[RevServer tips] Spreading the load or why wise developers use asynchronous workflows

Jeff Massung massung at gmail.com
Thu Aug 5 14:06:04 EDT 2010


On Thu, Aug 5, 2010 at 11:52 AM, Bob Sneidar <bobs at twft.com> wrote:

> Problem is, I don't want to learn how to do web CGI's yet. I got the On-Rev
> account for 2 reasons: It was an AWESOME deal, and it had an SQL server I
> could use for my development wherever I go.
>
> Bob
>


Bob,

There's nothing to "CGI". The term has gone through many iterations. But,
think of it like this:

When someone makes an HTTP request to your web server (typically through a
browser, but not required), the web server accepts the incoming connection,
looks at the REST command (typically a GET or POST) and then attempts to
fulfill the request. Let's try an example:

GET /index.html HTTP/1.1

That would be the command sent by the socket (with more information, but
that's primarily the important part). Your web server (Apache w/ On-Rev)
looks at the file requested and says, ".HTML files are just sent verbatim
back." So it loads /index.html and sends all the data back over the
connection.

With CGI, all that's different is that there's a level of indirection added
to the process. Let's perform a similar command:

GET /register_user.irev HTTP/1.1

Now, the On-Rev Apache server is configured to understand that .IREV files
don't get sent verbatim back to the client. Instead, they are opened,
parsed, portions of them are executed, and the results are then sent on to
the client. That "executing" part of the story is a form of CGI.

In your register_user.irev script, you can then do something like this
(pseudo-code as I don't remember all of it correctly from memory):

<?rev
put $_GET["username"] into tLogin
put $_GET["password"] into tPasswd
put connectToDatabase(...) into tDB
revExecuteSQL tDb, "INSERT INTO ... WITH tLogin & tPasswd"
?>

You've just executed a database action using CGI and a REST API (note: REST
is just a glorified way of saying "via HTTP").

There's a lot to begin thinking about (security-wise*) once you've gotten it
working, but you can use the above to do all sorts of things. And best of
all, you don't need a browser. You can just send commands through Rev if you
wan:

get url "http://.../register_user.irev?username=bob&password=luggage12345"

Hope this helps,

Jeff M.

* I -highly- recommend that you take some time an look up DOS attacks on
Wikipedia and follow the links there to all the other kinds of attacks you
should worry about once a database is exposed to the world (DOS is just the
most common). Some key ones:

- Data validation
- Captcha
- IP validation



More information about the Use-livecode mailing list