C/C++ CGI on Embedded device, POST, GET, LOGIN?

Question

I have here a small embedded device with uClinux. There is a Boa web-server, that supports CGI scripts. I need to make basic dynamic pages.

Requirements

• GET method for navigation
• POST method for forms
• LOGIN for authentication

I found this page http://www.cs.tut.fi/~jkorpela/forms/cgic.html There is described how to implement GET and POST method.

But what about login and users? Is possible to use login names and password from linux? Do you have an example how to implement http authentication?

Or is better use this cgi c++ library? http://www.gnu.org/software/cgicc/

I have no experience with that, thanks.

Answer 1

For authentication, you'll need to keep a "session state table" on the server. That is a static data structure, file, or db table that keeps track of currently-authenticated session ids, user ids they map to, and permissions. For security reasons, it's probably also a good idea to store the IP address and user agent in the state table (when Slashdot asks you whether your session never moves, moves within a subnet, or follows you everywhere, it's because they are invalidating any session that comes from outside your IP range unless you tell them specifically that it's okay).

Your CGI programs can then refer to the session state table to see if a given request is coming from a logged-in user, who that user is, and what permissions they have.

For security reasons, you should store the session id client-side in a cookie rather than in a GET string. Make sure that your session ids are random as best you can.

EDIT: your best bet for the session state table would either be MySQL/PostgreSQL if you're using it, or maybe IPC with a small C program you write specifically for that purpose, using either a built-in home-grown data structure or SQLite

Answer 2

Or you can try http://www.gnu.org/software/libmicrohttpd/ (never used, but there are references on google in uClinux-dist).