11.4 FastCGI


11.4    FastCGI

Given the advantages and disadvantages of both CGI and vendor-specific server APIs, the FastCGI interface was designed and developed as an alternative solution. [9] FastCGI is conceptually similar to CGI, but there are two major differences:

  1. The server-side processes that invoke FastCGI scripts are persistent. This basically means that after finishing a request, a server-side process waits for a new request instead of exiting.

  2. In addition to environment variables and pipes, TCP connections may be used between a Web server and a FastCGI script. This allows FastCGI scripts to run locally (i.e., on the same machine as the Web server) using a pipe, or remotely (i.e., on another machine) using a TCP connection.

FastCGI s ability to run applications remotely (over TCP connections) provides some major benefits as compared to CGI. For example, it is possible to have a Web server located on a DMZ of a firewall configuration using remote FastCGI to dynamically retrieve information from an internal database application server. Furthermore, it is possible to employ FastCGI to build Web servers that provide load balancing for their related application servers.

From a security point of view, remote FastCGI is particularly challenging because a FastCGI script that is invoked must make sure that it is connected to the right Web server. Otherwise it may be made to provide potentially sensitive information to a remote system (note that this is not the case with CGI scripts because CGI scripts are assumed to run locally). Consequently, server authentication is a major issue for FastCGI. In currently available FastCGI implementations , server authenticity is provided through the servers IP addresses. This is certainly not the preferred choice and more recent FastCGI implementations employ the provision of server authenticity in the SSL/TLS protocol. Due to the interest in newer server-side technologies, such as ASP and JSP, it is not likely that FastCGI will be widely deployed on the WWW anytime soon.

[9] Further information about FastCGI is available at http://www.fastcgi.com.




Security Technologies for the World Wide Web
Security Technologies for the World Wide Web, Second Edition
ISBN: 1580533485
EAN: 2147483647
Year: 2003
Pages: 142
Authors: Rolf Oppliger

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net