What is CGI?
The Common Gateway Interface (CGI) is an intersection between web servers through which the standardized data exchange between external applications and servers is possible. It belongs to the oldest existing online interface technologies and is still used regularly today. When using CGI, HTML pages do not need to be stored on a server, but can be dynamically created as and when a user makes a website query.
Mode of operation and application
When a user makes an entry on a website, the data is not directly transferred to a server, but needs to be processed first. This processing occurs via an external software (e.g. a CGI script), and not directly via a web server. The program transmits the data via a standardized CGI intersection which produces the information in HTML. CGI programs are usually retained in a special folder on a web server.
The CGI script can be composed in different programming languages. The Common Gateway Interface ensures that – irrespective of which language is being used – the web server and script communicate with one another.
Examples of application of a Common Gateway Interface
- Shopping basket: When a customer adds a product to their online shopping basket, the information is automatically processed by a CGI script and sent to the server.
- Comments: When a user fills in a commentary section and hits “Send,” the text is first transmitted to a CGI script which then transfers it to the server.
- Forms: Entries in online forms used for applications or messages are first processed by the Common Gateway Interface before they are transmitted to the server.
- Website statistics: If a website displays visitor hit rates, it will typically be using a CGI.
- Server Side Includes: Thanks to Common Gateway Interfaces, text content can be loaded to a website dynamically.
- Software tests: Developers are able to use CGI scripts to test functions of external online applications for websites via their browser.
Whether a script is being processed or not is apparent by checking the URL. Even users with little or no programming knowledge are able to recognize a script that is being processed. Using a dedicated string of characters, the server receives all the relevant information from the script. We generally distinguish between three different methods of data transfer:
- QUERY_STRING: used for most user queries
- PATH_INFO: used to transmit contextual information to a website
- Stdin: used to processed additional user entries
Advantages and disadvantages of the Common Gateway Interface
Despite its age, the Common Gateway Interface is among the most commonly used interfaces in web development. Even though the technology offers plenty of advantages, it does have some drawbacks.
CGI is a simple and effective method to generate dynamic website content. At the same time, CGI applications do not have to be saved on a server, so that no resources are unnecessarily being used. In addition, the Common Gateway Interface is compatible with multiple programming languages which are easily integrated into the existing infrastructure. Last but not least, the open-source standard is free of charge and can be used by developers instantly.
Among the greatest weaknesses of Common Gateway Interfaces is that the time to reply to CGI applications can be relatively lengthy. The program needs to be restarted with each new entry. This can be a problem for websites experiencing high traffic where servers often only support a handful of CGI applications at a time and additional queries are added to a queue or are rejected.
The Common Gateway Interface, much like any interface, can present a security risk if no additional safety measures are in place. Theoretically, external programs gain access to web server data via CGI. Therefore, restrictions should be in place for CGI scripts to not cause any damage.
Alternatives to Common Gateway Interfaces
Over the last few years, various interface technologies have been developed that expand on CGI. At the same time, they are trying to address one of its main shortcomings: reloading the script with each new user query.
ASP (Active Server Pages): ASP was developed by Microsoft for its own server, but is now available for different types of servers. The ASP interpreter is integrated in the web server, so that a new process does not need to be started for its use. ASP commands can be directly written into the HTML pages. Much like CGI, ASP can be used across multiple programming languages.
PHP: Besides Perl, PHP is among the most widely-used script languages in web development. Much of what a CGI script can do, PHP can do too. The PHP interpreter, however, is directly integrated with the web server.
ColdFusion: ColdFusion was originally developed for Windows, but is now available for various Unix platforms as well. The ColdFusion Interpreter is integrated into the web server, much like the other CGI alternatives. Using existing tags or individual control elements, HTML pages can be modified. In addition, ColdFusion provides developers with a series of standard functions.
FastCGI: When using FastCGI, dynamic queries from a web server can be directly processed via a Perl interface without the processor having to be restarted. FastCGI is CGI compatible and is supported by a range of web servers.