web Servers1-1 Web Servers Xingquan (Hill) Zhu
Chapter 33 CGI Technology for Dynamic Web Documents There are two alternative forms of retrieving web documents. Instead of retrieving static HTML documents,
Copyright (c) 2010, Dr. Kuanchin Chen1 The Client-Server Architecture of the WWW Dr. Kuanchin Chen.
111 Java Servlets Dynamic Web Pages (Program Files) Servlets versus Java Server Pages Implementing Servlets Example: F15 Warranty Registration Tomcat Configuration.
Python CGI programming
COMP 321 Week 7. Overview HTML and HTTP Basics Dynamic Web Content ServletsMVC Tomcat in Eclipse Demonstration Lab 7-1 Introduction.
Introduction to Programming the WWW I CMSC Summer 2004 Lecture 6.
9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.
CMPUT 391 – Database Management Systems Department of Computing Science University of Alberta CMPUT 391 Database Management Systems Web based Applications,
20-753: Fundamentals of Web Programming Copyright © 1999, Carnegie Mellon. All Rights Reserved. 1 Lecture 7: HTTP and CGI Fundamentals of Web Programming.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 9 Using Perl for CGI Programming.
Website Development with PHP and MySQL Saving Data.
Chapter 6 Server-side Programming: Java Servlets
1 © Netskills Quality Internet Training, University of Newcastle HTML Forms © Netskills, Quality Internet Training, University of Newcastle Netskills is.
1 CS122B: Projects in Databases and Web Applications Spring 2015 Notes 03: Web-App Architectures Professor Chen Li Department of Computer Science CS122B.
Form Data Encoding GET – URL encoded POST – URL encoded
Netprog 2002 CGI Programming1 CGI Programming CLIENT HTTP SERVER CGI Program http request http response setenv(), dup(), fork(), exec(),...
David Lawrence 7/8/091Intro. to PHP -- David Lawrence.
CITA 310 Section 7 Installing and Testing a Programming Environment (Textbook Chapter 7)
Middleware 3/29/2001 Kang, Seungwoo Lee, Jinwon. Description of Topics 1. CGI, Servlets, JSPs 2. Sessions/Cookies 3. Database Connection(JDBC, Connection.
1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.
 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
More than one site? Use multiple configuration files Use multiple configuration files  httpd –d {path}  Assumes “conf/httpd.conf” Logging transactions.
How CGI and Java Servlets are Run By David Stein 14 November 2006.
Bayu Priyambadha, S.Kom. Static content  Web Server delivers contents of a file (html) 1. Browser sends request to Web Server 3. Web Server sends HTML.
Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.
COSC 2328 – Web Programming.  PHP is a server scripting language  It’s widely-used and free  It’s an alternative to Microsoft’s ASP and Ruby  PHP.
1 Web Programming with Servlets & JSPs WEB APPLICATIONS – AN OVERVIEW.
Lesson 11. CGI CGI is the interface between a Web page or browser and a Web server that is running a certain program/script. The CGI (Common Gateway Interface)
University of Kansas Department of Electrical Engineering and Computer Science Dr. Susan Gauch April 21, 2005 I T T C Introduction to Web Technologies.
CS122B: Projects in Databases and Web Applications Spring 2017
CS122B: Projects in Databases and Web Applications Winter 2017
Servlets.
Web Development Web Servers.
CGI I: Basics Web Programming.
PHP / MySQL Introduction
CS122B: Projects in Databases and Web Applications Winter 2018
CS122B: Projects in Databases and Web Applications Spring 2018
Common Gateway Interface (CGI current version 1.1)
Lecture 5: Functions and Parameters
World Wide Web Components
CS122B: Projects in Databases and Web Applications Winter 2019
CGI I: Basics Web Programming.
Presentation transcript:

Dynamic content 1WUCM1

2 Basic architecture of the web

Dynamic web pages Stages: – Collect data from user in browser Usually using an HTML form – Send data in HTTP request to server – Server processes request (dynamically) Different models of how to do this – Server sends HTTP response to browser – Browser displays response 3WUCM1

