Common Gateway Interface (CGI)

Contents

• Background information
  • What is CGI?
  • Can I install my own CGI?
  • CGI environment
• Security
• Limits
• Common questions
• Other resources for troubleshooting

Background information

What is CGI?

The Common Gateway Interface (CGI) is a protocol that web servers use to translate requests made by an end user on a web site to applications used by that web site to deliver content. With CGI, the web server can invoke an application program, pass parameters to it, and receive data in response. The parameters passed to a CGI program are usually gathered via an HTML form. CGI is the primary method of adding interactivity to web pages.

The CGI protocol has never been officially certified by any standards body, but its specification is available at http://hoohoo.ncsa.uiuc.edu/cgi/.

Visit Yahoo!'s CGI category for an extensive list of CGI programs.

Can I install my own CGI?

Yes, you may install your own CGI programs. Put them anywhere in your /cgi-bin directory, and they must have the file extension .cgi or .pl for the web server to recognize them. Also remember to make sure that they have permissions or attributes that will allow world execute privileges on your CGI files (755).

CGI environment

See the environment variables present when a cgi script runs.

Security

EasyStreet reserves the right to inspect and disable any program that presents security or performance risks. Fundamentally, the CGI protocol allows remote, unprivileged users to execute programs on a machine they do not own.

Why are we worried about security with CGI scripts?

Poorly-written CGI programs can allow access to the system password file and other sensitive system and data files that may enable a malicious user to launch an attack against the system. CGI programs are also capable of consuming large amounts of system resources (CPU, memory and disk space). For these reasons, we take CGI security very seriously. In the context of providing Internet and hosting services to a number of independent users, the term "security" encompasses a number of dimensions:

• Providing access to system resources to authorized users only, where "system resources" are defined as network bandwidth, CPU cycles, memory, disk space and software
• Providing uninterrupted access to system resources
• Ensuring that all authorized users have equal access to system resources
• Ensuring that authorized users do not interfere with one another or inhibit other authorized users from accessing system resources
• Ensuring that authorized users do not interfere with the operation of other Internet hosts or users (also known as "denial of service" attacks)
• Ensuring that authorized users do not violate the system's Acceptable Use Policy

We have taken measures to maximize both security and user convenience, which are often contradicting goals. EasyStreet assumes that any software you install respects system security, system performance, and the property of other users on the system. EasyStreet will disable or remove any software, CGI or otherwise, that threatens system security, consumes an unusual amount of system resources, interferes with another customer's service, or violates EasyStreet's Acceptable Use Policy. EasyStreet may also revoke CGI privileges if deemed necessary. We assume you agree to these provisions if you install software on our systems. These measures are necessary to ensure uninterrupted service and equitable allocation of system resources among all of our customers.

If you have any questions regarding EasyStreet's security policies, please email support@easystreet.com.

Are there any limits placed on CGI programs?

The following limitations will be placed on ALL CGI scripts:

• CPU TIME = 10 Seconds This is the amount of CPU time one CGI program can use at a given time.
• MAXIMUM FILESIZE = 100 KBytes This is the maximum size that one CGI script can reach
• MAXIMUM STACK SIZE = 8 MBytes This is the amount of stack memory that can be used by any CGI program.
• MAXIMUM NUMBER OF PROCESSES = 32 Processes This is the number of processes that can be created by the CGI program at a given time.
• MAXIMUM NUMBER OF OPEN FILES = 32 Open Files This is the number of files that can be opened by the CGI program at a given time.
• MAXIMUM NUMBER OF OPEN CONNECTIONS TO MYSQL = 20

Common Questions

Developer details

Please see our Developer Information for answers to common questions like:

• path to perl/sendmail
• how to determine the absolute path to your home directory

How do I call my CGI script?

In your HTML documents, reference your cgi script with the following path: /cgi-bin/script.cgi

I uploaded my CGI program and it doesn't work. What's wrong?

If you upload a new CGI program, you will need to change its permissions to allow execution. If you have shell access, use the command chmod 755 <File> to do so, where <File> is the name of the CGI program. Most FTP programs also allow you to change permissions.

If you are uploading a CGI program written in a scripting language (such as Perl) from a PC or Mac, configure your FTP client to transfer the file in text mode. Differences in end-of-line characters between Microsoft, Apple and Unix operating systems can render scripts unexecutable. This occurs because the operating system will interpret the ASCII carriage return, (usually ^M), as part of the script interpreter name. For instance:
#!/usr/bin/perl^M

In this case, the operating system will attempt to execute a file named perl^M instead of perl. Usually when this happens, the server gives the error: Command not found.

Other Resources for Troubleshooting CGI

• ASU Service: http://www.asuservice.com/
  This is a great site for free help installing and troubleshooting problems with CGI and Perl.