Presentation is loading. Please wait.

Presentation is loading. Please wait.

CGI Programming Part II UNIX Security

Published byἈπφία Χατζηιωάννου Modified over 6 years ago

Similar presentations

Presentation on theme: "CGI Programming Part II UNIX Security"— Presentation transcript:

1 CGI Programming Part II UNIX Security
Lecture 11 CGI Programming Part II UNIX Security

2 Forms HTML forms are used to collect user input
Data sent via HTTP request Server launches CGI script to process data <form method=POST action=“ Enter your query: <input type=text name=Search> <input type=submit> </form>

3 Input Types Text Field Radio Buttons Checkboxes Text Area
<input type=text name=zipcode> Radio Buttons <input type=radio name=size value=“S”> Small <input type=radio name=size value=“M”> Medium <input type=radio name=size value=“L”> Large Checkboxes <input type=checkbox name=extras value=“lettuce”> Lettuce <input type=checkbox name=extras value=“tomato”> Tomato Text Area <textarea name=address cols=50 rows=4> </textarea>

4 Submit Button Submits the form for processing by the CGI script specified in the form tag <input type=submit value=“Submit Order”>

5 HTTP Methods Determine how form data are sent to web server
Two methods: GET Form variables stored in URL POST Form variables sent as content of HTTP request

6 Encoding Form Values Browser sends form variables as name-value pairs
name1=value1&name2=value2&name3=value3 Names are defined in form elements <input type=text name=ssn maxlength=9> Special characters are replaced with %## (2-digit hex number), spaces replaced with + e.g. “11/8 Wed” is encoded as “11%2F8+Wed”

7 HTTP GET/POST examples
GET /cgi-bin/myscript.pl?name=Bill%20Gates& company=Microsoft HTTP/1.1 HOST: POST: POST /cgi-bin/myscript.pl HTTP/1.1 …other headers… name=Bill%20Gates&company=Microsoft

8 GET or POST? GET method is useful for
Retrieving information, e.g. from a database Embedding data in URL without form element POST method should be used for forms with Many fields or long fields Sensitive information Data for updating database GET requests may be cached by clients browsers or proxies, but not POST requests

9 Parsing Form Input Method stored in HTTP_METHOD
GET: Data encoded into QUERY_STRING POST: Data in standard input (from body of request) Most scripts parse input into an associative array You can parse it yourself Or use available libraries (better)

10 CGI Script: Example

11 Part 1: HTML Form <html> <center>
<H1>Anonymous Comment Submission</H1> </center> Please enter your comment below which will be sent anonymously to If you want to be extra cautious, access this page through <a href=" <p> <form action=cgi-bin/comment.cgi method=post> <textarea name=comment rows=20 cols=80> </textarea> <input type=submit value="Submit Comment"> </form> </html>

12 Part 2: CGI Script (ksh) #!/home/unixtool/bin/ksh
. cgi-lib.ksh # Read special functions to help parse ReadParse PrintHeader print -r -- "${Cgi.comment}" | /bin/mailx -s "COMMENT" kornj print "<H2>You submitted the comment</H2>" print "<pre>" print -r -- "${Cgi.comment}" print "</pre>"

13 Perl CGI Module Interface for parsing and interpreting query strings passed to CGI scripts Methods for creating generating HTML Methods to handle errors in CGI scripts Two interfaces: procedural and OO Ask for the procedural interface: use CGI qw(:standard);

14 A Perl CGI Script #!/usr/bin/perl -w use strict;
use CGI qw(:standard); my $bday = param("birthday"); # Print headers (text/html is the default) print header(-type => 'text/html'); # Print <html>, <head>, <title>, <body> tags etc. print start_html(“Birthday”); # Your HTML body print "Your birthday is $bday.\n"; # Print </body></html> print end_html();

15 Debugging Perl CGI Scripts
Debugging CGI script is tricky - error messages don’t always come up on your browser Check if the script compiles perl -wc cgiScript Run script with test data perl -w cgiScript prod=“MacBook” price=“1800” Content-Type: text/html <html> </html>

