Return-Path: 
 <tomcat-dev-return-19692-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org
Received: (qmail 50921 invoked by uid 500); 3 Apr 2001 23:18:23 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:tomcat-dev-help@jakarta.apache.org>
list-unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
list-post: <mailto:tomcat-dev@jakarta.apache.org>
Reply-To: tomcat-dev@jakarta.apache.org
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 50912 invoked from network); 3 Apr 2001 23:18:23 -0000
Message-ID: <3ACA5A92.3302922D@apache.org>
Date: Tue, 03 Apr 2001 16:19:46 -0700
From: Amy Roh <amyroh@apache.org>
X-Mailer: Mozilla 4.61 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: tomcat-dev@jakarta.apache.org
Subject: Re: CGI support servlet (TC 4) -- feedback wanted
References: <3AC664EC.60604@martindengler.com> <3AC8DFB8.F9FAAA7E@eng.sun.com>
 <3ACAC0FE.9020001@martindengler.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

> Right now they are basically the same scripts that I added to the
> examples webapp.  So, should I just duplicate the scripts so we have one
> set in <tomcat-root>/webapps/examples/WEB-INF/cgi-bin and one set in
> <tomcat-root>/tester/src/bin?  Or would the tester/src/bin/tester.xml
> simply have some targets which tested the output of some requests to
> http://server/examples/cgi-bin/cgitester.cgi, etc.?
>

I think once the feature is fully implemented, we can work on a tester which tests
your scripts and add it to our set of tests.  So whenever the tester is ran, we can
display something like "CGI tests all PASSED" following the current tester style.


>
> >
> >> 5) Default location of cgi scripts
> >>
> >> In another project, we have put all cgi scripts under
> >> <webapp>/WEB-INF/cgi since they are then 1) not liable to be served by
> >> the container; yet 2) still encapsulated underneath the webapp's own
> >> directory structure.
> >>
> >> One observation and two issues here:
> >>
> >> Observation: the Servlet spec is obviously silent on CGI placement
> >> issues; yet we should probably support (and even default to?) something
> >> congruent with standard CGI practice of separating the HTML and CGI
> >> scripts (/doc-root and /cgi-bin) while not encouraging anything which
> >> breaks the Servlet API's web application filesystem (or war file)
> >> boundaries.
> >>
> >> Issue 1) generally, how do people like the <webapp>/WEB-INF/cgi solution
> >> in light of the above observation?
> >
> >
> > +1
> >
>
> Cool.
>
> >> Issue 2) if people like it, should we make it the default setting (by
> >> defining an init-parameter for the CGI servlet in the container-wide
> >> web.xml file)?
> >
> >
> > I think we should designate a cgi directory where people can put CGI scripts for
> > security reasons.
>
> Yes, on a per-webapp level?
>

I meant like an absolute directory like "cgi-bin" directory in file system.  But
there're options....

>
> >
> > Is the source code from  http://www.martindengler.com/proj/CGIGatewayServlet.zip
> > the most updated one?
> >
>
> I have made some more updates which I have not posted yet.  Once I take
> into account your & others' suggestions, I will update that zip file.  I
> imagine I can make most of the changes tonight and re-package tomorrow,
> so hopefully a new one will be up soon.
>

Awesome.  Thanks!

Cheers,

Amy