> I need a few explanations about CGI :
> - CGI are invoked by the web server so they have exactly the same
> authorization level as the web server. Are they run in a separate
> "context" (i don't know the precise word) or in the same as the web
> server, in which case i think they can crash the web server?
CGI scripts are run as seperate processes, generally. The
webserver forks off a separate process, which starts up the CGI
script. The process inherits environment variables, etc, from the
server (which generally sets several environment varaibles to
communicate with the server).
Typically (on UNIX systems) the server and the CGI scripts are
run as "nobody", a special user with minimal permissions, or sometimes
as a special web user. There is a growing trend (and a good one, in
my opinion) to set up a specific user (or set of users with
overlapping access) for each website. This also lets you set specific
environment and language settings for each site (for example, you
could set an environment variable for that user that includes an
additional Perl library directory within the website).
The typical CGI script runs as a separate process, so unless it
does something horribly wrong, crashing or thrashing the entire
system, I doubt it could crash the server. The typical CGI script
starts up and stops for each request, so people don't worry as much
about memory leaks and sloppy coding (not that this is excusable,
but). In a sense, CGI script programming relies on the operating
system for many of the things that normal programming relies on the
programming language - or the programmer's self-discipline - for.
There are various approaches that do not follow the above rules,
for example modperl runs the perl interpreter as part of the Apache
process, and FastCGI runs a separate "CGI server" on a separate port.
Both of these keep the CGI script "in memory" to avoid the delay of
loading the intrepreter and loading the script. This, of course, also
means the scripts have to be written more carefully, to run
continuously and be careful about what they do with variables.
> - Are the servlets run in a separate context from the web server?
> They also are invoked by the web server.
Depends on the servlet engine. Most of the time it seems that
people are _not_ using just a java web server to serve both pages and
servlets. Instead, they use a conventional web server as well as a
servlet engine. I get the sense that most of the time the servlet
engine runs as a separate process, running a JVM.
However, that's just my guess based on what I've read about it.
Perhaps the folks here who obviously have a lot more familiarity with
the different engines could comment.
> -Are we really sure a servlet could not hang the JVM that in its turn would
> hand the OS?
I'm not sure at all :-). Java's design mandates a very clean
handling of memory, but I'm well aware of memory leak possibilities.
God knows what else is out there; "I am but an egg" in the java
programming world.
Steven J. Owens
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
