Table of Contents
Introduction
Installation
Handling Challenger
Virtual Servers
Configuration Examples
Modules
Filesystems
RXML Tags
Graphics
Proxy
Databases
Miscellaneous Modules
Security Considerations
Scripting
Frontpage
Upgrading
Third Party Extensions
Portability
Reporting Bugs
Appendix
|
CGI
CGI scripts are the most common way of doing scripting, being
supported by virtually every webserver. They work by starting an
external program for each request. The program is often not a compiled
program but a script written in something else, like perl.
The advantages of CGI scripts are that they can be used to run any kind
of scripts written in any language, and that they are portable between
different webservers. The disadvantages are that they are resource
hungry, needing to start an external program for each request and that CGI
scripts are one of the most common security hazards on the
web. Most often because they were not written with security in
mind.
In Challenger, CGI scripts are supported through the CGI
executable support. The module can be configured to either
run the CGI scripts as the user who has written them, or to run all CGI
scripts as a user with low priviliges.
It is possible to use CGI scripts together with RXML. Either by
letting the output of the CGI script being parsed with the RXML parser
or by executing the CGI scripts with the <cgi> tag.
|
|
Even if CGI scripts are run so they cannot hurt the
server itself, they can often hurt the user who owns them. Most users
do not understand how CGI scripts work, but will download and install
them from the net, with no thought of security. It is often better to
provide the functions the user's want as RXML tags. The user will
understand RXML tags better, since they are like HTML tags, and the
administrator will get better control over the server.
CGI executable support
- Allow listing of cgi-bin directory
-
If set, the users can get a listing of files in the CGI-bin directory.
- Allow symlinks
-
If set, allows symbolic links to binaries owned by the directory
owner. Other symlinks are still disabled.
This option has an effect only if the Run user scripts as
owner variable is set and is available only when the server is
run as root. .
- CGI-bin path
-
The module's location in the virtual filesystem. By default the module
will also handle one or more extensions, from any filesystem.
- CGI-script extensions
-
Extension of files to be handled as CGI scripts. The Handle
*.cgi variable has to be set for this option to have any effect.
- Handle *.cgi
-
This handles files ending with the extensions configured in the
CGI-script extensions variable. If set, files with these
extensions will be handled as CGI scripts, regardless from which
filesystem they were fetched.
- Limits
-
- Priority
-
This option affects the nice value of the CGI processes. If it is set
to a higher value CGI scripts might get more CPU than the actual web
server, something which might not always be a good idea.
- Log CGI errors to...
-
Where to log error messages from a CGI script, or rather any output
the script writes to stderr. By default the error messages will
be sent to the debug log file.
- Parse RXML in CGI-scripts
-
If this option is set the output of the CGI script is sent through the
RXML parser. The parsing will take place after the CGI script has
finished processing, nothing will be sent to the user until the CGI
script finishes. This option will not work if you have CGI scripts
that does animations or other things that require them to send data
over a long time to the user. It is however possible to enable two
CGI executable support modules, one to handle scripts
that are to be RXML parsed and another to handle normal CGI scripts.
This is option is onlt available if you have choosen to More
options.
- Provide the <cgi>tag
-
If set it will be possible to execute CGI scripts via the
<cgi> tag.
- Run scripts as
-
Which user to run the CGI scripts as. This will default to nobody if
nothing is specified. This option is only available when Challenger is
run as root.
- Run user scripts as owner
-
If set, scripts in user home directories will be run as the user. This
overrides the Run scripts as variable. This option is only
available when the server is run as root.
- Search path
-
The location of the CGI-bin directory in the read file system.
- Set the supplementary group access list
-
If this option is set the script will be run with membership in all
the users supplementary groups, ie the groups in the
/ect/group file.
- Treat non-executable files as ordinary files
-
If this flag is set, files that does not have the executable bit set
will be treated as normal files and sent to the user. If the flag is
not set attempts to get such files will result in an error message.
|