Talk:Common Gateway Interface

Latest comment: 5 years ago by Sirfurboy in topic CGI Security

Clarification of "This/Apache"

edit

Phrase "This/Apache creates a small, ..." in section "More details" needs clarification. Toni Stoev (talk) 17:47, 4 October 2011 (UTC)Reply

Also stumbled over this. Even if it were English, it would still be confusing what is being referred to. 86.12.165.129 (talk) 10:32, 10 November 2011 (UTC)Reply

Clarification Apache and CGI

edit

Just a point of clairification. Is Apache an instance of a CGI program? And how does GCI handle SSI? Newbie questions, I know... —Preceding unsigned comment added by 64.178.98.66 (talkcontribs) 21:09, 28 June 2005

For what it's worth, Apache is an instance of a web server software, and CGI is software that may run on a web server. SSI means Server Side Includes. --Unixguy 16:55, 15 October 2007 (UTC)Reply
CGI is more or less of a standard that is explicitly server-independent. Also note that there is often confusion between a standard and the implementation of the standard; in other words, "CGI" can refer to how a CGI script is executed or it might refer to the CGI script. Apache is not an instance of a CGI program, it is software that can execute a CGI script as determined by the standard (that might not be an official standard) defining how to do that. Sam Tomato (talk) 20:59, 22 January 2017 (UTC)Reply
edit

I have submitted the article HTTP cookie for peer review (I am posting this notice here as this article is related). Comments are welcome here: Wikipedia:Peer review/HTTP cookie/archive1. Thanks. - Liberatore(T) 16:56, 14 January 2006 (UTC)Reply

CGI-bin

edit

Can someone explain what this is? Also, is it CGI-bin or CGI-BIN? Thanks!

CGI-bin stands for CGI binaries (programs). It is commonly also used as the default name of the folder where the CGI programs are stored in various server applications such as Apache. The reason that all CGI programs for a given site are usually placed in one folder is to make it easier to secure the server. Superflyguy 19:21, 10 August 2006 (UTC)Reply
Write this in the article... (someone wrote sometime)

The directory is actually named "cgi-bin". Unix file names are case-sensitive, and all-lower-case is used for most names. 69.87.200.113 13:58, 17 January 2007 (UTC)Reply

CGI binaries do not need to be in the CGI-bin, they can be placed any place else if you configure .htaccess correctly. 83.55.41.191 (talk) 16:20, 6 January 2010 (UTC)Reply
or configure it incorrectly, depending on your point of view.
WWW Security FAQ: CGI Scripts Sam Tomato (talk) 21:18, 22 January 2017 (UTC)Reply

Abstract or article?

edit

The abstract of the article is longer than the article itself. What should remain in the abstract, and what should be moved? Superflyguy 19:21, 10 August 2006 (UTC)Reply

The abstract is now short. Sam Tomato (talk) 21:03, 22 January 2017 (UTC)Reply

http://www.example.org/wiki.cgi

edit

The http://www.example.org/wiki.cgi link is not up to date any more, sorry :(

See RFC 2606 Reserved Top Level DNS Names; "example.org" is a reserved second level domain name for use in examples. Sam Tomato (talk) 21:07, 22 January 2017 (UTC)Reply

Beware of AWB

edit

Twice now I've seen people use AWB to "clean up" the article, mostly removing underscores from links to articles such as mod_perl, etc. These underscores are part of the names and should not be removed. Everybody says "mod_perl"; almost nobody says "mod perl". - furrykef (Talk at me) 22:52, 21 December 2006 (UTC)Reply

Too brief

edit

This is a pathetically too-little article for such an important tech subject. How about some actual sample protocol details etc? 69.87.200.113 14:01, 17 January 2007 (UTC)Reply

Seconded. The article spends more time talking about shortcomings and alternatives than about CGI. There is also some wankery in there about how the trade off is the software engineer's decision to make. At least there are some external links. —The preceding unsigned comment was added by 67.128.198.190 (talk) 23:55, August 20, 2007 (UTC)

I have provided an answer in What is Common Gateway Interface (CGI)? - Stack Overflow that I think makes things much more clear. I will try to update this article with the material from that answer. Sam Tomato (talk) 23:58, 20 January 2017 (UTC)Reply

VBMcgi

edit

I've just removed the following links from the "see also" section. If they are considered appropriate for the article (which I doubt) then they should be in "external links" not "see also".

  • VBMcgi - A free, open-source, cross-platform, C++ library for web/cgi software, using C++ and 3-tier architecture.
  • The sbVB VBMcgi course - A course on VBMcgi

Davorg 11:27, 13 February 2007 (UTC)Reply

Technical

edit

Does it mean that a website running CGI scripts will access remote computers? ~ R.T.G 23:40, 20 November 2008 (UTC)Reply

No, it doesn't. There is clearly something wrong with this article. Perhaps it shouldn't be here in the first place. Rp (talk) 19:25, 31 March 2009 (UTC)Reply
I have rewritten the introduction to address this. Rp (talk) 11:03, 25 November 2009 (UTC)Reply

The lack of a single official CGI specification

edit

RFC 3875 is not the CGI spec. It is an informational article by two authors from the Apache Software Foundation that attempts to define CGI more formally. It is a common misconception that every RFC document is (or was) a standard. That is far from true. See RFC 1796 for an explanation. RFC 3875 can be considered a standard only if most CGI implementors agree to adhere to it. If you have seen any statements by implementors, please cite them. It looks like the closest thing to the CGI spec is the original CGI/1.1 spec at NCSA which is cited by nearly everyone. — Alexander Konovalenko (talk) 13:38, 23 November 2009 (UTC)Reply

