More Web Publishing Information
While simple websites are just a collection of .html files which are sent to browsers directly when they ask for a webpage, it is possible to make more advanced sites which execute a program when someone asks for a page, and the output of the program is sent instead of a simple html file. This is handy for processing web forms, adapting output for each user, and creating full blown applications on the web. Many pages you use every day work this way, such as search engines, content management systems, comment engines, and anything else interactive on the web.
PHP is a popular programming language designed specifically for serving dynamic websites. PHP is available on the physics web servers, although it is not enabled by default - contact us if you need it. After enabling it, any files which end in the .php extension will be processed by the PHP engine.
You can learn more about using PHP from the PHP website: http://www.php.net/manual/en/
For security reasons, all PHP code is executed under your user account (or the group service account, for group pages), so it will have access to anything you yourself do when logged into one of our Unix/Linux boxes.
Our server will also refuse to execute any php files which are not owned by your account, or which are writable by anyone other than yourself.
Besides that, you need to give due attention to keeping your php code secure. We'll have to disable php on any parts of the server which demonstrate insecure behavior. You can find one decent quick introduction to php security here: http://www.phpfreaks.com/tutorial/php-security
Execution of CGI programs is possible from personal web areas, provided certain fairly stringent conditions are followed. CGI programs are executed via the Apache suEXEC feature. The documentation at the Apache site details the conditions under which suEXEC will run a user-supplied CGI program. The main things to watch for are:
Note that we do not support basic cgi on the groups.physics.umn.edu webserver.