Page 340 - StudyBook.pdf
P. 340

324    Chapter 5 • Communication Security: Web Based Services

                 In Step 2, CGI is used to process the data. Upon receiving the updated data,
             the Web server identifies the submitted data as a CGI request. Using CGI, the form
             data is passed to an external application. Because CGI communicates over the
             HTML, which is part of the TCP/IP protocol suite, the Web server’s CGI support
             uses this protocol to pass the information on to the next step.
                 Once CGI has been used to pass the data to a separate program, the application
             program processes it.The program may save it to the database, overwriting the
             existing data, or compare the data to existing information before it is saved.What
             happens at this point (Steps 3 and 4) depends on the Internet application. If the
             CGI application accepts input but does not return output, it may not work.While
             many CGI programs will accept input and return output, some may only do one
             or the other.There are no hard-and-fast rules regarding the behavior of programs
             or scripts, as they perform the tasks they are designed to perform, which is no dif-
             ferent from non-Internet applications that are bought or programmed for use on a
             network.
                 If the application returns data, Step 5 takes place. For this example, assume that
             it has read the data that was saved to the database, and returns this to the Web
             server in the form of a Web page. In doing so, the CGI is again used to return data
             to the Web server.
                 Step 6 finalizes the process, and has the Web server returning the Web page to
             the user.The HTML document will be displayed in the user’s browser window.
             This allows the user to see that the process was successful, and will allow the user
             to review the saved information for any errors.
                 In looking at how CGI works, almost all of the work is done on the Web
             server. Except for submitting the request and receiving the output Web page, the
             Web browser is left out of the CGI process.This is because CGI uses server-side
             scripting and programs. Code is executed on the server, so it does not matter what
             type of browser the user is using when visiting the site. Because of this, the user’s
             Internet browser does not need to support CGI, or need special software for the
             program or script to execute. From the user’s point of view, what has occurred is
             no different from clicking on a hyperlink to move from one Web page to another.















          www.syngress.com
   335   336   337   338   339   340   341   342   343   344   345