HTML forms Which lecture are you missing? (Give the lecture number not title) When will you come to collect them? Next lecture Next tutorial At 5:00pm on Friday this week Your CAM number? 4WUCM1

Passing data to the server HTTP methods – GET for data retrieval – POST for data update – (and others we can ignore) WUCM15

Passing data to the server Using GET GET /cgi-bin/mycgi.bat?WUCMI_unit=78&collect_type=NextTutorial&dis_num=67 HTTP/1.0 Using POST POST /cgi-bin/mycgi.bat HTTP/1.0 WUCMI_unit=78&collect_type=NextTutorial&dis_num=67 WUCM16

7 HTTP encoding Queries – ? separates path from query Parameters – & separates name/value pairs – = separates name and value Encoding – + for space – %xx for special characters (e.g. %7E for ~)

WUCM18 Dynamic web pages Four models: – Server-side includes (SSI) – CGI – Server modules – Auxiliary servers

WUCM19 CGI architecture

WUCM110 CGI characteristics Web server creates a new process for each request that maps onto a program Data passed according to CGI Server reads output of program from program CGI spec: Can use pretty much any programming language – best known Perl, Python, C/C++

Pros and cons of CGI Pros: – Independent of server - if program crashes it cannot affect the server – The web server takes up less memory if it does not load any server modules – Any memory (or other resources) used by the CGI program is released when the CGI program terminates Cons: – The time to create a new process to handle the CGI request is relatively long – For programs that access databases, each new process must establish a new database connection 11WUCM1

12 Server module

Server module characteristics Web server invokes interpreter via API for each request that maps onto a program Data passed via API Server gets output via API Popular for: – PHP – ASP.NET – Perl (as an alternative to CGI) 13WUCM1

Pros and cons of server modules Pros: – No need to create a separate process, therefore faster – For programs that access databases, the server can maintain a persistent connection to a database, saving reconnection time Cons: – Server and program inextricably linked - a crash within the server module may crash the server – The web server will occupy more memory because of the size of the server module(s) it loads – If any server module needs a lot of memory, that memory will not be released (at least not until the server dies) 14WUCM1

15 Auxiliary server

Auxiliary server characteristics Auxiliary server runs on a different TCP/IP port (and potentially on a different machine) Relevant requests forwarded by web server to auxiliary server Server passes response back Common for: – Java – PL/SQL (Oracle) 16WUCM1

Pros and cons of auxiliary servers Pros: – No need to create a new process for each request – Can maintain state (if desired) including database connections – Separate from the main web server Cons: – Overhead of resending HTTP requests and responses 17WUCM1

Big benefits of auxiliary servers Enterprise scalability – add new web servers – add new auxiliary servers – cross-connect between them – fits in with database scalability Resilience and reliability 18WUCM1

Web programming languages Programmatic – Output HTML in print statements – Use normal programming language constructs Examples: – Perl – Java (servlets) – C/C++ Better when the complexity is in the data capture and processing Output-based – HTML page with programming statements embedded – Can require contrived programming language constructs Examples: – PHP – ASP – Java (Java Server Pages) Better when the complexity is in the output format 19WUCM1

Examples (both Java) protected void processRequest (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType ("text/html"); PrintWriter out = response.getWriter (); out.println(" "); out.println(" Hello world servlet "); out.println(" "); String name = request.getParameter ("name"); out.println(" Hello " + name); out.println(" "); out.close (); } Hello JSP Page Hello 20WUCM1

CGI 21WUCM1

Script interaction – CGI A CGI script is a program run on the server: – How can it get its input? – What should it do with its output? CGI scripts are loaded and executed at the request of the web server Server passes details about the request through environment variables WUCM122

CGI input Environment variables pass details on: – The URL the script was called from – Request parameters passed from web browser – The HTTP method used – General information about the request In addition, input can come via the standard input (STDIN) if the method was POST WUCM123

CGI Output The script passes information back via standard output (STDOUT) Server will ensure that data presented to STDOUT is routed to the browser Server will output the relevant data from the web browser so can be read from STDIN But HOW? - via forms, e.g. WUCM124

