Designing z/OS CGI Web Applications for the Craven - Hands-on Lab

Transcript

1. Designing z/OS CGI Web Applications for Designing z/OS CGI Web

   Applications for the Craven (Hands the Craven (Hands- -On Lab) On Lab) SHARE Session 2996 March 2, 2002 Matthew Finlayson IBM Portland, OR [email protected] Permission is granted to SHARE Inc. to publish this presentation paper in the SHARE Inc. proceedings; IBM retains its right to distribute copies of this presentation to whomever it chooses. (c) Copyright IBM Corporation, 2008 Part II of the introduction to CGI programming on z/OS Part II of the introduction to CGI programming on z/OS UNIX session 2995 UNIX session 2995

2. * All other products may be trademarks or registered trademarks

   of their respective companies. Java and all Java-related trademarks and logos are trademarks of Sun Microsystems, Inc., in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows and Windows NT are registered trademarks of Microsoft Corporation. UNIX is a registered trademark of The Open Group in the United States and other countries. SET and Secure Electronic Transaction are trademarks owned by SET Secure Electronic Transaction LLC. Notes: - Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here. - IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply. - All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions. - This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice. Consult your local IBM business contact for information on the product or services available in your area. - All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. - Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. - Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography. The following are trademarks of the International Business Machi The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. nes Corporation in the United States and/or other countries. Trademarks IBM* IBM eServer IBM e(logo)server* IBM logo* Language Environment* MVS On demand business logo OS/390* Parallel Sysplex* RACF* System z9 z/Architecture z/OS* zSeries* * Registered trademarks of IBM Corporation

3. To Get Started To Get Started For the exercises in

   this lab and to view a copy of this presentation, open a browser and go to the following page: http://mvs1.centers.ihost.com:8420/~stiert This page contains links to information you will need for the lab exercises as well as links for Part I (session 2995) Note: This page will be referred to as the "Lab Home Page"

4. Session Abstract Session Abstract This lab session is a follow-up

   to lab session 2995 (Simple but Useful Web Applications with your Favorite Scripting Language). The session is intended for those who would like to learn more advanced techniques such as using cookies, designing interactive forms, and basic JavaScripting. It is also for those who would like to continue enhancing the web application they began in session 2995. Note: This lab uses the IBM HTTP Server (IHS) Powered by Apache, however, most of the generic concepts presented also apply to the original IHS.

5. Goals of this Presentation Goals of this Presentation Build on

   the knowledge gained in Part I Focus on some miscellaneous, but particularly useful, topics for basic CGI programming Reinforce any subjects discussed in Part I Specifically, will be covering the following: Server-side-includes (SSI) Password protecting directories Trick for preventing external linking Using cookies Redisplay form data Simple JavaScript example

6. Not covered in this presentation Not covered in this presentation

   Complete specs on protocols (HTTP, HTML, CGI, Apache server configuration, etc) Simply not enough time and not really needed for level of this course. Detailed programming instruction Again, not enough time. Will provide examples and leave further education up to you and your interest. Security issues Will touch on because important, but presumption is that scope of application is internal use, intranet, etc.

7. Server Side Includes Server Side Includes Causes the server to

   modify a web-page as directed by SSI statements before returning page to browser. Typically configured for files with ".shtml" extensions (but not required to be .shtml). Server scans .shtml files for SSI statements and dynamically replaces them with data specifed by statement. Allows certain degree of dynamic creation without requiring programming. Three statements covered in this presentation: #include #exec #flastmod and #config

8. Server Side Includes cont... Server Side Includes cont... #include -

   used to insert the contents of a file on the server into the location of the #include tag. Very useful for imbedding common peices of HTML code into all pages of a website. For example, the common navigation links or logos. #exec - used to insert the output from a program. Does not take arguments. Some security issues for external sites. #fmodlast and #config - used to insert the last modification date of a file. Often used to display the current date of a webpage. Please see examples linked from Lab Home Page as ssi/

9. In this exercise, you will use Server Side Includes Go

   to the Lab Home Page and click on exercise 4 Exercise 4: Server Side Includes Exercise 4: Server Side Includes

10. Using .htaccess files to password protect a Using .htaccess files

    to password protect a directory directory Distributed (directory-level) configuration files-- provide a way to make configuration changes on a per-directory basis. Default name is .htaccess (note the dot). We will use them to demonstrate how to password protect a directory. When you see a password box like the one on the right, it was created using .htaccess Applies to all sub-directories

11. Steps to password protect directory Steps to password protect directory

    Create .htaccess file in directory you want to protect. Example: AuthUserfile /shareuser/stiert/sanjose_08/.htpasswd AuthGroupfile /dev/null AuthName "SHARE Lab Password Protected Directory" AuthType Basic require user username Generate user/password in .htpasswd file Use htpasswd utility Ex: htpasswd .htpasswd username

12. In this exercise, you will password protect a directory using

    .htaccess file. Go to the Lab Home Page and click on exercise 5 Exercise 5: password protect a Exercise 5: password protect a directory directory

13. Exercise 5a Exercise 5a- - Trick for preventing external Trick

    for preventing external linking linking Another usage of .htaccess Prevent users from linking to your page from anywhere else but your website. Effective for preventing spammers, robots, or other unauthorized users from accessing webpages/programs on your site. Refer to exercise 5a.

14. Web Cookies Web Cookies Small bits of data (less than

    or equal to 4K) which can be sent to a web browser and later retrieved by the server unchanged. Keep in mind that some people don't trust them and disable them because they are used maliciously for tracking or because they have mistaken understandings of what they do. Normally, web-transactions are stateless, cookies allow preservation of data across sessions Cookies can be set to expire immediately, after a set time, or indefinitely Servers can only retrieve cookies set by them. There are some security exposures for CGI programs that trust them too much

15. How to Set a Cookie How to Set a Cookie

    The CGI program sends a "set-cookie" request: Example: To set a cookie with name "cgilab" and value "S2996" with expiration date of "August 16, 2008, 11:00:00 GMT": in Perl (or php): print "Set-Cookie: cgilab=S2996; expires=Saturday, 16-Aug-2008 11:00:00 GMT\n"; in PHP with setcookie() function: $time=time()+3600; // expire in one hour setcookie("cgilab","S2996",$time);

16. How to Read a Cookie How to Read a Cookie

    Only the cookies associated with the requesting domain are returned. Cookies are stored by the server in the environment variable 'HTTP_COOKIE' which has the format: var1=value1; var2=value2; ... Can be read and parsed from HTTP_COOKIE or can use built-in functions. For example: in PHP, cookies are automatically parsed into the _COOKIE hash.

17. In this exercise, you will write a CGI program to

    set a cookie and a program to read the cookie. Go to the Lab Home Page and click on exercise 6 Exercise 6: Set and Read a cookie Exercise 6: Set and Read a cookie

18. Redisplaying Form Data Redisplaying Form Data For html forms that

    validate data, you want to be able to redisplay data that has already been entered. It's not very friendly to make people re-enter data You may want to display a specific error message To do this, we do two things: Generate html in our CGI app Use the "value=" attribute Go to the Lab Home Page and click on exercise 7

19. A Simple JavaScript example A Simple JavaScript example JavaScript allows

    "client-side" processing Shifts load to browser instead of server Faster for client Not always as user-friendly Often Used for: Auto-completion of forms (ex: "use same billing address") Validation of fields prior to submitting Go to the Lab Home Page and click on exercise 8