Re: CGI scripts

[George Michaelson <ggm%pobox.com@localhost>]

On 09/05/2011, at 11:05 AM, Steven Bellovin wrote:

> 
> On May 8, 2011, at 8:37 34PM, George Michaelson wrote:
> 
>> On Sun, 08 May 2011 16:30:13 +0300, Jukka Ruohonen wrote:
>> 
>>> On Sun, May 08, 2011 at 08:16:40AM -0400, matthew sporleder wrote:
>>>> I think the usual suspects of "printenv" and "hello world" would be
>>>> appropriate.
>>> 
>>> No offence, but I think a "hello world" would be an insult to the
>>> intelligence of the current user and developer base. I was thinking more
>>> about something with real value. Something that would utilize
>>> NetBSD-specific features. Something that you could actually run on your
>>> own NetBSD server/router/appliance/whatever.
>>> 
>>> - Jukka.
>> 
>> I'd like the option to be insulted please.
>> 
>> the great thing about 'Hello world\n' examples is that they are sentences 
>> in Computer Science my brain is pre-wired to expect to understand.
>> 
>> So, please, *insult me* -Its what I'm used to :-)
>> 
> A "Hello word\n" script is fine for showing the very basics.  But what I'd
> like to see are simple examples that deal with inputs of three different
> types: context (e.g., HTTPS info or remote IP address), parameters passed
> via the URL (http://www.netbsd.org/foo?bar=yes+bletch=no), and parameters
> passed via a submitted form.
>> 
> 


+1 of course. the printenv() in particular is vital, because I cannot remember 
wtf the various HTTP params passed around are. 

oh, and the params passing example has to show how to sanitize the munged URL 
string and also avoid "George;drop tables; Michaelson" attacks...

-G