CGI: What & How?
CGI (Common Gateway Interface) is a specification which tells how a web server should
communicate with other programs residing in the server.
CGI == Perl?
Nope! Perl is just another language which is used to create CGI applications.
Almost every language ever invented can be used to write CGI programs (provided
your server supports it!).
What is CGI-BIN?
This is a special directory where CGI programs reside. Some web servers require
that CGI programs reside only in this directory. Other webservers execute
applications residing in normal html directory with extension .cgi.
The CGI-BIN directory generally resides outside the html directory. But when
accessing a program in that directory through a web browser, you specify the URL
as if the CGI-BIN directory is within the html directory. This seemingly unwanted
complication is a necessity because of security concerns.
CGI & Security
Running CGI application in your server is like letting anyone (just about anyone!)
to run program in your server. Suppose your CGI application deletes some specified
records in your database, there are chances that a cracker, by passing some wrong
argument to your CGI program deletes all your records. Security should be given
high priority when developing CGI applications.
Disadvantages
Each request to the CGI application spawns a new process. The overhead of
creating a new process is high. Languages like PHP, ASP and Cold Fusion do
not spawn new process for each request. They create in-process threads.
Security risks are many when executing a CGI application. CGI applications
do not run in a protected environment like Java Servlets.
CGI applications do not support concepts like connection pooling when developing
database applications. This again creates unwanted overhead for the database
server.
Languages designed specifically for the web like PHP are easier to learn and implement.
Inspite of the disadvantages discussed above, CGI programs are widely used, generally
for the raw power it provides.