1179-1182

Page 1179

3. Use a firewall. An Internet Web server is by definition open to the world. If your server is connected to your internal network, you need a firewall to protect the rest of the network. A firewall separates the Web server from the rest of a company's network.
4. Thoroughly test your CGI scripts. Make sure that your scripts do not have any possible security breaches. Faulty programs are a primary cause of intrusions by hackers.
   Be careful when giving access to non-compiled CGI scripts. Compiled programs such as C or C++ can be far more secure.

Writing CGI Scripts in Perl

Almost any language is capable of creating programs for CGI. The most widely used language is Perl. Perl is a popular text-processing language that gives developers a simple way to perform sophisticated file-processing operations with relatively little code. Perl did not become the most desired language due to luck. Perl became a mainstream language for several reasons. First, it is a powerful text-processing language. It offers advanced pattern-matching capabilities through the use of regular expressions. It is a high-level language that is easy to learn and use. Also, Perl is widely available on almost any platform ” especially on UNIX platforms, which are the majority of servers on the Internet.

Listings 52.4 and 52.5 illustrate the sheer simplicity of the Perl language. These scripts show some simple constructs.

Listing 52.4. A simple Perl script: Hello, World!.

 #!/usr/bin/perl print "Hello, World!\n"; 

Listing 52.5. A simple Perl script that creates a Web page to display Hello, World!.

 #!/usr/bin/perl # Program: hello_world.pl # print "Content-type: text/html\n";    # Content Type (Mime datatype) print "\n";    # HTML document print "<HEAD> <TITLE>\n";    # Start of Header and Title print "Hello, world from Perl!\n";    # Our Page Title print "</TITLE> </HEAD>\n";    # End of Header and Title print "<BODY>\n";    # Start of Page Body print "Hello, world! \n";    # Our Body Text print "</BODY>\n";    # End of Page Body print "\n";    # End HTML document 

Page 1180

Now look a little closer at Listing 52.5. Look at the first line, #!/usr/bin/perl. This line starts out with a comment. Comments are denoted by the pound (#) sign. Any text after the # is ignored by Perl. This is a mandatory comment line on UNIX systems; it tells the UNIX shell where to locate the Perl interpreter. On other platforms, this line is optional, although for portability purposes, it is not a bad idea to always leave it in as a convention.

The rest of the script, omitting comment lines, simply outputs information via the print statement. This statement writes information to standard output. Standard output for CGI scripts is intercepted by the Web server and routed back to the browser associated with that CGI request. The \n is a meta character used to indicate that a new line should be started.

The output for the hello_world.pl program looks like this:

 Content-type: text/html <HEAD> <TITLE> Hello, world from Perl! </TITLE> </HEAD> <BODY> Hello, world! </BODY> 

The Perl Language

Perl is yet another typical language. If you are familiar with the C programming language, you will feel very comfortable learning Perl; the syntax of the two languages is very similar. The elements of Perl include standard loops , conditional testing, variable declarations (including arrays), and a library of standard functions. A vast set of operators also is very similar to the operators used in the C language. Unlike C, though, Perl is an interpreted language.

Getting Data from the Database

Oracle has a version of Perl called OraPerl that offers database connectivity to Oracle servers. The OraPerl script shown in Listing 52.6 uses the OraPerl-supplied modules to interface with an Oracle server. The script is written to dynamically pull in information from the database.

Page 1181

Listing 52.6. This OraPerl script connects to an Oracle8 server to query information on a customer.

 #! /opt/oracle/bin/perl # Program: GetCustName.pl # # Use OraPerl Libraries, set debug level to 2 use Oraperl; $ora_debug = 2; # Assign the Customer Id passed in as argument to script $CustID = $_[0]; # Prepare a select statement to return the name of desired customer sprintf  $SelectStmt, "select CustomerName from CustomerTable where CustomerID = %s", $CustID # Login as Scott/Tiger $lda = &ora_login(`SAMPLE', `Scott', `Tiger') # Open the cursor $csr = &ora_open($lda, SelectStmt); # Start creating the HTML print "Content-type: text/html\n";    # Content Type (Mime data type) print "\n";    # HTML document print "<HEAD> <TITLE>\n";    # Start of Header and Title print "Here is your customer name using OraPerl!\n";    # Our Page Title print "</TITLE> </HEAD>\n";    # End of Header and Title print "<BODY>\n";    # Start of Page Body # Fetch the customer name $CustomerName = &ora_fetch($csr); print "$CustID is $CustomerName\n";    # Print our customer name print "</BODY>\n";    # End of Page Body print "\n";    # End HTML document # Close the Cursor ora_close($csr); 

As you can see, with just a few lines of code, Perl is powerful enough to solve some real-world problems. Listing 52.6 could be modified to accept the user ID and password, as well as to return more pieces of information about the customer being retrieved.

Summary

This chapter provides, in broad strokes, an overview of several of the most popular Internet technologies. Many books have been written about CGI, Perl, Java, and the CORBA standard. This chapter gives you at least a basic understanding of these technologies and how you can use them for the development of Internet applications.

Page 1182