TigerTronics logoTigerTronics team 2053

Creating CGI Programs with Bash: Introduction

For the impatient, jump straight to Page 2 - Creating CGI Programs with Bash: Getting Started

Quick Introduction

What is a CGI?

A CGI (Common Gateway Interface) is a program that runs on a web server. CGIs are typically called from HTML forms, and usually are designed to run quickly and return an HTML page someone can use in a browser.

What is Bash?

Bash (Bourne-Again SHell) is a shell for UNIX, Linux, (and other operating systems). Bash is similar to the Bourne shell (sh), and can most Bourne-shell scripts, but adds many capabilities and improvements. As a shell, Bash can be used in two ways: interactive, where it presents a powerful command line to the user, and as a script interpreter, which is how it is used when used to run CGI programs.

Why use Bash to write CGI programs?

While Bash is not the most common language for writing CGI programs in, it has some advantages:
  1. Bash is available on most UNIX or Linux servers, so if your site is hosted with a UNIX or Linux server and your host allows CGI scripts, you probably already have all the tools you need to write Bash CGIs on your server.
  2. Bash is easy to learn, especially for simple things. If you don't already know a language already used for CGI programming and don't intend to make extremely complex CGI programs, Bash is easy to learn.
  3. Bash allows you to use standard UNIX tools, which are powerful and generally not horribly difficult to learn, at least enough to use in your Bash programs. These tools include sed, grep, awk, wc, cat, echo, and ls.

Why not to use Bash for writing CGI programs?

Although Bash has its advantages when it comes to writing CGI programs, it also has some disadvantages that are worth mentioning:
  1. Bash is not the most efficient language and requires more resources on your server than some other languages. This can sometimes be partially mitigated by using an interpreter other than Bash (sh, ash, dash, etc), which may work, providing your programs does not require any Bash-specific functions.
  2. To do much with Bash, you need to use standard UNIX tools like sed, awk, grep, cat, and echo. Each program has its own learning curve, which ranges from almost nothing (echo), to potentially quite steep (sed). Also, the use of these programs can incur a performance hit.
  3. For performance and maintenance reasons, Bash is not well suited for large or complex CGI programs, nor is it well suited for CGI programs you expect to get huge amounts of use.
  4. If you are using a Windows server, Bash is probably not avaiable and therefore can't be used. This also means that if your site comes to depend on many Bash CGI programs, it may be difficult to move to a Windows server. This is a minor issue.
The main thing to realize is, Bash works for writing CGI programs, and can work well, but it is not optimized for the task, and so it has some performance implications. Using Bash for CGIs isn't the best choice if your CGI programs are very complex (they are also probably harder to write in Bash if they are very complex, too), or if they will get extremely heavy usage.

Finally, a note of caution

This guide is about writing CGI programs. Any CGI program carries a potential security risk with it, since it allows data to be sent to a web server and processed their. A poorly written CGI program, in any language, including Bash, can leave a server open to attack or consume its resources, slowing it down or crashing it. The biggest risk of a CGI program is that it will be vulnerable to some attack and allow the server (and site) running it to become compromised. You should be aware of these risks before writing CGI code, and take care to do your best to write good, secure code that checks for errors, unexpected, and unwanted input or behavior and works around it. You should also be aware that not every hosting provider allows you to write and run your own CGI programs, and that many that do will deactivate your site if you write a CGI program that causes the host's server problems or causes it to get compromised. Talk to your hosting provider if you are unsure if you are allowed to run CGIs or not. Regardless, it is your responsibility to keep your CGIs safe, secure, and not write CGIs that can do potentially harmful things (ie it would be a bad idea to write a program that allows someone to remove files from your site, even if its at a hidden URL. Don't write CGIs that can do things you wouldn't want someone else or some automated virus or bot doing to your site!).

Page 2 - Creating CGI Programs with Bash: Getting Started -->



TigerTronics is primarily sponsored by
BAE SYSTEMS