1. What do I absolutely need to know in CGI?

If you're already a programmer,CGI is extremely straightforward, and just three resources should get you up to speed in the time it takes to read them:
1) Installation notes for your HTTPD.Is it configured to run CGI scripts, and if so how does it identify that a URL should be executed?
(Check your manuals, READMEs, ISP webpages/FAQS, and if you still can't find it ask your server administrator).
2) The CGI specification at NCSA tells you all you need to know to get your programs running as CGI applications.
3) WWW Security FAQ. This is not required to 'get it working', but
is essential reading if you want to KEEP it working!

If you're NOT already a programmer, you'll have to learn. If you would
find it hard to write, say, a 'grep' or 'cat' utility to run from the
commandline, then you will probably have a hard time with CGI. Make
sure your programs work from the commandline BEFORE trying them with CGI,
so that at least one possible source of errors has been dealt with.

2. Do I have to use Perl?

No - you can use any programming language you please. Perl is simply
today's most popular choice for CGI applications. Some other widely-
used languages are C, C++, TCL, BASIC and - for simple tasks -
even shell scripts.

3. Can I identify users/sessions without password protection?

The most usual (but browser-dependent) way to do this is to set a cookie.
If you do this, you are accepting that not all users will have a 'session'.

An alternative is to pass a session ID in every GET URL, and in hidden
fields of POST requests. This can be a big overhead unless _every_ page
requires CGI in any case.

Another alternative is the Hyper-G[1] solution of encoding a session-id in
the URLs of pages returned:
This has the drawback of making the URLs very confusing, and causes any
bookmarked pages to generate old session_ids.

Note that a session ID based solely on REMOTE_HOST (or REMOTE_ADDR)
will NOT work, as multiple users may access your pages concurrently
from the same machine.

[1] Actually I don't think that's been true of Hyper-G since sometime
in '96. However, general advances in web server technology, such as
Apache's mod_alias or mod_rewrite, make it straightforward without
the need for CGI.

4. How can I stop my CGI script reading and writing files as nobody?

CGI scripts are run by the HTTPD, and therefore by the UID of the HTTPD
process, which is (by convention) usually a special user "nobody".

There are two basic ways to run a script under your own userid:
(1) The direct approach: use a setuid program.
(2) The double-server approach: have your CGI script communicate
with a second process (e.g. a daemon) running under your userid,
which is responsible for the actual file management.

The direct approach is usually faster, but the client-server architecture
may help with other problems, such as maintaining integrity of a database.

When running a compiled CGI program (e.g. C, C++), you can make it
setuid by simply setting the setuid bit:
e.g. "chmod 4755 myprog.cgi"

For security reasons, this is not possible with scripting languages
(eg Perl, Tcl, shell). A workaround is to run them from a setuid
program, such as cgiwrap.

In most cases where you'd want to use the client-server approach,
the server is a finished product (such as an SQL server) with its
own CGI interface.
A lightweight alternative to this is Don Libes' "expect" package.

5. Do I need to be on Unix?

No, but it helps. The Web, along with the Internet itself, C, Perl,
and almost every other Good Thing in the last 20 years of computing,
originated in Unix. At the time of writing, this is still the
most mature and best-supported platform for Web applications.

6. Are there some interactive debugging tools and services available?

(1) Several CGI programming libraries offer powerful interactive
debugging facilities. These include:

- for Perl, Lincoln Stein's CGI.pm
(now part of the standard Perl distribution)

- for Tcl, Don Libes' cgi.tcl

- for C++, Nick Kew's CGI++

(2) Nathan Neulinger's cgiwrap is another package with debugging aids.

(3) The "mod_cgi" Apache module (new with Apache 1.2) enables you to
capture script output and errors for diagnosis.

7. Explain Is CGI a script or a program?

The distinction is semantic.Traditionally, compiled executables(binaries) are called programs, and interpreted programs are usually
called scripts.In the context of CGI,the distinction has become even more blurred than before.The words are often used interchangably
(including in this document).Current usage favours the word "scripts" for CGI programs.

8. Is it a script or a program?

The distinction is semantic. Traditionally, compiled executables
(binaries) are called programs, and interpreted programs are usually
called scripts. In the context of CGI, the distinction has become
even more blurred than before. The words are often used interchangably
(including in this document). Current usage favours the word "scripts"
for CGI programs.

9. What is the difference between object oriented and structured oriented programming?

► Object Oriented means programme will be their in terms of Class and Object relationship will be their.
► Structured Oriented Means programme will be their in terms of multiple Functions.

10. Is there an equivalent of JavaScripts escape() function in Perl?

Try This:

require CGI;
$escaped = CGI::escape( $normal );

# ...or...

sub escape {
my $str = shift || '';
$str =~ s/([^w.-])/sprintf("%%%02X",ord($1))/eg;
$escaped = escape( $normal );

Download Interview PDF