Re: [hackers] [quark] Thoughts on CGI and authentication?

From: Laslo Hunhold <dev_AT_frign.de>
Date: Sat, 31 Oct 2020 23:21:27 +0100

On Mon, 26 Oct 2020 11:49:33 +0100
José Miguel Sánchez García <soy.jmi2k_AT_gmail.com> wrote:

Dear José,

> Funny, that's my current use case. All my CGI is through forms, so
> I'm currently running a separate server for the form handlers,
> regenerating the HTML and then redirecting to the recently updated
> page through a "303 See Other" code.
>
> My motivation behind integrating CGI into quark was leveraging the
> quality of its implementation to avoid the security pitfalls of
> badly-written HTTP servers out there. I would only have to worry
> about writing a simple script to handle the form data.
>
> Also, if CGI was integrated into the web server itself, I could use
> the same domain/port/endpoint to serve the static page (via a GET
> request) and to handle the form (via a POST request). Moot point but
> it goes a long way towards usability.

another approach would be to have a very small interposer that splits
GET and POST requests and forwards them to quark and the CGI-handler
respectively.

> Finally, CGI is often used to customize the content of a page for a
> given user. Imagine a logged in user in a forum: they must see a link
> that points to their profile. Anonymous users would see a login/signup
> bar instead.
>
> I must say that, even with these advantages in mind, I've come to
> think that CGI would not be appropriate for quark. Its goals are at
> odds with the needs of a CGI implementation, and that's fine (there
> are alternatives for those who want CGI). Feel free to prove me wrong
> :)

Software gets really complex if you try covering the last 5% of
use-cases. Given the massive flexibility of the static web and how many
CGI-applications really are just far away from the original idea of the
web I really don't see a reason to tailor quark towards CGI. It was
there before, but it just made everything really complicated.

With best regards

Laslo
Received on Sat Oct 31 2020 - 23:21:27 CET

This archive was generated by hypermail 2.3.0 : Sat Oct 31 2020 - 23:24:31 CET