Ducky 511 Progress Report

CGI

• very stable; I used in 1994-6, used in 2006.
• language-indep: I used perl, python, c++
• server indep: httpd 1.3, Netscape, EIT, apache
• very simple: almost everything in env QUERY_STRING, REQUEST_METHOD (CONTENT_LENGTH, CONTENT_TYPE) in, Content-type out PATH_INFO, HTTP_COOKIE, HTTP_REFERRER, REMOTE_ADDR, HTTP_vars
• most common to set up qstring
• everything as strings (tho libs to help), easy to make mistakes
• large ecosystem of libs and docs (lib-cgi.pl, CGI.pm, cgi-lib)
• state must be stored explicitly -- qstring, cookie, path_info (can point to db)
• security: URLs in clear, stored in access_log
• need to be very careful about escaping things
• "continuation passing style" -- have to pass enough to pick up where left off

PLT web-server

• not multiple programs, multiple functions
  • in some ways less modular
• must use symbolic tree for html
• no persistence (!)
• does more for you / hides more from you => steeper learning curve
• thinner documentation -- hard to find send/suspend/dispatch info, for example
• depends upon web-server
• https: docs on really hacky way to do it w/apache proxying no docs, "go look at example" for another way to do it
• not sure if there it makesafe strings automatically; don't see any obvious libs to do that
• send/suspend not good enough; see send/suspend/dispatch. send/suspend/callback only doc'd in code and in a few mailing list messages