Lab #5 - CGI.pm and Unix Text Files

1. Check the files in your public_html directory to make sure that none of them have write permission for "others", or (probably) your group as well. If you find one, use something like "chmod go-w" to immediately secure it! NB: this applies for all the other files in your Unix account as well! Understanding permissions is the first stage in understanding Unix security.

2. (Important) Copy the example CGI code that uses CGI.pm from lecture 9. Get your HTML survey form from last week working with the new CGI. What do you notice about the difference in complexity between the two CGIs?

3. (Important) For debugging purposes, the CGI in the previous question can be run from the Unix command line. The use CGI; line in your program should be altered to use CGI(-debug); in more recent versions of CGI.pm to ensure that this works properly. Run the program from the command line. Notice that CGI.pm will ask you to enter form data as name value pairs. Try entering some of the form data that this CGI program would expect. Example:

   fullname=Fred+Nerk
   age=21
   language=Cobol
   ^D
   

   Be sure to end your input with the Unix end of file character (CTRL-D), as shown. What was the result?

4. Repeat the previous exercise, except this time provide the name=value pairs on the command line, as in (and assuming the program is called prog.cgi:

   prog.cgi fullname=Fred+Nerk age=21 language=Cobol
   

   The result should be the same.

   BTW: you can also save the name=value pairs into a text file (one pair per line, same format as two questions back)) to avoid re-typing them every time. Then simply re-direct standard input to come from this file. So assume you've saved the data to (eg) datfile.txt, you can do "prog.cgi <datfile.txt".So why do we keep telling you that command-line execution is the single most important CGI debugging weapon at your disposal? It should be becoming obvious by now...

5. Have a play with some of the other features of CGI.pm. Try modifying the CGI to make use of CGI.pm's HTML generation subroutines. You could also modify your form so that some data is provided via POST and some is provided appended to the URL (as for GET) - does it still work correctly?

6. Basic Unix text file exercise: copy the Perl program from lecture 10 that read information from the system /etc/passwd file. Change the code so that it looks for a user that exists within the passwd file. Make sure it works for you, on the lab machines. DO NOT install this program as a CGI on the server, run it from the command line only. Note: the redgum server doesn't use /etc/passwd for authentication, so even if you did install it as CGI it wouldn't do much.

7. Copy the dbmopen example program from the notes (the one that looks at the /etc/aliases DBM database) and see if you can get it to run. On some systems, the aliases database may not exist or is not readable by a normal user -- login to redgum and run it from there. As per earlier, DO NOT use this as a world-accessible CGI!

8. (Optional) Try creating (in a Perl program) a hash which is associated with a new Unix DBM database, using dbmopen. Note that dbmopen will create the file, if it doesn't already exist, with the specified file permissions (see lecture notes for example). Note: this is optional -- you don't have to do this exercise.

9. (Optional -- you most certainly do not have to do this) Make the Perl program from lecture 10 more like "finger", by processing its command line. The command line parameters are available to a Perl program as the array @ARGV, and Perl programs grab stuff off the command line by use of the shift operation. Note: this is optional -- you don't have to do this exercise.