Page 339 - StudyBook.pdf
P. 339
Communication Security: Web Based Services • Chapter 5 323
EXAM WARNING
CGI is commonly exploited from the server side.
What is a CGI Script and What Does It Do?
Web servers use CGI to connect to external applications. It provides a way for data
to be passed back and forth between the visitor to a site and a program residing on
the Web server. In other words, CGI acts as a middleman, providing a communica-
tion link between the Web server and an Internet application.With CGI, a Web
server can accept user input, and pass that input to a program or script on the
server. In the same way, CGI allows a program or script to pass data to the Web
server, so that this output can then be passed on to the user.
Figure 5.18 illustrates how CGI works.This graphic shows that there are a
number of steps that take place in a common CGI transaction. Each of these steps
is labeled numerically, and is explained in the paragraphs that follow.
Figure 5.18 Steps Involved in a Common CGI Program
1
6
Internet User Web Server
5
2
3
4
CGI Program Database
In Step 1, the user visits the Web site and submits a request to the Web server.
For example, say the user has subscribed to a magazine and wants to change their
subscription information.The user enters an account number, name, and address
into a form on a Web page, and clicks Submit.This information is sent to the Web
server for processing.
www.syngress.com
