Top Most CGI Programming Interview Questions
What Do I Absolutely Need To Know In Cgi?
If you’re already a programmer,CGI is extremely straightforward, and just three resources should get you up to speed in the time it takes to read them:
Installation notes for your HTTPD.Is it configured to run CGI scripts, and if so how does it identify that a URL should be executed? (Check your manuals, READMEs, ISP webpages/FAQS, and if you still can’t find it ask your server administrator).
The CGI specification at NCSA tells you all you need to know to get your programs running as CGI applications.
WWW Security FAQ. This is not required to ‘get it working’, but is essential reading if you want to KEEP it working!
If you’re NOT already a programmer, you’ll have to learn. If you would find it hard to write, say, a ‘grep’ or ‘cat’ utility to run from the commandline, then you will probably have a hard time with CGI. Make sure your programs work from the commandline BEFORE trying them with CGI, so that at least one possible source of errors has been dealt with.
Do I Have To Use Perl?
No – you can use any programming language you please. Perl is simply today’s most popular choice for CGI applications. Some other widelyused languages are C, C++, TCL, BASIC and – for simple tasks -even shell scripts.
Can I Identify Users/sessions Without Password Protection?
The most usual (but browser-dependent) way to do this is to set a cookie. If you do this, you are accepting that not all users will have a ‘session’.
An alternative is to pass a session ID in every GET URL, and in hidden fields of POST requests. This can be a big overhead unless _every_ page requires CGI in any case.
Another alternative is the Hyper-G[1] solution of encoding a session-id in the URLs of pages returned:
http://hyper-g.server/session_id/real/path/to/page
This has the drawback of making the URLs very confusing, and causes any bookmarked pages to generate old session_ids.
Note that a session ID based solely on REMOTE_HOST (or REMOTE_ADDR) will NOT work, as multiple users may access your pages concurrently from the same machine.
How Can I Stop My Cgi Script Reading And Writing Files As Nobody?
CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD process, which is (by convention) usually a special user “nobody”.
There are two basic ways to run a script under your own userid:
(1) The direct approach: use a setuid program.
(2) The double-server approach: have your CGI script communicate with a second process (e.g. a daemon) running under your userid, which is responsible for the actual file management.
The direct approach is usually faster, but the client-server architecture may help with other problems, such as maintaining integrity of a database.
When running a compiled CGI program (e.g. C, C++), you can make it setuid by simply setting the setuid bit:
e.g. “chmod 4755 myprog.cgi”
For security reasons, this is not possible with scripting languages (eg Perl, Tcl, shell). A workaround is to run them from a setuid program, such as cgiwrap.
In most cases where you’d want to use the client-server approach, the server is a finished product (such as an SQL server) with its own CGI interface.
A lightweight alternative to this is Don Libes’ “expect” package.
Do I Need To Be On Unix?
No, but it helps. The Web, along with the Internet itself, C, Perl, and almost every other Good Thing in the last 20 years of computing, originated in Unix. At the time of writing, this is still the most mature and best-supported platform for Web applications.
Are There Some Interactive Debugging Tools And Services Available?
Several CGI programming libraries offer powerful interactive debugging facilities.
These include:
– for Perl, Lincoln Stein’s CGI.pm
(now part of the standard Perl distribution)
– for Tcl, Don Libes’ cgi.tcl
http://expect.nist.gov/cgi.tcl
– for C++, Nick Kew’s CGI++
http://www.webthing.com/cgiplusplus/
Nathan Neulinger’s cgiwrap is another package with debugging aids.
The “mod_cgi” Apache module (new with Apache 1.2) enables you to capture script output and errors for diagnosis.
Explain Is Cgi A Script Or A Program?
The distinction is semantic.Traditionally, compiled executables(binaries) are called programs, and interpreted programs are usually called scripts.In the context of CGI,the distinction has become even more blurred than before.The words are often used interchangably (including in this document).Current usage favours the word “scripts” for CGI programs.
Is It A Script Or A Program?
The distinction is semantic. Traditionally, compiled executables (binaries) are called programs, and interpreted programs are usually called scripts. In the context of CGI, the distinction has become even more blurred than before. The words are often used interchangably (including in this document). Current usage favours the word “scripts” for CGI programs.
What Is The Difference Between Object Oriented And Structured Oriented Programming?
Object Oriented means programme will be their in terms of Class and Object relationship will be their.
Structured Oriented Means programme will be their in terms of multiple Functions.
Is There An Equivalent Of Javascripts Escape() Function In Perl?
Try This:
require CGI;
$escaped = CGI::escape( $normal );
# …or…
sub escape {
my $str = shift || ”;
$str =~ s/([^w.-])/sprintf(“%%%02X”,ord($1))/eg;
$str;
}
$escaped = escape( $normal );
When Do I Need To Use Cgi?
There are innumerable caveats to this answer, but basically any Webpage containing a form will require a CGI script or program to process the form inputs.
Is It Possible To Set A Cookie And Then Redirect A Return Visitor To A Different Url All Using Cgi?
Try:
#! /usr/bin/perl -w
use CGI qw(:cgi);
my $q = CGI->new();
my $cookie = $q->cookie(
-name => ‘yummy_cookie’,
-value => ‘chocolate chip’,
-domain => ‘.globalguideline.com’,
-expires => ‘+10d’,
-path => ‘/’
);
print $q->redirect(
-url => ‘http://www.globalguideline.com’,
-cookie => $cookie
);
__END__
If you leave out the “-domain”, and “-path”, then they will default to current values. The above example will be returned to all servers in the irt.org domain.
If you leave out the “-expires”, then the cookie will expire when the user closes their browser. The above expires after 10 days.
Can I Redirect Users To Another Page?
For permanent and simple redirection, use the HTTPD configuration file:
it is much more efficient than doing it yourself. Some servers enable you to do this using a file in your own directory (eg Apache) whereas others use a single configuration file (eg CERN).
For more complicated cases (eg process form inputs and conditionally redirect the user), use the “Location:” response header.
If the redirection is itself a CGI script, it is easy to URLencode parameters to it in a GET request, but dont forget to escape the URL!
Does Cgi Create New Security Risks?
Yes. Period.
There is a lot you can do to minimize these.
What Is The Difference Between A Cgi Script And A Cgi Program?
Generally, scripts are only several lines of code which do some useful function that would be overkill to write in a full-featured language.
With Perl, you can go either way. You can write Perl scripts and Perl programs. Larry Wall (the creator of Perl) once said “You can write Perl programs, and you can write C scripts. More people talk about Perl programs than C scripts, so I guess that means Perl is more versatile”.
How Can I Run My Cgi Program Live In A Debugger?
At First,in the CGI code, at it is start, add “sleep(30);”. This will cause the CGI to do nothing for thiry seconds (you may need to adjust this time). Compile the CGI with debuging info (“-g” in gcc) and install the CGI as normal. Next, using your web browser, activate the CGI. It will of course just sit there doing nothing.
While it is sleeping, find it is PID(ps -a | grep ). Load your debugger and attach to that PID(“attach ” in gdb). You will also need to tell it where to find the symbol definitions (“symbol-file ” in gdb).
Then set a break point after the invocation of the sleep function and you are ready to debug. Do be aware that your browser will eventually timeout if it does not receive anything.
What Is A Cgi Bin Directory?
A CGI bin directory is a special directory on the server where CGI scripts are allowed to be executed.
Most servers are configured to only allow CGI scripts to be executed from one location, in order to minimize security holes. Poorly written scripts can wreak havoc on a server if allowed to run unchecked – most system admins will want to verify that the script is not doing anything malicious before letting you run it.