Re: [hackers] [quark] Thoughts on CGI and authentication?
On 10/26/2020 8:41 AM, Laslo Hunhold wrote:
> Tell me one example where you need CGI which isn't a web forum? To give
> an example how you can solve something statically: A comment section
> could be built by having a static web server and also a very thin
> "handler" that is called when the form is submitted that adds the
> comment to a database and updates the static data on the fly. The
> advantage of this is that if someone manages to "crash" the
> comment-handler or kill the database process or something, the website
> is not affected.
Funny, that's my current use case. All my CGI is through forms, so I'm
currently running a separate server for the form handlers, regenerating
the HTML and then redirecting to the recently updated page through a
"303 See Other" code.
My motivation behind integrating CGI into quark was leveraging the
quality of its implementation to avoid the security pitfalls of
badly-written HTTP servers out there. I would only have to worry about
writing a simple script to handle the form data.
Also, if CGI was integrated into the web server itself, I could use the
same domain/port/endpoint to serve the static page (via a GET request)
and to handle the form (via a POST request). Moot point but it goes a
long way towards usability.
Finally, CGI is often used to customize the content of a page for a
given user. Imagine a logged in user in a forum: they must see a link
that points to their profile. Anonymous users would see a login/signup
bar instead.
I must say that, even with these advantages in mind, I've come to think
that CGI would not be appropriate for quark. Its goals are at odds with
the needs of a CGI implementation, and that's fine (there are
alternatives for those who want CGI). Feel free to prove me wrong :)
Best regards,
José Miguel
Received on Mon Oct 26 2020 - 11:49:33 CET
This archive was generated by hypermail 2.3.0
: Mon Oct 26 2020 - 23:00:34 CET