11.3 Server APIs

As mentioned above, some vendors of Web server software packages have tried to overcome the performance problems of CGI scripts by compiling and linking application programs directly into the Web server software via proprietary APIs (i.e., NSAPI, ISAPI, and Apache Web server API). As a result, the application programs have access to the Web server s internal data structures and functions. This makes them faster and more powerful than CGI scripts. Unfortunately, it also gives them the ability to crash the Web server if they are not properly written (unlike CGI programs, user data is sent to the server directly in memory structures rather than through environment variables and mechanisms for interprocess communication). Consequently, compiling and linking application programs directly into a Web server is mostly about avoiding the cost of restarting a CGI script over and over again. It saves the overhead of process invocation at the cost of some reprogramming.

From a security point of view, it is important to note that an application program that is compiled and linked into the Web server software inherits the privileges and access rights of the Web server. This is in contrast to a CGI script that may be configured to run with less privileges and access rights. Consequently, server API scripts must be very carefully designed and implemented. According to [1], compiling and linking application programs into the a Web server is like roping mountain climbers together. If everyone is competent, it saves much. If anyone on the rope is a fool, all perish.

In summary, the use of server API scripts is a bad idea from a security point of view. If one has a choice, one should use CGI scripts (rather than server API scripts). Most of the time, however, one won t have a choice because a Web server must be optimized for performance. In this case, principles and rules for safe programming are even more important than for CGI.