Since this article was written, a new module has become
available: Roland Giersig’s
Expect.pm, available on
CPAN. I recommend it over both
Comm.pl; not only is it a full-fledged module, but
it uses IO::, which renders Lincoln’s workaround in the section Oops unnecessary.
I like to keep my CGI scripts puny and weak, and you should too. CGI scripts are a gateway into your system from the Internet, and are, unfortunately, all too often exploited by unscrupulous people for nefarious ends. The more access a CGI script has to your system, the more dangerous it becomes when used for unintended purposes.
To keep CGI scripts under control, most webmasters, myself
included, run the web server under an unprivileged user account. On Unix
systems, this is often an account called
Windows, it’s an anonymous account with guest logon access. On correctly
configured systems, the web server user account has even fewer
privileges than an ordinary user. It doesn’t own a home directory, have
a shell, or even have the ability to log in as a normal user.
Under most circumstances you’ll never notice the fact that CGI scripts run as an unprivileged user. However, sometimes this fact becomes inconvenient. For example, what if you want to give remote users read/write access to their home directories from across the web, allow web access to a database that uses account privileges for access control, or perform administrative tasks ...