Server-Side File Access

Since CGI programs are run on the web server, they have the full privledges of any program which can be run on the web server. CGI programs have access to any and all files and devices which any other program would have. This is a double-edged sword, however, because though this means that CGI programs can draw upon any resources available on the server machine [databases, log files, attached hardware, etc], they also can corrupt and/or disrupt these same resources if used incorrectly.

If running in a single-user environment [Windows95, WindowsNT, MacOS, etc], this can be especially dangerous because the single user [and any user programs] have full access to the machine, with relatively few safeguards in place.

If running, however, on a multi-user machine [Unix], there may be appropriate mechanisms in place to help limit the amount of [potential] damage which a rogue CGI script can do. It can also limit the data which the CGI would have access to, but careful planning can avoid this problem.

Allowing the CGI program to have access to files on the server has many advantages. First, it gives the CGI program the ability to refer to files with more information. For instance, a CGI program may be able to connect to a product-information database and return product information to the user, without requiring all the data to be formatted into HTML pages ahead of time. Secondly, it gives the CGI program the much more important ability to write and store information on the web server. This allows the CGI program to have persistence of data. The user may fill out a form, the content of which the CGI program saves and associated with a userid which is given to the user. The next time the user uses the CGI program, they can give their userid, and the information given beforehand can be recalled without the user re-entering it to whatever end is deemed necessary.