Downloading, Installing, and Debugging CGI Scripts
Before I begin to discuss how to design and create your own CGI scripts, I thought I'd give you the opportunity to save yourself a lot of work. There are thousands of CGI scripts that have already been written and are publicly available for download over the Internet. In some cases, rather than writing a script of your own, you can download a script from the Internet and use it instead. This hour also explains some methods for debugging CGI scripts after they're installed. You can use these methods to get scripts you download to work, or to debug your own CGI scripts.
The topics covered in this hour are
A discussion of how to download scripts from the Internet
Information on installing and configuring scripts you download
Information on debugging CGI scripts using a number of different techniques
Downloading Scripts from the Internet
The objective of this book is to teach you how to build your own Web applications using CGI. However, it isn't here to convince you to do unnecessary work. There are bunches of CGI scripts other people have written that you can download from the Internet and use on your own site.
These scripts are useful for two purposes. First, they can save you a lot of work. If you can find a script out there that provides the functionality you need for an application, you may want to use it instead of writing a program from scratch. Second, they can help teach you how to write better applications. You can look at existing programs to see how the author accomplished certain tasks, and decide how you might design your own programs differently, or how you might apply their solutions to problems you have to solve.
Finding the Scripts You Need
In order to find CGI programs to use on your Web sites, you need to know where to look. There are a number of popular repositories for free CGI scripts on the Internet. The best way to find the scripts you need is to search for scripts that seem to offer the functionality you require, and then download those scripts and evaluate them carefully. Some of the most popular script repositories are included in Table 3.1.
Table 3.1 Sites Where You Can Download Public CGI Scripts
This site contains all sorts of information about CGI programming, along with a large library of publicly available scripts.
A large repository of free programs, including CGI scripts.
Billed as the world's largest library of CGI programs, this archive contains thousands of CGI scripts along with other Internet scripts.
These scripts originally made up Selena Sol's Public Domain Script Archive. The scripts are still all free and available to the public.
The NMS scripts are drop-in replacements for scripts originally written by Matt Wright. Matt's scripts were some of the earliest publicly available CGI programs, and were widely adopted. Thousands of sites and ISPs still have them installed. Unfortunately, they're kind of buggy and are fraught with security holes. The NMS scripts work just like Matt's scripts, except without the bugs and security problems.
What to Look for in Publicly-Available Scripts
Obviously, the first thing to look for is whether the CGI script meets the requirements for your application. Without a well-defined set of requirements, it's impossible to reasonably compare one script to another. After you're certain what the application's requirements are, you can start narrowing the field of the CGI scripts available to ones that meet those requirements.
Beyond the satisfaction of your requirements, there are some other issues that you should investigate before using a CGI script that you downloaded over the Internet. These issues surround the general reliability and maintainability of publicly distributed scripts.
Quality of the Source Code
When you download a CGI script from the Internet to use on your site, one issue you'll really want to look into is the quality of the script's source code. Before you start using the script, check out the formatting and comments in the source code. Is the program readable? Can you follow what it does? If not, it may not be worth using. If you need to fix something later, or you want to add some functionality, it's nice to be able to go right in and see where changes need to be made.
Quality source code indicates that the script's author took care when writing the script, and it is also a good sign that the code itself is of high quality. If you're reviewing a number of scripts before you look at any of them in depth, you should be able to throw away scripts that aren't written in an organized and neat manner.
Any time you place a CGI script with a security hole on your server, there's a chance that some malicious person could exploit it to gain access to the server. Well-written CGI scripts don't have security holes. Unfortunately, the Web is full of CGI scripts that aren't well written, and that will introduce security holes on your site. Many of them are written by people to use on their own Web sites; some of them are distributed for use by the public.
These scripts have security holes not because the authors want to expose people who use the scripts to risks, but because writing secure software is difficult. You should be aware of the fact that any time you download someone else's program and use it on your server, there might be security problems with the program that you don't know about.
Think about itif thousands of people are using the same insecure script, chances are somebody has figured out where the hole is. If the person who discovered the hole, or any person who's heard about the security hole, is interested in breaking into your Web server, he can take advantage of the publicly known security flaw.
Even worse, this malicious person can use Internet search engines to find sites that use the offending CGI script, and then break into them. So it's very important to understand CGI script security when you install CGI scripts, and to review the source code for the scripts before you install them on your Web server. In Hour 22, "Securing CGI Scripts," I'll talk more about CGI security and provide a list of sites where you can find out about security problems with scripts that you might be using.
One question you'll want to get an answer to is how much support the author of the script provides. Support comes in two forms: direct support to users who are having problems, and regular improvements and updates to the program. Most people who distribute software for free don't provide much personal support, although if you treat them nicely, they'll often answer questions. On the other hand, you should look for scripts that are being actively maintained by their authors, or by someone who has taken over the maintenance of the software.
Despite the best efforts of software developers, most software has bugs, security holes, and other problems that must be fixed. If nobody is maintaining the program you use, it's up to you to maintain it yourself. For most people, it's easier to rely on the original author to maintain a script than to maintain it themselves.
If you purchase commercial scripts, you should make sure that the company you deal with offers adequate support for your problems. Dealing with a one man shop where the developer also provides support and handles sales can be a pain if the proprietor gets overburdened or decides to get a regular job instead of keeping up with their products.