Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Server Design Assignment #5: Unsafe Methods & CGI

Published byArchibald Wilson Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Server Design Assignment #5: Unsafe Methods & CGI"— Presentation transcript:

1 Web Server Design Assignment #5: Unsafe Methods & CGI
Old Dominion University Department of Computer Science CS 495/595 Spring 2007 Michael L. Nelson

2 Grading To be done by an automated program that will test most (all?) combinations assignment is listed under the day it is to be demoed in class each group will give a 3-4 minute status report the week before an assignment is due! If you have a question: the class list mimic the behavior of a well known Apache server (e.g.,

3 Methods to Support Same as assignments 1-4, plus: DELETE, PUT, POST
as per Lecture 14 n.b. OPTIONS (lecture 14)

4 Status Codes to Support
Same as assignments 1-4, plus: 201 Created PUT, POST 405 Method Not Allowed 411 Length Required 413 Request Entity Too Large 414 Request-URI Too Long

5 Request Headers Same as assignments 1-4, plus: Content-type:
Content-Length: Content-Disposition: (in form data)

6 Response Headers Same as assignments 1-4

7 MIME Types, Encodings, etc.
All as per assignments 1-4, plus: Your server accepts the following “Content-Type” headers: multipart/form-data application/x-form-www-urlencoded

8 Guidelines PUT, DELETE are allowed recursively, as per directives in the WeMustProtectThisHouse! file Limits URI: 2k Entity: 2MB You should flag for Entities longer than advertised as per the “Content-Length” header, but I will not test for error conditions Always issue an HTML description describing the results (success or failure) of PUT and DELETE we will not produce 202 or 204

9 WeMustProtectThisHouse! Format
% cat WeMustProtectThisHouse\! # ALLOW-PUT ALLOW-DELETE authorization-type=Basic realm=“Lane Stadium” # always quote realm since it might have spaces # user format = name:md5(password) mln:d3b07384d113edec49eaa6238ad5ff00 bda:c157a79031e1c40f bc5fc552 jbollen:66e0459d0abbc8cd8bd9a88cd226a9b2

10 CGI Invocation Invoke the URI as an executable program iff: Warning!!!
POST method GET method with “query string” Warning!!! ensure your URI is relative to your document root dangerous: GET /bin/rm?-rf HTTP/1.1

11 CGI Program #!/usr/bin/perl print "Content-type: text/html\n\n";
foreach $key (keys (%ENV)) { print "$key = $ENV{$key} <br>\n"; } while (<STDIN>) { print "$_<br>\n";

12 Required Environment Variables
SCRIPT_NAME SCRIPT_URI SCRIPT_FILENAME HTTP_REFERER HTTP_USER_AGENT REQUEST_METHOD REMOTE_ADDR QUERY_STRING REMOTE_USER AUTH_TYPE SERVER_NAME SERVER_SOFTWARE SERVER_PORT SERVER_ADDR SERVER_PROTOCOL leave blank if not available

Download ppt "Web Server Design Assignment #5: Unsafe Methods & CGI"

Similar presentations

How does the server format the information it gives to the appln program? As environment variables and in standard input.

How does the server format the information it gives to the appln program? As environment variables and in standard input.
Configuring Apache Server and Perl for CGI T.A. Maisa Khudair Dr. Qusai Abu Ein.

Configuring Apache Server and Perl for CGI T.A. Maisa Khudair Dr. Qusai Abu Ein.
CGI. XML2 Common Gateway Interface n Georgia Tech 1995 Web Usage Survey –Perl - 46.7% –C - 12.5% –Shell Scripts - 8.1% –Tcl - Tool Commercial Language.

CGI. XML2 Common Gateway Interface n Georgia Tech 1995 Web Usage Survey –Perl % –C % –Shell Scripts - 8.1% –Tcl - Tool Commercial Language.
Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.

Pass data1 Passing data from an HTML page to a program Dr Jim Briggs.
Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.

Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.
Common Gateway Interface

Common Gateway Interface
1 ‘Dynamic’ Web Pages So far, we have developed ‘static’ web-pages, e.g., cv.html, repair.html and order.html. There is often a requirement to produce.

1 ‘Dynamic’ Web Pages So far, we have developed ‘static’ web-pages, e.g., cv.html, repair.html and order.html. There is often a requirement to produce.
Overview A plain HTML document is static A CGI program is executed in real-time, so that it can output dynamic information. CGI (Common Gateway Interface)

Overview A plain HTML document is static A CGI program is executed in real-time, so that it can output dynamic information. CGI (Common Gateway Interface)
CP3024 Lecture 3 Server Side Facilities. Lecture contents  Server side includes  Common gateway interface (CGI)  PHP Hypertext Preprocessor (PHP) pages.

CP3024 Lecture 3 Server Side Facilities. Lecture contents  Server side includes  Common gateway interface (CGI)  PHP Hypertext Preprocessor (PHP) pages.
Nic Shulver, Intro: Developing Server Applications What is a server? Many types of server – File server – file: networked file.

Nic Shulver, Intro: Developing Server Applications What is a server? Many types of server – File server – file: networked file.
Web Server Design Week 14 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/14/10.

Web Server Design Week 14 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/14/10.
USING PERL FOR CGI PROGRAMMING

USING PERL FOR CGI PROGRAMMING
CSCE 510 - Systems Programming Lecture 21 Web Server: CGI -Dynamic Pages CSCE March 25, 2013.

CSCE Systems Programming Lecture 21 Web Server: CGI -Dynamic Pages CSCE March 25, 2013.
CGI programming Peter Verhás January 2002. What this tutorial is about Introduction to CGI programming Using ScriptBasic –Simple to program –Simple to.

CGI programming Peter Verhás January What this tutorial is about Introduction to CGI programming Using ScriptBasic –Simple to program –Simple to.
Perl: Lecture 2 Advanced RE & CGI. Regular Expressions 2.

Perl: Lecture 2 Advanced RE & CGI. Regular Expressions 2.
Perl CGI What is CGI? Common Gateway Interface A means of running an executable program via the Web. Perl have a *very* nice interface to create CGI.

Perl CGI What is "CGI"? Common Gateway Interface A means of running an executable program via the Web. Perl have a *very* nice interface to create CGI.
Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.

Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.
Form Data Encoding GET – URL encoded POST – URL encoded

Form Data Encoding GET – URL encoded POST – URL encoded
Internet and Intranet Fundamentals

Internet and Intranet Fundamentals
Web Server Design Assignment #2: Conditionals & Persistence Due: 02/24/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010.

Web Server Design Assignment #2: Conditionals & Persistence Due: 02/24/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010.

Similar presentations

Ads by Google