Savant Home               Download

Back in the dark ages of web serving, all you could place on your web page was text, with a smattering of graphics. With the introduction of faster modems and more complex web browsers in the early 1990s, a phenomenon known as "dancing baloney" began to appear. Dancing baloney were more or less completely useless technologies, such as animated GIFs, designed to attract people to web pages. In their quest for new and improved dancing baloney, corporations began to look high and low for technologies that could be subverted.

For several years, the National Center for Supercomputing Applications (NCSA) at the University of Illinois had been refining an idea called a gateway interface. A gateway interface is simply a way to run a piece of software on a server using data from a client, and returning the data to the client. The NCSA's work centered around developing a special type of gateway interface that allowed a web browser to run software on a web server. This specific type of gateway interface became so popular that it was called the Common Gateway Interface, or CGI.

Originally designed to be useful for highly technical applications, CGI was subverted into the ultimate dancing baloney. Hit counters, HTML postcards, chat rooms.... the list goes on. Although hardcore Internet types generally frown upon "dancing baloney", it can be a lot of fun to play around with on your own web server. If you're into programming, it's fairly easy to write your own custom CGI programs and scripts. For more information and examples, consult the NCSA web site at http://hoohoo.ncsa.uiuc.edu. If you don't want to bother with writing your own CGI programs and scripts, the web is chock full of web sites giving them away.

The Common Gateway Interface is fast approaching a major turning point. Several vendors, notably Microsoft, have developed extensions to the old standard and defined new standards such as Active Server Pages (ASP) and ISAPI scripting. These new interfaces have two major advantages over the CGI standard on Windows platforms - they're slightly faster, and you can do a lot more with them. They do have some severe drawbacks - they're extremely complicated, require expensive software packages like Microsoft Visual Studio to create, have notorious security flaws, and for the most part only run on Windows. Something of a war is now being waged, with supporters of standard CGI (mostly users of large-scale systems, freeware & shareware advocates, and programmers) on one side and supporters of ASP and ISAPI (mostly Microsoft & friends) on the other. Which standard will eventually win out is still undecided. In the mean time, Savant explicitly supports the CGI 1.1 standard, WinCGI 1.3a, and experimentally supports ISAPI applications (not filters!). Microsoft used to supply add-on extensions for ASP and FrontPage that would work with Savant - they have stopped making these packages available in the past year. If you want to use ASP at this point in time, you're pretty much locked into either using one of Microsoft's servers or spending a large amount of money on proprietary add-ons such as the ones sold by ChileSoft.

Savant uses the standard NCSA implementation of CGI, which works with any properly written CGI program or CGI script. A CGI program is an executable file, while a CGI script is a text file that is interpreted by an executable file. By far the most common scripting language for CGI scripts is Perl. Savant automatically installs the latest distribution of Perl5 so all you have to do is write the script. For security reasons, CGI programs and scripts must be placed in a directory allowing CGI execution. For more information on how to create a CGI directory, see the Savant Help section on Paths. A step-by-step guide to setting up CGI scripts and programs is in the How Do I... section.

On to the evil. CGI is a notorious security problem on UNIX-based web servers because it's easy for hackers to exploit a poorly written CGI program or script. Fortunately, the common hacks used on UNIX web servers have no effect on Windows-based web servers. Can the CGI in Savant be hacked? Possibly, since there's no such thing as a "non-hackable" server. Is it likely? Not really. Although you should be aware that it is possible, I wouldn't lose sleep over it.