CSCI399
Autumn Session, 2009
Exercise 1
This exercise covers some preliminary work that
you should attempt before you start Assignment 1.
- Add an
"execute" permission for "others" on your home
directory (read the caution on security risks
below).
- Create a public_html
directory in your home directory. It will probably be created with
"read/execute" permissions for group and others. Remove the
group permissions.
- Create a simple
"Hello.html" file in your public_html directory:
<html>
<head>
<title>Test</title>
</head>
<body>
<p>Hello world</p>
</body>
</html>
Give read
permission to others for this file.
- Aim the Firefox
browser at http://localhost/~youruserid/Hello.html.
Your "Hello world" page should be displayed - if it isn't
displayed check all access permissions and if you cannot fix the problem
seek help from the lab supervisor!
Don’t simply open the file in your browser! Of course that lets you see the
contents, but you aren’t accessing it through the web-server.
That doesn’t matter when it is just a HTML display file, but as soon
as you get to things like forms with Submit buttons, or PHP scripts,
nothing is going to work.
- Using the examples provided,
try manually composing a set of pages that use HTML markup features for
lists, links, images, font changes etc.
- Using the simple
examples provided and the material at Web Developer,
experiment with the definition and use of "style sheets" to
create a standardized "house style" for a set of HTML pages.
- Use of Javascript for
client side computations.
The lecture
notes include a small example of a currency converter script (slides
47...52; around page 8 of PDF file). Create your own version of the
example form page and Javascript code making the currency calculator a little
more sophisticated.
- Use of Javascript for
form field verification:
Create a HTML form with name and age input text fields. The form does not
define "method" or "action" but does have an "on
submit" event handler that invokes some Javascript code that you have
written.
Your code should check that the name field contains at least three letters
(it can also contain single quote marks and hyphens), and that the age
field contains a string representing a number in the range 0..120.
If the data are valid, your code should display an alert with
"Validated". Otherwise your code should display an alert with an
error message.
The forms
example code and the "Fred's pizza" example in the lecture notes
have Javascript that you can adapt.
- Use of Javascript code
for dynamic pages:
The examples
on HTML tables include a table displays images and handles roll-over -
changing the image display in response to user actions.
Adapt this Javascript/table example to create a "MyFriends"
page. This should display an array of photos of your friends and a
rollover section that displays information identifying each friend.
- Get the Minimal C++
CGI example to work.
The C++ source files, makefile etc should not be placed in your
public_html directory. Use some other directory for code development and
testing. You can test code that handles a HTTP GET request by defining the
environment variable QUERY_STRING (e.g. QUERY_STRING='name=fred&age=99';
export QUERY_STRING).
Once compiled and tested the executable must be copied to your public_html
directory and renamed - the file name must end with .cgi. The file must be marked as
readable and executable by others.
Modify your name/age form so that it submits valid data to the cgi program
in your public_html directory.
- Get the example Echo.cgi
program to work in your public_html directory (the source C++ code etc
should not be stored in public_html).
When you have
completed those exercises you can start on Assignment 1.
Caution - security risks
Assignments 1-3 all
use the Apache servers on the Ubuntu machines. An Apache server process (or
spawned child process) must be able to access a "public_html"
directory in your home directory. This requires that your home directory have
"execute" permission for "others" (Apache runs as user
"nobody" - not you, not a member of your "student" group,
an "other"). Your public_html directory also must be created with
execute permission for "others".
In assignment 1, you
will also need to create some subdirectories and files that are writeable by
Apache - these directories and files must have "write" permission for
others. (These directories and files are used to support file-based persistent
storage. File-based persistence is rarely used in practice; normally one works
with a database. There are complex mechanisms that allow Apache to launch child
process that run with your user-id and therefore can access your files without
needing global "write" permissions; but our simple Apache setup
doesn't allow for this.)
It is very dangerous
to have a “global” write permission on a file or directory. You
should enable such permissions just for the time that you are running tests and
always remove write permissions when you complete an exercise.
Execute permissions
on directories are a lesser risk. But they still permit others to try looking
at your files. If they can guess a file name, and if that file is readable by
others, then they can read its contents. In principle, this introduces the
possibility of your lazier colleagues stealing your work. Of course you call
your PHP script "index.php" (because that is the name that NetBeans
gave it) and of course it is readable by others (as Apache is an
"other"). In practice, the problem isn't too severe. You didn't add
permissions for "group" and all your colleagues are in group
"student" just as you are. Group permissions override
"other" permissions - no permission for group means another student
cannot look at your files (a staff member or grad student would be an "other"
as in a different group, and they could look at your files).
All the same, it
would probably be a good idea for you to add the execute permission to your
home directory when you start a test, and remove the permission when your test
is complete.