CGI Programming with Perl [NOOK Book]

Overview

Programming on the Web today can involve any of several technologies, but the Common Gateway Interface (CGI) has held its ground as the most mature method--and one of the most powerful ones--of providing dynamic web content. CGI is a generic interface for calling external programs to crunch numbers, query databases, generate customized graphics, or perform any other server-side task. There was a time when CGI was the only game in town for server-side programming; today, although we have ASP, PHP, Java servlets, ...

See more details below
CGI Programming with Perl

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$17.99
BN.com price
(Save 43%)$31.99 List Price

Overview

Programming on the Web today can involve any of several technologies, but the Common Gateway Interface (CGI) has held its ground as the most mature method--and one of the most powerful ones--of providing dynamic web content. CGI is a generic interface for calling external programs to crunch numbers, query databases, generate customized graphics, or perform any other server-side task. There was a time when CGI was the only game in town for server-side programming; today, although we have ASP, PHP, Java servlets, and ColdFusion (among others), CGI continues to be the most ubiquitous server-side technology on the Web.CGI programs can be written in any programming language, but Perl is by far the most popular language for CGI. Initially developed over a decade ago for text processing, Perl has evolved into a powerful object-oriented language, while retaining its simplicity of use. CGI programmers appreciate Perl's text manipulation features and its CGI.pm module, which gives a well-integrated object-oriented interface to practically all CGI-related tasks. While other languages might be more elegant or more efficient, Perl is still considered the primary language for CGI.CGI Programming with Perl, Second Edition, offers a comprehensive explanation of using CGI to serve dynamic web content. Based on the best-selling CGI Programming on the World Wide Web, this edition has been completely rewritten to demonstrate current techniques available with the CGI.pm module and the latest versions of Perl. The book starts at the beginning, by explaining how CGI works, and then moves swiftly into the subtle details of developing CGI programs.Topics include:

  • Incorporating JavaScript for form validation
  • Controlling browser caching
  • Making CGI scripts secure in Perl
  • Working with databases
  • Creating simple search engines
  • Maintaining state between multiple sessions
  • Generating graphics dynamically
  • Improving performance of your CGI scripts

A comprehensive explanation of CGI for people who hold on to the dream of providing their own information servers on the Web. This edition has been completely rewritten to use the current techniques available in Version 5 of Perl and two popular Perl modules, CGI.pm and CGI_lite, plus discussions of speed-up techniques such as FastCGI and mod_perl.

Read More Show Less

Editorial Reviews

Booknews
Explains how to use the common gateway interface (CGI) to create and deliver dynamic content on the web. The second edition has been rewritten to demonstrate current techniques available with the CGI.pm module and the latest versions of Perl. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

  • ISBN-13: 9781449326791
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 6/29/2000
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 2
  • Pages: 472
  • Sales rank: 1,264,000
  • File size: 3 MB

Meet the Author

Scott Guelich graduated from Oberlin College in 1993 with a philosophy degree and decided to "only take a few years off" before continuing with graduate school. Unable to find any listing for "Philosopher Wanted" in the classifieds, and having done some programming while growing up, he quickly found himself working with computers. He discovered the Internet the following year and Perl the year after that. Scott has been a web developer for the past few years and currently contracts in the San Francisco Bay Area. He enjoys taijiquan, mountain biking, wind surfing, skiing, and anything that gets him outside and closer to nature. Despite the hours he spends working online, Scott is actually a closet Luddite who doesn't own a television, hasn't bought a cell phone, and still intends to make it to graduate school . . . some day.


Shishir Gundavaram graduated from Boston University with a BS in Biomedical Engineering in May of 1995. For his undergraduate thesis, he developed a Windows application for the Motor Unit Lab of the NeuroMuscular Research Center that allowed researchers to acquire and analyze muscle force output from patients to indirectly observe the electrical activity of muscles. He was the sole author of CGI Programming on the World Wide Web, published by O'Reilly & Associates, Inc., in 1996.


Gunther Birznieks is currently the chief technology officer for eXtropia.com, best known for its open source web programming archives and online tutorials in a variety of subjects related to web programming (Perl, CGI, Java). Before this, Gunther did web programming and infrastructure for the Human Genome Project. Most recently, he was an associate director at Barclays Capital where he had been the global head of web engineering.

Read More Show Less

Read an Excerpt

Chapter 8: Security

The Importance of Web Security

Many CGI developers do not take security as seriously as they should. So before we look at how to make CGI scripts more secure, let's look at why we should worry about security in the first place.

  1. On the Internet, your website represents your public image. If your web pages are unavailable or have been vandalized, that affects others'impressions of your organization, even if the focus of your organization has nothing to do with web technology.

  2. You may have valuable information on your web server. You may have sensitive or valuable information available in a restricted area that you may wish to keep unauthorized people from accessing. For example, you may have content or services available to paying members, which you would not want non-paying customers or non-members to access. Even files which are not part of your web server's document tree and are thus not available online to anyone, e.g., credit card numbers, could be compromised.

  3. Someone who has cracked your web server has easier access to the rest of your network. If you have no valuable information on your web server, you probably cannot say that about your entire network. If someone breaks into your web server, it becomes much easier for them to break into another system on your network, especially if your web server is inside your organization's firewall (which, for this reason, is generally a bad idea).

  4. You sacrifice potential income when your system is down. If your organization generates revenue directly from your website, you certainly lose income when your system is unavailable. However, even if you do not fall into this group, you likely offer marketing literature or contact information online. Potential customers who are unable to access this information may look elsewhere when making their decision.

