CGI debugging problems

Started by ale870, February 02, 2008, 03:34:18 AM

Previous topic - Next topic

ale870

#15
One question: if CGI, now, maybe is not the best way to use newLisp, what can I do to make a server application? Do I need to use newLisp server?

Or... what? Can you help me to find an alternative way to CGI?
--

Jeff

#16
The alternatives to CGI are to write a mod_newlisp for Apache or fast cgi adapter.  At the moment, CGI is all there is for newLISP.  It's only the CGI module that I feel needs to be reworked.  My version will be new, although I may steal some code here and there :).



There is no problem with using QUERY_STRING.  You didn't understand what I meant.  The cgi module first parses QUERY_STRING and fills the parameters list with those.  Then it parses the POST data and fills the list with those, overwriting any similarly-named named GET variables.  Both sets of key-value pairs are put into the same list.  There is no way to know if a key came from GET or POST data, which is unsafe.  It means that someone could confuse the server by posting a variable to a CGI that overwrites something in the query string.



I was saying that I could try and guess whether one of the keys in the parameters list was set in GET or POST by whether it appeared in QUERY_STRING.  However, if a key appears in both, there is no way to get the GET value back (since it was overwritten by the POST version).
Jeff

=====

Old programmers don\'t die. They just parse on...



http://artfulcode.net\">Artful code

ale870

#17
Thank you Jeff for the clarification.

One question more:



newLisp server with or without xinetd or inetd is a realiable system or not for an intranet or distributed processes over a private (company) network?



For intranet only, is it a good idea using newLisp server to serve private web / rich client applications or is better using apache and standard CGI?
--

Jeff

#18
The documentation says it's ok to run behind a firewall.  I think it's unsafe though, because there is absolutely no form of authentication.



If someone gets behind the firewall, the system is compromised.  If you have a wireless access point behind the firewall (since there is no form of wireless security that can't be fairly easily broken at the moment), the system is compromised.  If you don't want every single user on your LAN to be able to send potentially harmful commands to your newLISP server, the system is compromised.
Jeff

=====

Old programmers don\'t die. They just parse on...



http://artfulcode.net\">Artful code

Jeff

#19
I've posted the work I have completed on the Request class.  It's not complete on its own.  It will be accompanied soon by a Response class for output as well.



http://www.artfulcode.net/projects/newlisp-request-class/">http://www.artfulcode.net/projects/newl ... est-class/">http://www.artfulcode.net/projects/newlisp-request-class/
Jeff

=====

Old programmers don\'t die. They just parse on...



http://artfulcode.net\">Artful code

ale870

#20
Thank you!

I'm working on distributed computing just to see if I can get good results with persistent connections and not using CGI and Apache ;-)
--