Good point. Rp (talk) 18:45, 23 November 2009 (UTC)Reply
No, actually, RFC 3875 is the official CGI spec at this point. I will look for statements to cite, and if I cannot find any, I will make one re Apache by virtue of being one of the RFC authors and an Apache core developer. The RFC was developed by a number of people, among whom were some implementors. Rodent of Unusual Size (talk) 02:10, 19 March 2010 (UTC)Reply

The link to the NCSA "spec" appears to be broken. —Preceding unsigned comment added by 203.26.20.4 (talk) 07:00, 9 February 2011 (UTC)Reply

Higher level APIs: ASP, JSP, PHP

edit

I think Java Servlet/JSP, Microsoft ASP, PHP and other technologies should be referenced as more advanced solutions to the problem that CGI came to solve. 212.179.92.170 (talk)

What do you mean by that? PHP is installed either as an apache module or as a CGI binary. Why is PHP more advanced than CGI? They are two different concepts. 83.55.41.191 (talk) 16:18, 6 January 2010 (UTC)Reply
What 212.179.92.170 means is that JSP, ASP and PHP don't usually use CGI scripts. They are not themselves more advanced solutions, but they do typically use a more advanced alternative to CGI scriipts, an alternative that is explained in the article, but perhaps not with sufficient clarity. Rp (talk) 17:59, 6 January 2010 (UTC)Reply
Yes, but you can write Perl or compiled binaries (C/C++/Java) that can be executed in CGI/FastCGI just like you can with JSP, ASP and PHP. I think the point is that CGI/FastCGI are language independent, so mentioning specific languages is simply wrong and leads to misunderstandings. Maybe 212.179.92.170 is talking about Apache modules but shared web hosts do not usually use them because they are less secure than CGI/FastCGI. CGI/FastCGI is process separated which is more secure than running embedded to Apache as a module. 83.55.41.191 (talk) 20:58, 6 January 2010 (UTC)Reply
I agree, but I believe the article should discuss this to make sure that these widespread misunderstandings don't propagate from here. Rp (talk) 09:45, 18 January 2010 (UTC)Reply
PHP doesn't use CGI scripts, the PHP compiler/environment is a CGI script, at least originally. See PHP: History of PHP - Manual. Sam Tomato (talk) 21:35, 22 January 2017 (UTC)Reply
edit

Can anyone help out? Most of the links to the historical spec documents seem to be 404s. The same is true if you visit the w3c site, their links to external documents are also broken.CecilWard (talk) 09:35, 15 April 2010 (UTC)Reply

I have never seen the original documentation at NCSA's "hoohoo" server but I found what looks like a mirror of the original documentation at [1]. It appears that the NCSA has shut down the original server without any intent to bring its former contents back on-line (see [2]). --Claim (talk) 08:34, 28 June 2011 (UTC)Reply

Please make up your mind.

edit

Par. 1:

In simple words the CGI provides an interface between the webservers and the clients.

Par. 3:

CGI specifies which information is communicated between the webserver and such a console application, and how.

--Doru001 (talk) 10:04, 24 May 2010 (UTC)Reply

These are two ways of saying exactly the same thing. Rp (talk) 08:40, 19 April 2011 (UTC)Reply
Both statements do not exist in the document any more but they are both the type of vague statements that always frustrate me. I think people that don't understand the details write things like that. Sam Tomato (talk) 21:39, 22 January 2017 (UTC)Reply

"... and NCSA still hosts it at its original location."

edit

Not true anymore. 84.73.74.190 (talk) 12:30, 28 February 2011 (UTC)Reply

edit

Prior content in this article duplicated one or more previously published sources. The material was copied from: http://searchsoa.techtarget.com/definition/common-gateway-interface. Infringing material has been rewritten or removed and must not be restored, unless it is duly released under a compatible license. (For more information, please see "using copyrighted works from others" if you are not the copyright holder of this material, or "donating copyrighted materials" if you are.) For legal reasons, we cannot accept copyrighted text or images borrowed from other web sites or published material; such additions will be deleted. Contributors may use copyrighted publications as a source of information, but not as a source of sentences or phrases. Accordingly, the material may be rewritten, but only if it does not infringe on the copyright of the original or plagiarize from that source. Please see our guideline on non-free text for how to properly implement limited quotations of copyrighted text. Wikipedia takes copyright violations very seriously, and persistent violators will be blocked from editing. While we appreciate contributions, we must require all contributors to understand and comply with these policies. Thank you. NortyNort (Holla) 10:49, 3 June 2011 (UTC)Reply

"Purpose of the CGI standard" section

edit

I think that some or much of the material in the "Purpose of the CGI standard" section do not describe the purpose of it.

The current first paragraph is a general description of HTML with server-dependent implementation details that are better described elsewhere.

The current third paragraph says: one thing the script would need to know is whether the user is logged in and, if logged in, under which name That is misleadingly vague and not helpful.

The section then proceeds to describe query strings that also are best described elsewhere.

I have added content to that section but not removed content. Sam Tomato (talk) 21:49, 22 January 2017 (UTC)Reply

CGI Security

edit

I recall that there was a widespread security issue introduced by a bug in a CGI example script in (I think) the NCSA reference server somewhere between 1993 and 1996 that allowed code execution on the server with the permission of the web server user id. This was a new class of vulnerabilities on the web, and that script was perhaps the first widespread example of the same. I think this is notable enough to get a section. Does anyone remember the name of the the offending script?

phf? Rp (talk) 21:58, 21 November 2019 (UTC)Reply
Thanks, yes, that may well be the one. I will do some more reading and then add something (unless anyone objects, or else adds it first!) — Sirfurboy (talk) 22:09, 21 November 2019 (UTC)Reply