W3C home > Mailing lists > Public > www-talk@w3.org > March to April 1995

Safe CGI Scripting Language (was: Re: Web Scripting Languages)

From: Fisher Mark <FisherM@is3.indy.tce.com>
Date: Wed, 15 Mar 95 08:11:00 PST
To: www-talk <www-talk@www10.w3.org>
Message-Id: <2F671302@MSMAIL.INDY.TCE.COM>

Occasional comments by webmasters on this list leads me to ask: What kind of 
CGI scripts are being written in environments where anyone is permitted to 
write a CGI script?  Are these scripts mainly novel gateways, or are they 
for Web-based interactive applications, or what?  As a system administrator 
who has never run a machine where programs could be arbitrarily placed into 
the main binary directories, I am at a loss for imagining where completely 
arbitrary CGI scripting would be appropriate even in a research environment.

Novel gateways would seem to be a CGI script category that would be amenable 
to the techniques employed in Safe-Tcl with respect to providing a 
restricted, high-level set of primitives.  If most of these scripts provide 
different formatting and detail levels for a few host programs (like 
different SQL database reports), one useful constraint would be to limit the 
allowed list of executable host programs, rather than providing a 
general-purpose "exec()" capability.
======================================================================
Mark Fisher                            Thomson Consumer Electronics
fisherm@indy.tce.com                   Indianapolis, IN

"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."
Received on Wednesday, 15 March 1995 08:17:12 UTC

This archive was generated by hypermail 2.4.0 : Monday, 20 January 2020 16:08:16 UTC