16 How to get your script run
This can vary by web server type Typically, you give your script a name that ends with .cgi and/or put it in a special directory (e.g. cgi-bin) Give the script execute permission Specify the location of that script in the URL

17 CGI Security Risks Sometimes CGI scripts run as owner of the scripts
Never trust user input - sanity-check everything If a shell command contains user input, run without shell escapes Always encode sensitive information, e.g. passwords Also use HTTPS Clean up - don’t leave sensitive data around

18 CGI Benefits Simple Language independent
UNIX tools are good for this because Work well with text Integrate programs well Easy to prototype No compilation (CGI scripts)

Download ppt "CGI Programming Part II UNIX Security"

Similar presentations

Web forms and CGI scripts Dr. Andrew C.R. Martin

Web forms and CGI scripts Dr. Andrew C.R. Martin
CGI Programming.

CGI Programming.
Lecture 14 HTML Forms CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.

Lecture 14 HTML Forms CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger.
Video, audio, embed, iframe, HTML Form

Video, audio, embed, iframe, HTML Form
CGI Programming Part 2. Input Tags Many different ways of getting data from the user. The tag is used most often. has a type attribute –Specifies the.

CGI Programming Part 2. Input Tags Many different ways of getting data from the user. The tag is used most often. has a type attribute –Specifies the.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
JavaScript Forms Form Validation Cookies CGI Programs.

JavaScript Forms Form Validation Cookies CGI Programs.
Forms Review. 2 Using Forms tag  Contains the form elements on a web page  Container tag tag  Configures a variety of form elements including text.

Forms Review. 2 Using Forms tag  Contains the form elements on a web page  Container tag tag  Configures a variety of form elements including text.
CS 898N – Advanced World Wide Web Technologies Lecture 6: PERL and CGI Chin-Chih Chang

CS 898N – Advanced World Wide Web Technologies Lecture 6: PERL and CGI Chin-Chih Chang
Python and Web Programming

Python and Web Programming
USER INTERACTIONS: FORMS

USER INTERACTIONS: FORMS
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.

1 Web Developer & Design Foundations with XHTML Chapter 6 Key Concepts.
1 Homework / Exam Exam 3 –Solutions Posted –Questions? HW8 due next class Final Exam –See posted schedule Websites on UNIX systems Course Evaluations.

1 Homework / Exam Exam 3 –Solutions Posted –Questions? HW8 due next class Final Exam –See posted schedule Websites on UNIX systems Course Evaluations.
Advance Database Management Systems Lab no. 5 PHP Web Pages.

Advance Database Management Systems Lab no. 5 PHP Web Pages.
4-Sep-15 HTML Forms Mrs. Goins Web Design Class. Parts of a Web Form A Form is an area that can contain Form Control/Elements. Each piece of information.

4-Sep-15 HTML Forms Mrs. Goins Web Design Class. Parts of a Web Form A Form is an area that can contain Form Control/Elements. Each piece of information.
1 Creating Web Forms in HTML Web forms collect information from customers Web forms include different control elements including: –Input boxes –Selection.

1 Creating Web Forms in HTML Web forms collect information from customers Web forms include different control elements including: –Input boxes –Selection.
Forms and Form Controls Chapter 6. 6.1 What is a Form?

Forms and Form Controls Chapter What is a Form?
Web111a_chapt06.ppt HTML: Section 6 Forms HTML tags: define data input and/or output Define the Input and/or Output on the web page Do not process the.

Web111a_chapt06.ppt HTML: Section 6 Forms HTML tags: define data input and/or output Define the Input and/or Output on the web page Do not process the.
1 HTML and CGI Scripting CSC8304 – Computing Environments for Bioinformatics - Lecture 10.

1 HTML and CGI Scripting CSC8304 – Computing Environments for Bioinformatics - Lecture 10.

Similar presentations

Ads by Google