  5. You waste time and resources fixing problems. You must perform many tasks when your systems are compromised. First you must determine the extent of the damage. Then you probably need to restore from backups. You must also determine what went wrong. If a cracker gained access to your web server, then you must determine how the cracker managed this in order to prevent future break ins. If a CGI script damaged files, then you must locate and fix the bug to prevent future problems.

  6. You expose yourself to liability. If you develop CGI scripts for other companies, and one of those CGI scripts is responsible for a large security problem, then you may understandably be liable. However, even if it is your company for whom you're developing CGI scripts, you may be liable to other parties. For example, if someone cracks your web server, they could use it as a base to stage attacks on other companies. Likewise, if your company stores information others consider sensitive (e.g. your customers'credit card numbers), you may be liable to them if that information is leaked.

These are only some of the many reasons why web security is so important. You may be able to come up with other reasons yourself. So now that you recognize the importance of creating secure CGI scripts, you may be wondering what makes a CGI script secure. It can be summed up in one simple maxim: never trust any data coming from the user. This sounds quite simple, but in practice it's not. In the remainder of this chapter, we'll explore how to do this.

Handling User Input

Security problems arise when you make assumptions about your data: you assume that users will do what you expect, and they surprise you. Users are good at this, even when they're not trying. To write secure CGI scripts, you must also think creatively. Let's look at an example.

Calling External Applications

figlet is a fun application that allows us to create large, fancy ASCII art characters in many different sizes and styles. You can find examples of figlet output as part of people's signatures in email messages and news group posts.

You can execute figlet from the command-line in the following manner:

% figlet -f fonts/slant 'I Love CGI!'

And the output would be...

...We can write a CGI gateway to figlet that allows a user to enter some text, executes a command like the one shown above, captures the output, and returns it to the browser.

First, here is the HTML form:

Example 8-1: figlet.html

Now, here's the program:

Example 8-2: figlet_INSECURE.cgi

#!/usr/bin/perl -w
 
use strict;
use CGI;
use CGIBook::Error;
 
# Constant: path to figlet
my $FIGLET = '/usr/local/bin/figlet';
 
my $q      = new CGI;
my $string = $q->param( "string" );
 
unless ( $string ) {
    error( $q, "Please enter some text to display." );
}
 
local *PIPE;
 
## This code is INSECURE...
## Do NOT use this code on a live web server!!
open PIPE, "$FIGLET \"$string\" |" or
    die "Cannot open pipe to figlet: $!";
 
print $q->header( "text/plain" );
print while ;
close PIPE;

We first verify that the user entered a string and simply print an error if not. Then we open a pipe (notice the trailing "|"character) to the figlet command, passing it the string. By opening a pipe to another application, we can read from it as though it is a file. In this case, we can get at the figlet output by simply reading from the PIPE file handle.

We then print our content type, followed by the figlet output. Perl lets us do this on one line: the while loop reads a line from PIPE, stores it in $_, and calls print; when print is called without an argument, it will output the value stored in $_; the loop automatically terminates when all the data has been read from figlet.

Admittedly, our example is somewhat dull. figlet has many options for changing the font, etc., but we want to keep our example short and simple to be able to focus on the security issues. Many people assume that for scripts this simple, it's hard for something to go wrong with them. In fact, this CGI script allows a savvy user to execute any command on your system...

Read More Show Less

Table of Contents

Preface
1 Getting Started 1
2 The Hypertext Transport Protocol 16
3 The Common Gateway Interface 42
4 Forms and CGI 65
5 CGI.pm 84
6 HTML Templates 121
7 JavaScript 163
8 Security 194
9 Sending Email 214
10 Data Persistence 231
11 Maintaining State 264
12 Searching the Web Server 293
13 Creating Graphics on the Fly 311
14 Middleware and XML 338
15 Debugging CGI Applications 357
16 Guidelines for Better CGI Applications 374
17 Efficiency and Optimization 385
A: Works Cited and Further Reading 403
B Perl Modules 407
Index 411
Read More Show Less

Customer Reviews

Average Rating 4
( 4 )
Rating Distribution

5 Star

(1)

4 Star

(2)

3 Star

(1)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 4 Customer Reviews
  • Anonymous

    Posted October 13, 2012

    A strong and brave tom

    Hello said a strong tom. My name is war. I am a black tom with red battle marks. I will assist you in whatever u need. Hes took a step foreward and you could see his big mussles flex. I am very brave and stong

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted October 13, 2012

    To war

    Alright. Go to the next result.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted February 27, 2001

    An Excellent Resource

    Another excellent book from O'Reilly. I picked this up as a supplemental text for a course in CGI Perl programming and found myself reading every chapter. I found it refreshing that the text explained why certain elements are important as well as giving specific examples as how to implement them with Perl. Chapters on templates, email, data persistence, and the CGI Perl Module are especially helpful to the novice CGI programmer. The text does, however, assume that the reader has some familiarity with Perl and some JavaScript.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted August 4, 2000

    Good for the Experienced CGI Programmer

    I am new at CGI and hoped that this book would help be develop my skills. I have a basic understanding of Perl, JavaScript and others, but I found my self lost from the begging. The authors seem to know what they are talking about, but the assume too much for the novice web designer. However, I did pick a few things up and I am still a fan of the O¿Reilly line of books.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 4 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)