Amy,
Thanks for the feedback; see comments inline.
Martin
Amy Roh wrote:
> Hi Martin,
>
> See comments below.
>
> Martin Dengler wrote:
>
[snip]
>>> If so, would people prefer I do that myself and
>>> submit a load of file patches for the commit of the CGI servlet &
>>> related files which included the catalina web.xml?
>>
>> This is a minor issue adding a few lines to catalina web.xml. I have done this
>> already on my CVS tree.
>>
>>
Cool, I will include that as part of my submission.
>
>> 4) Providing Functional testing classes
>>
>> I was wondering if and how I should add any testing cgi scripts. I have
>> some (obviously :)), but should they be put into the tester area because
>> they are for testing, or should I reuse some examples webapp (above
>> issue #2) cgi scripts? Any issues with this dependency?
>>
>
>
> We can put them into tester area so we can run tester if/when we add/modify CGI
> feature. Could you send me these scripts as well?
Right now they are basically the same scripts that I added to the
examples webapp. So, should I just duplicate the scripts so we have one
set in <tomcat-root>/webapps/examples/WEB-INF/cgi-bin and one set in
<tomcat-root>/tester/src/bin? Or would the tester/src/bin/tester.xml
simply have some targets which tested the output of some requests to
http://server/examples/cgi-bin/cgitester.cgi, etc.?
>
>> 5) Default location of cgi scripts
>>
>> In another project, we have put all cgi scripts under
>> <webapp>/WEB-INF/cgi since they are then 1) not liable to be served by
>> the container; yet 2) still encapsulated underneath the webapp's own
>> directory structure.
>>
>> One observation and two issues here:
>>
>> Observation: the Servlet spec is obviously silent on CGI placement
>> issues; yet we should probably support (and even default to?) something
>> congruent with standard CGI practice of separating the HTML and CGI
>> scripts (/doc-root and /cgi-bin) while not encouraging anything which
>> breaks the Servlet API's web application filesystem (or war file)
>> boundaries.
>>
>> Issue 1) generally, how do people like the <webapp>/WEB-INF/cgi solution
>> in light of the above observation?
>
>
> +1
>
Cool.
>> Issue 2) if people like it, should we make it the default setting (by
>> defining an init-parameter for the CGI servlet in the container-wide
>> web.xml file)?
>
>
> I think we should designate a cgi directory where people can put CGI scripts for
> security reasons.
Yes, on a per-webapp level?
>
> Is the source code from http://www.martindengler.com/proj/CGIGatewayServlet.zip
> the most updated one?
>
I have made some more updates which I have not posted yet. Once I take
into account your & others' suggestions, I will update that zip file. I
imagine I can make most of the changes tonight and re-package tomorrow,
so hopefully a new one will be up soon.
>
> Amy
>
>
Thanks for all the feedback.
Martin
