E-mail GeekPhilosopherSearch Site E-mail GeekPhilosopher Search site FAQ
Being powerful is like being a lady. If you have to tell people you are, you aren't.
Margaret Thatcher
CGI: What & How?
by Subhash ©2005
The Web Developer's Den at indiWiz.com has numerous well-written Web articles on topics including Concept, HTML, Javascript, Multimedia, ServerSide, XML, and Promotion.

CGI: What & How?

CGI (Common Gateway Interface) is a specification which tells how a web server should communicate with other programs residing in the server.

CGI == Perl?

Nope!  Perl is just another language which is used to create CGI applications.  Almost every language ever invented can be used to write CGI programs (provided your server supports it!).

What is CGI-BIN?

This is a special directory where CGI programs reside.  Some web servers require that CGI programs reside only in this directory.  Other webservers execute applications residing in normal html directory with extension .cgi.

The CGI-BIN directory generally resides outside the html directory.  But when accessing a program in that directory through a web browser, you specify the URL as if the CGI-BIN directory is within the html directory.  This seemingly unwanted complication is a necessity because of security concerns.

CGI & Security

Running CGI application in your server is like letting anyone (just about anyone!) to run program in your server. Suppose your CGI application deletes some specified records in your database, there are chances that a cracker, by passing some wrong argument to your CGI program deletes all your records. Security should be given high priority when developing CGI applications.

Disadvantages

Each request to the CGI application spawns a new process.  The overhead of creating a new process is high.  Languages like PHP, ASP and Cold Fusion do not spawn new process for each request. They create in-process threads.

Security risks are many when executing a CGI application.  CGI applications do not run in a protected environment like Java Servlets.

CGI applications do not support concepts like connection pooling when developing database applications.  This again creates unwanted overhead for the database server.

Languages designed specifically for the web like PHP are easier to learn and implement.

Inspite of the disadvantages discussed above, CGI programs are widely used, generally for the raw power it provides.