Shell Scripting: Expert Recipes for Linux, Bash, and More

Recipe 16-2: CGI Scripts

The Common Gateway Interface, or CGI, is the protocol that defines how data is passed to web servers, most recognizably in the form http://www.example.com/page?name=steve&shell=bash, but also, less noticeably, how forms are processed by web servers. This is often used with languages such as PHP, which require additional software on top of your web server, but these tasks can be performed using just a web server and the shell.

On today’s Internet, CGI scripts need to be extremely robust and secure because anybody who can trick the script into doing something out of the ordinary can execute code on the web server with the permissions of the user account that runs the script. More complex systems such as PHP add more bloat and can hide the underlying details of what is happening, but they do add some additional security protection. For debugging problems with these more complicated systems, or in trusted or very simple environments, the shell can also be used for CGI scripts.

Technologies Used

• HTTP
• CGI; RFC 3875
• Apache mod_cgi
• eval, case, read

Concepts

The CGI protocol evolved faster than it could be documented, but RFC 3875 (http://www.ietf.org/rfc/rfc3875) has since been written to document the Common Gateway Interface. It allows the web server to receive additional data from the browser, using two protocols, GET and POST, which are defined by the HTTP protocol. DELETE and PUT are also in the Representational State Transfer (REST) architecture, although ...