vbrtrmn has asked for the wisdom of the Perl Monks concerning the following question:

This novice contracts for a Fortune 500 company. I am currently fighting a very (technophobic) up hill battle against the forces of IIS. We use an archaic template based system that is basically a bunch of included HTML files. I found when I started working here that CGI includes are turned off, due to .. um .. security concerns. I have some great ideas using CGI/SSI, but I haven't found enough ammo to convince them to turn it on. Can the great monks here grant em some insight to offer up?

Thanks!!
--
paul

Replies are listed 'Best First'.
(Ovid) Re: Turning on CGI SSI
by Ovid (Cardinal) on Jun 19, 2001 at 23:15 UTC

    Sure I'll give you ammo. Just as soon as you tell me what type of gun that you have.

    What do you want to do with the CGI/SSI? Can you be more explicit? It can be a nice combination, but it also can be a poor idea, if done wrong. Further, there are some significant security concerns with it, depending upon what you want to do. If you have an archaic template system, can you port it to a modern one like Template Toolkit? My thoughts on technology solution arguments:

    • PHB (pointy-haired boss):

      Let's use technologies X, Y, and Z. Now what was the problem?

    • Ovid:

      If you don't know the problem, how do you know the solution?

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
      Sure, here's an example of one of our pages:
      Page
      index.html
      Includes
      /aliasdir1/hdr/header.html
      /aliasdir1/nav/nav.html
      /aliasdir1/foot/footer.html
      /aliasdir2/content/content1.html
      /aliasdir2/content/content2.html
      /aliasdir2/content/content3.html
      The company deals with homeownership. Let's say I want to add a dynamicly generated list of brokers between content2.html and content3.html. Something simple from a flatfile or database; or maybe a graph to show the interest rates over the last 10 years; or whatever.
      • Simply I could include a CGI script that gets data from a flatfile or database.
      • Currently, I'd have to write a script to:
        1. open the current file
        2. parse throught the current file, to find all of the includes
          probably using something arcane, because I don't have access to install CPAN Packages
        3. open the alias file
          i think it is in: /pkgs1/ns-home/web/https/https-www-dev1/config/obj.conf
        4. search for the required aliases
        5. reassemble the includes with the proper aliases
        6. open the includes
        7. process my database or flatfile request
        8. re-assemble everthing into the right order
        9. then make sure that every link in the entire site (over 2000 pages), links to my CGI script, instead of the original html file.
      I may have missed a step or two, but it is a big hassle. Not to mention a memory hog, especially if I am doing it on the homepage, which gets a decent number of hits per day.
      --
      paul
[reply]

        Hmm... this looks perfect for Template Toolkit. Your CGI script might be something like (this is all very untested):

          #!/usr/bin/perl -w
  use CGI;
  use strict;
  use Template;
  $|++;

  my $file    = "base.tmpl";
  my @brokers = &get_brokers;

  my $template_data = { name    => $name, # This would probably get pa
+ssed to header.html
                        brokers => \@brokers };
  my $template = Template->new( { INCLUDE_PATH => '..\aliasdir1:..\ali
+asdir2',
                                  ABSOLUTE     => 1
  } );

  $template->process( $file, $template_data ) or die $template->error(
+);

  sub get_brokers {
    # return an array of hash refs with keys being
    # qw/ ID name address city state zip phone /
  }

        [download]

        You template file might look like this:

          [% INCLUDE '/hdr/header.html %]
  [% INCLUDE '/nav/nav.html %]
  [% INCLUDE '/foot/footer.html %]
  [% INCLUDE '/content/content1.html %]
  [% INCLUDE '/content/content2.html %]
  [% FOREACH broker = brokers %]
  <ul>
    <li>[% broker.ID %]</li>
    <li>[% broker.name %]</li>
    <li>[% broker.address %]</li>
    <li>[% broker.city %]</li>
    <li>[% broker.state %]</li>
    <li>[% broker.zip %]</li>
    <li>[% broker.phone %]</li>
  </ul>
  [% END %]
  [% INCLUDE '/content/content3.html %]

        [download]

        That's how easy it is to generate dynamic content with Template Toolkit. Do you need one of the included files to interpolate some variables? Just create a new key in tha anonymous hash in $template_data and reference it in the document with [% keyname %]. I don't see why SSI's would necessarily be superior. Template Toolkit is rather easy to use, once you get over the initial learning curve.

        Cheers,
        Ovid

        Update: The reason I mention the Toolkit instead of SSI is because SSI is slow and, if improperly configured, can result in security holes. Toolkit can turn the templates into subs and cache them, making this a fast, robust system. SSI's are fine for simple things, but as the site gets more complex, the are very limited in what they can do. Since your site is 2000+ pages, I suspect you will quickly run into the inherent limitations in SSI.

        Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom