Web Server Design Assignment #5: Unsafe Methods & CGI Due: 05/05/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.

Slides:



Advertisements
Similar presentations
How does the server format the information it gives to the appln program? As environment variables and in standard input.
Advertisements

Configuring Apache Server and Perl for CGI T.A. Maisa Khudair Dr. Qusai Abu Ein.
CGI. XML2 Common Gateway Interface n Georgia Tech 1995 Web Usage Survey –Perl % –C % –Shell Scripts - 8.1% –Tcl - Tool Commercial Language.
Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.
Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.
Hypertext Transport Protocol CS Dick Steflik.
 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.
Common Gateway Interface
Chapter 9 Using Perl for CGI Programming. Computation is required to support sophisticated web applications Computation can be done by the server or the.
Overview A plain HTML document is static A CGI program is executed in real-time, so that it can output dynamic information. CGI (Common Gateway Interface)
CP3024 Lecture 3 Server Side Facilities. Lecture contents  Server side includes  Common gateway interface (CGI)  PHP Hypertext Preprocessor (PHP) pages.
Web Server Design Week 5 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/10/10.
1 HTML and CGI Scripting CSC8304 – Computing Environments for Bioinformatics - Lecture 10.
HyperText Transfer Protocol (HTTP).  HTTP is the protocol that supports communication between web browsers and web servers.  A “Web Server” is a HTTP.
CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.
Nic Shulver, Intro: Developing Server Applications What is a server? Many types of server – File server – file: networked file.
Web Server Design Week 14 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/14/10.
USING PERL FOR CGI PROGRAMMING
CSE 190: Internet E-Commerce Lecture 5. Exam Material Lectures 1-4 (Presentation Tier) –3-tier architecture –HTML –Style sheets –Javascript –DOM –HTTP.
CSCE Systems Programming Lecture 21 Web Server: CGI -Dynamic Pages CSCE March 25, 2013.
CGI programming Peter Verhás January What this tutorial is about Introduction to CGI programming Using ScriptBasic –Simple to program –Simple to.
1 CGI with perl. 2 References Perl tutorials and references:
Web Server Design Week 8 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/3/10.
Perl: Lecture 2 Advanced RE & CGI. Regular Expressions 2.
Web Server Design Week 4 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/03/10.
Perl CGI What is "CGI"? Common Gateway Interface A means of running an executable program via the Web. Perl have a *very* nice interface to create CGI.
Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.
Form Data Encoding GET – URL encoded POST – URL encoded
Internet and Intranet Fundamentals
Web Server Design Assignment #2: Conditionals & Persistence Due: 02/24/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010.
Appendix E: Overview of HTTP ©SoftMoore ConsultingSlide 1.
Copyright © 2002 ProsoftTraining. All rights reserved. Java Servlets.
Web Server Design Week 7 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/24/10.
Web Server Design Week 13 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/7/10.
Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.
Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.
Web Server Design Week 6 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/17/10.
Web Server Design Assignment #3: Transfer Encoding & Content Negotiation Due: 03/24/2010 Old Dominion University Department of Computer Science CS 495/595.
Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.
Introduction to CGI PROG. CGI stands for Common Gateway Interface. CGI is a standard programming interface to Web servers that gives us a way to make.
Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.
Web Server Design Week 10 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/17/10.
Web Programming Week 1 Old Dominion University Department of Computer Science CS 418/518 Fall 2007 Michael L. Nelson 8/27/07.
Web Server Design Week 13 Old Dominion University Department of Computer Science CS 495/595 Spring 2012 Michael L. Nelson 04/03/12.
Web Server Design Week 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2009 Michael L. Nelson 4/20/09.
Web Server Design Week 3 Old Dominion University Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson 1/23/06.
Web Server Design Week 6 Old Dominion University Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson 2/13/06.
Web Server Design Assignment #5: Unsafe Methods & CGI
Web Server Design Assignment #4: Authentication
Web Server Design Assignment #2: Conditionals & Persistence
Web Server Design Week 11 Old Dominion University
CSCE Systems Programming
Web Server Design Assignment #5 Extra Credit
Web Server Design Week 4 Old Dominion University
Web Server Design Week 15 Old Dominion University
Web Server Design Week 5 Old Dominion University
Web Server Design Assignment #2: Conditionals & Persistence
Web Server Design Assignment #2: Conditionals & Persistence
Old Dominion University Department of Computer Science
Web Server Design Week 11 Old Dominion University
The HTTP Protocol COSC 2206 Internet Tools The HTTP Protocol
Environment Variables
Web Server Design Week 3 Old Dominion University
Web Server Design Week 4 Old Dominion University
Web Server Design Week 16 Old Dominion University
Web Server Design Week 14 Old Dominion University
Web Server Design Assignment #1: Basic Operations
Web Server Design Assignment #5 Extra Credit
Old Dominion University Department of Computer Science
Presentation transcript:

Web Server Design Assignment #5: Unsafe Methods & CGI Due: 05/05/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein

Grading To be done by an automated program that will test most (all?) combinations –assignment is listed under the day it is to be demoed in class –each group will give a 3-4 minute status report the week before an assignment is due! If you have a question: – the class list –mimic the behavior of a well known Apache server (e.g.,

Methods to Support Same as assignments 1-4, plus: –DELETE, PUT, POST as per Lecture 13 n.b. OPTIONS (lecture 13)

Status Codes to Support Same as assignments 1-4, plus: –201 Created PUT, POST –405 Method Not Allowed –411 Length Required –413 Request Entity Too Large –414 Request-URI Too Long

Request Headers Same as assignments 1-4, plus: –Content-type: –Content-Length: –Content-Disposition: (in form data)

Response Headers Same as assignments 1-4

MIME Types, Encodings, etc. All as per assignments 1-4, plus: Your server accepts the following “Content- Type” headers: –multipart/form-data –application/x-form-www-urlencoded

Guidelines PUT, DELETE are allowed recursively, as per directives in the WeMustProtectThisHouse! file Limits –URI: 2k –Entity: 2MB You should flag for Entities longer than advertised as per the “Content-Length” header, but I will not test for error conditions Always issue an HTML description describing the results (success or failure) of PUT and DELETE –we will not produce 202 or 204

WeMustProtectThisHouse! Format % cat WeMustProtectThisHouse\! # ALLOW-PUT ALLOW-DELETE # authorization-type=Basic realm=“Fried Twice” # always quote realm since it might have spaces # # user format = name:md5(password) # mklein: cae72c19f215480ddf2d0d5c3 mk:318bcb4be908d0da6448a0db76908d78 jbollen:c82138c7e01ad922b0a58fdd33c3a91c mln:5a df37fd781035da

CGI Invocation Invoke the URI as an executable program iff: –POST, GET, HEAD methods are used Warning!!! –ensure your URI is relative to your document root dangerous: GET /bin/rm?-rf HTTP/1.1

CGI Program #!/usr/bin/perl print "Content-type: text/html\n\n"; foreach $key (keys (%ENV)) { print "$key = $ENV{$key} \n"; } while ( ) { print "$_ \n"; }

Required Environment Variables SCRIPT_NAME SCRIPT_URI SCRIPT_FILENAME HTTP_REFERER HTTP_USER_AGENT REQUEST_METHOD REMOTE_ADDR QUERY_STRING REMOTE_USER AUTH_TYPE SERVER_NAME SERVER_SOFTWARE SERVER_PORT SERVER_ADDR SERVER_PROTOCOL leave blank if not available

Keep in mind: Status report in 1 week!

START NOW!!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.