Server side programs and scripts

Why Server Side Programming?

Though it is technically feasible to implement almost any business logic using

client side programs, logically or functionally it carries no ground when it comes to
enterprise applications (e.g. banking, air ticketing, e-shopping etc.). To further
explain, going by the client side programming logic; a bank having 10,000
customers would mean that each customer should have a copy of the program's in
his or her PC which translates to 10,000 programs! In addition, there are issues like
security, resource pooling, concurrent access and manipulations to the database
which simply cannot be handled by client side programs. The answer to most of the
issues cited above is – “Server Side Programming”.
Server side architecture in the simplest terms .
 Advantages of Server Side Programs
• All programs reside in one machine called the Server. Any number of remote
machines (called clients) can access the server programs.

• New functionalities to existing programs can be added at the server side which the
clients’ can advantage without having to change anything from their side.

• Migrating to newer versions, architectures, design patterns, adding patches,

switching to new databases can be done at the server side without having to bother
about clients’ hardware or software capabilities.

• Issues relating to enterprise applications like resource management, concurrency,

session management, security and performance are managed by service side
applications.

• They are portable and possess the capability to generate dynamic and user-based
content (e.g. displaying transaction information of credit card or debit card
depending on user’s choice).
 Types of Server Side Programs
• Active Server Pages (ASP)

• Java Servlets

• Java Server Pages (JSPs)

• Enterprise Java Beans (EJBs)

• PHP
 Summary
• The objective of server side programs is to centrally manage all programs
relating to a particular application (e.g. Banking, Insurance, e-shopping,
etc). Clients with bare minimum requirement (e.g. Pentium II, Windows XP
Professional, MS Internet Explorer and an internet connection) can
experience the power and performance of a Server (e.g. IBM Mainframe,
Unix Server, etc) from a remote location without having to compromise on
security or speed. More importantly, server programs are not only portable
but also possess the capability to generate dynamic responses based on
user’s request.  
 Common Gateway Interface

• CGI is a standard programming interface to web servers that allows building dynamic
and interactive web sites
• CGI is not a programming language
– Its just a set of standards (protocols)

– The standards specify how web applications can be executed on the server side

• CGI can be implemented

– In an interpreted language such as PERL

– In an compiled language such as C

• Any program can be converted to a CGI program

– It just has to follow CGI rules
• The rules define
– How programs get and sends data
– How to make sure that web server knows that a program is a CGI
program
• A CGI program is
– Stored on the server
– Executed on the server
– Executed in response to request from client
• By running a CGI program, rather than delivering a static HTML page, the
server cab:
– Put dynamic and updated information on web page (e.g., weather forecast, stock
price, product availability)
• Respond appropriately to user input
• Store user data on server-side in a file or DB
 Calling CGI program

• CGI program can be called in the same way as static HTML pages

– For example, a link when clicked will run a CGI prg on server side

– <a href=http://www.mywebsite/cgi-bin/myprog>Run my prg</a>

• It can be invoked by a form

• <form action=“cgi-prog.cgi” method=“POST”>

• </form>

• CGI programs are usually executed as processes

 How does it know its CGI
• The web server is configured in a way that provides clear distinction
between HTML and CGI files
• Unix servers put the CGI program in cgi-bin directory
• Access permissions are restricted, such that writing to this directory is
allowed to CGI invocation
• Security issues with CGI
– Publicly accessible CGI prg allows anyone to run the prg on the serer
– Malicious users may be able to exploit security breaches and harm to serbet
 Broad steps in CGI
• Browser shows the document containing the form
• Users enters the data into form and click submit button
• Script in browser will perform client side validation
• Browser decodes URL and contacts server
• Browser request the document file from server
• Server translates the URL into a path and a file name
• Server realizes that URL points to a program
• Server prepares its environment variables and launch the scripts
• Script executes and reads environment variables thru STDIN
• Script sends appropriate MIME header to STDOUT
• Script sends rest of its output to STDOUT and terminates
• Server will notify the termination of script and closes connection to browser
• Browser displays the output from the script