CGI and Perl

What Happens after the Request

After the HTTP request has occurred and the target of the request is your CGI script, a few things occur. Unless your script is being run on an ISP's server using a "CGI-wrap" type program (discussed in Chapter 3, "Security on the Web"), the Web server executes your script. Every process (or running program) in a UNIX environment is executed by (or owned by) the user who executes it. This makes it easier to keep track of which users are allocating which resources and running which programs. However, in the case of a CGI script, the user causing the script to be run is unknown--some Web browser somewhere. The Web server software executes your script as some non-privileged user like nobody or webuser. (You can actually use any name you want; the name can be configured in your Web server's config file.) For security reasons, this nobody user running your script typically has almost no privileges on the system.

So, now you have a program running on the server as nobody or webuser or something similar. It is important to know the name of the user that your script is running as, especially if your program must read or write to any files. Remember that in a UNIX environment, file permissions are very important. If the Web server is running your CGI as nobody and it needs to write to a file owned by betty, and this file is chmod'd to 744 (-rwxr- -r- -) so only the owner can write to it, your CGI will fail because it can't write to the file.

After your program is run, all the variables discussed in the previous section are stored in its environment and available to it. Using these variables in your CGI is quite simple by using the Perl WWW libraries.

The following output is the actual environment that was generated by a Netscape Communications Server after a request was sent from Netscape Navigator:

SERVER_SOFTWARE   : Netscape-Communications/1.12
 SERVER_NAME       :
 SERVER_PORT       : 80
 PATH_INFO         : /path/foo
 PATH_TRANSLATED   : /var/www/htdocs/path/foo
 SCRIPT_NAME       : /html_tutorial/cgi-bin/env.cgi
 QUERY_STRING      : query_string
 REMOTE_HOST       :
 REMOTE_ADDR       :
 AUTH_TYPE         :
 REMOTE_USER       :
 HTTP_ACCEPT       : image/gif, image/jpeg, */*
 HTTP_USER_AGENT   : Mozilla/2.0S (X11; I; IRIX 6.2 IP22)