[an error occurred while processing this directive]

<H3>HowTo - A Simple Perl Script</H3>

    <P>For starters, here is a <b>very</b> simple perl script utilizing CGI.pm,
      which works in the userpages.umbc.edu environment -- and probably every
      other environment in the world.  It takes a single user input, and does 
      something based on that input...
    </P>
    <UL>
      <LI><A HREF="http://userpages.umbc.edu/~banz/files/cgi_ex/simple-example.txt">Source Code</A></LI>
      <LI><A HREF="http://userpages.umbc.edu/~banz/files/cgi_ex/simple-example.cgi">Try It</A></LI>
    </UL>
    
    <H3>HowTo - Writing To A File</H3>
    
    <P>Being able to write to a file in your account takes a bit more work, and
      requires you to set some ACL information on your account.  We'll assume that
      you don't want the casual user to be able to view this information, so we
      will create a non-public directory in your 'pub' area that will be used
      to store the file.  This directory will have the following access control
      list:
    <UL>
      <LI><B>system:administrators rlidwka</B> - Standard on all directories</LI>
      <LI><B>www.usercgi rlidwk</B> - Allow the CGI user to read/write to this directory</LI>
    </UL>
    
    <I>(please see the below section on security -- placing these ACL entries
      on your directories may expose your account to potential comprimise)
    </I>

    <P>And we create this directory, and set the ACL's with the following
      commands:
    </P>
    <PRE>
irix1[1]% <B>cd ~/../pub</B>
irix1[2]% <B>mkdir cgi_data</B>
irix1[3]% <B>fs setacl cgi_data system:anyuser none www.usercgi write</B>
irix1[4]% <B>fs listacl cgi_data</B>             <I>check our work</i>
Access list for cgi_data is
Normal rights:
  system:administrators rlidwka
  banz rlidwka
  www.usercgi rlidwk
irix1[5]%
    </PRE>
    
    <P>
      Here's a modification of the "simple example" from above that creates
      a DBM file in the directory we've created, and keep a count of every
      visitor to our page.
    </P>
    <UL>
      <LI><A HREF="http://userpages.umbc.edu/~banz/files/cgi_ex/file-example.txt">Source Code</A></LI>
      <LI><A HREF="http://userpages.umbc.edu/~banz/files/cgi_ex/file-example.cgi">Try It</A></LI>
    </UL>

    <H3>Security - There Is None</H3>
    <P>
      Just to be out front and 100% honest, by allowing the www.usercgi AFS
      user access, read or write, to files in your control, you are exposing
      these files to:
    <UL>
      <LI>Be read by others who may execute CGIs on our system, which could
	disclose private information stored in these files.
      <LI>Be written to by others who may execute CGIs on our system -- which
	could fill up your volume's quota, destroy these files, or
	modify the data in these files.
    </UL>
    <P>
      With that said, neither UMBC or OIT will take any responsiblity for
      the security or integritity of those files stored in areas that
      have read or write access by the www.usercgi user.  In addition,
      we ask that any user asking for "input" on web forms that store data
      in these areas to make it clear that any information entered on such
      forms is not stored in a secure method.
    </P>
    <H3>Protecting Yourself</H3>
    <P>
    <UL>
      <LI><B>Do not make directories which contain the CGIs themselves
	  writable by www.usercgi</B><BR>
	Doing so may expose you to having an unscrupulous user place an
	executable CGI in your account.  OIT will consider any CGI located
	in your account as placed there by you for the purposes of our
	Acceptable Use Policy.
      </LI>
      <LI><B>Place "writable" areas outside of your WWW tree</B><BR>
	Having a writable area inside of your WWW tree will make it possible
	for a nefarious user to place a CGI, as described above, within
	that directory
      </LI>
      <LI><B>Check your files regularly</B><BR>
	If you have a "writable" area for data, check it periodically for
	changes to your data or extra files which you do not expect being
	there.
      </LI>
      <LI><B>Write Good Code</B><BR>
	It is very easy to write CGI scripts, using the tools provided
	such as PHP and perl+CGI.pm, that are safe.  However, it is
	even easier to write scripts and code that has <I>security flaws</I>
	that may allow someone, intentionally or not, to gain unauthorized
	access to our systems.  Remember, <B>YOU</B> are responsible for
	any code that executed in your web area, and the outcomes 
	(intended or not) of such code.
    </UL>
    
    <H3>Acceptable Use</H3>
    <P>
      The primary purpose of the user CGI access is for instructional
      purposes.  As mentioned in the <A HREF="http://www.umbc.edu/newsevents/Student/umbc-aup.html">Policy for Responsible Computing</A>, use of
      UMBC systems for commercial purposes is not allowed.  In addition
      to this restriction, we also reserve the right to remove any user
      CGI or Web Page that places a significant burden on resources such
      that the instructional mission of these services are impacted.
    </P>
    <P>As mentioned above in the security section, certain assumptions are
      made that the users of this service will <I>play nice</I>, and will
      not use this service to:
    <UL>
      <LI>Write CGIs that will place a significant burden on OIT
	resources.
      <LI>Read, Write, Modify, Delete, or Destroy data beyond that in their
	own home volume.
    </UL>
    <P>
      With that said, any of the above activities will be considered, for
      the purposes of the previously mentioned policy as: <I>Access information 
	resources, data, equipment, or facilities in violation of any 
	restriction on use</I>, and may result in one or more of 
      the following actions:
    <UL>
      <LI>Immediate revocation of CGI/Web publishing priviliges.
      <LI>Immediate revocation of access to OIT computing resources.
      <LI>Referral to the UMBC Student Judicial Board.
      <LI>...and any other actions specified in the 
	<I>Policy for Responsible Computing</I>
    </UL>
      
[an error occurred while processing this directive]