Forms for dynamic programming The significant part of the html is: Notice that: – the FORM method is GET – the FORM action is to run the mycgi.bat program WUCM125

GET as the form method Any data is passed as a “query string” Separator is ‘?’ Parameters concatenated with ‘&’ to form the “query string” GET /cgi-bin/mycgi.bat?WUCMI_unit=78&collect_type=NextTutorial&dis_num=67 HTTP/1.0 Complications: – If the user enters any characters not permitted in URLs, like spaces or &, =, ? – The data is encoded using the ISO8859 rules, e.g. for a space, this would give %20, its ASCII code Decoding these is best left to library code – CGI.pm in the case of Perl WUCM126

POST as the form method The data is sent in the request body The web server will present this data to the CGI script as input on STDIN Browser indicates how much data is being transferred, so that the CGI script knows how much to expect on STDIN WUCM127

When to use which method? Use GET for actions – that are safe – that are idempotent – where the total length of the URI is less than 256 chars – where it's OK for the parameters to be visible to the user – where it's OK for the parameters to be preserved as part of a bookmark Data retrieval Use POST for – everything else Data update WUCM128

Common CGI environment variables REQUEST_METHOD – how the script was called, i.e. GET or POST PATH_INFO – the relative path of the requested resource PATH_TRANSLATED – the absolute path of the requested resource QUERY_STRING – additional supplied parameters, if any SCRIPT_NAME – the actual name of the script WUCM129

Simple Apache CGI configuration CGI scripts are handled by mod_cgi Apache needs to be told: – Which directory contains scripts – How to recognise them as executable programs rather than files to be delivered The choice is basically: – Use ScriptAlias in the config file, setting up a safe directory – outside tree – Use AddHandler or SetHandler to set a handler type of cgi-script for script files in a directory in the document tree WUCM130

Example - ScriptAlias Assume: – A cgi-bin directory parallel to the htdocs directory in your web server's space – e.g. C:\Apache\Roger\cgi-bin Then the httpd.conf file could be WUCM131

Example httpd.conf file # permit access to cgi-bin directory # default deny from Prac04 Options –Indexes +ExecCGI AllowOverride None Order allow,deny Allow from all TransferLog "logs/access.log" ErrorLog "logs/error.log" LogLevel warn # tell Apache where cgi scripta are. ScriptAlias /cgi-bin/ "C:/Apache/Roger/cgi-bin/" # tell Apache where to put the script errors. ScriptLog "logs/script.log" WUCM132

Marking scripts as executable This is OS specific Under Windows: – Usually determined by the extension,.cmd,.bat,.pl or.exe Under Unix: – chmod +x filename – #!/bin/perl first line WUCM133

Debugging scripts Since CGI scripts run through Apache they are more difficult to debug For a simple test, e.g. filling in the form and then clicking “submit” where do the error & debug messages go? Usual answer is the log files: – both ErrorLog – and ScriptLog – depending on what has gone wrong WUCM134 If Apache config problem.

Debugging scripts Some CGI libraries, e.g. Perl CGI::Carp, direct error messages to the browser for debugging purposes – not useful for production systems For debugging messages, send output to STDERR – they will be added to ScriptLog Problems with testing CGI scripts from the command line – no web server to generate input WUCM135

A few security points Apache's privileges (and hence those of any CGI scripts it runs) – Apache must start as root to bind to port 80 In a well configured server, once this initial binding is done, Apache will drop back to a very low privilege user, (nobody, webuser etc) If due to a poor configuration file it does not, then any later executed CGI script will be running as root – potentially very dangerous WUCM136

A few security points Editors used to edit CGI scripts – Often produce backup files with standard extensions, e.g. PFE uses.$$$ – To protect deny from suspect extensions: WUCM137 Order allow,deny Deny from all

suEXEC and CGIWrap To increase the security when running CGI scripts, they are often “wrapped” The CGI wrappers can: – control the ownership of CGI scripts – subject the script to stringent security tests The two main alternatives are: – suEXEC –bundled with Apache – CGIWrap –produced by an independent group WUCM138