Compiling Web Scripts for Apache
description
Transcript of Compiling Web Scripts for Apache
![Page 1: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/1.jpg)
Compiling Web Scripts for Apache
Jacob MatthewsLuke Hoban
Robby FindlerRice University
![Page 2: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/2.jpg)
The Goal (Version 1)
Write a CGI program like this:
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 3: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/3.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 4: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/4.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 5: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/5.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 6: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/6.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 7: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/7.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 8: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/8.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 9: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/9.jpg)
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “And another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 10: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/10.jpg)
An Observation
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 11: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/11.jpg)
An Observation
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
n = 4
If we have the red and the blue box, we can resume the program at that point
as many times as we want.
![Page 12: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/12.jpg)
CPS FormThere’s already a standard transformation that does what we want!CPS conversion, lambda-lifting, and closure conversion give us red boxes at every point and arrows connecting them
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
![Page 13: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/13.jpg)
Read-from-web(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
n = 4
<INPUT TYPE=“hidden” NAME=“environment” VALUE=“n=4”>
<INPUT TYPE=“hidden” NAME=“What’s Left?” VALUE=“A B C”>
![Page 14: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/14.jpg)
So what can we handle?
Creating, invoking, and passing closures
Creating and passing other basic values (cons, vector, string, etc)
Basic control constructs (if, let, cond, etc.)
call/cc
![Page 15: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/15.jpg)
What can’t we handle?
variable assignment mutable values generative structures exception handling dynamic evaluation input/output ports threads integration with native code …
![Page 16: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/16.jpg)
Plus …
… we have to be efficient!… we have to be secure!
![Page 17: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/17.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
![Page 18: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/18.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
sum = 9
![Page 19: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/19.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
![Page 20: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/20.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
![Page 21: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/21.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
![Page 22: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/22.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
![Page 23: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/23.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
sum = 12
But then, the user hits the ‘Back’ button ...
![Page 24: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/24.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
sum = 9
sum = 9, not 12!
![Page 25: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/25.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
sum = 9
![Page 26: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/26.jpg)
Variable Assignment
(let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop))))
a = 9
sum = [a]
![Page 27: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/27.jpg)
Variable Assignment
(let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop))))
a = 9
![Page 28: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/28.jpg)
Variable Assignment
(let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop))))
a = 12
![Page 29: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/29.jpg)
Variable Assignment
(let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop))))
a = 12
![Page 30: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/30.jpg)
Variable Assignment
(let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop))))
a = 12
![Page 31: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/31.jpg)
Variable Assignment
(let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))
a = 12
If the user hits the back button now, everything still works!
sum = [a]
![Page 32: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/32.jpg)
So where does the purple box go?
We need some place that’s associated with a particular user, but not a particular web page
Browser cookies might work
![Page 33: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/33.jpg)
Mutable Values
H do we handle other mutable values like cons cells, hash
tables, and vectors?
![Page 34: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/34.jpg)
Mutable Values(let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop))))
![Page 35: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/35.jpg)
Mutable Values(let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop))))
lst = (cons #f ‘())
Same problem, different primitive
![Page 36: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/36.jpg)
Mutable Values(let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop))))
lst = (cons [a] [b])
a = #fb = ‘()
![Page 37: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/37.jpg)
Mutable Values
But if we add to the purple box every time we make a list, we’ll have problems:
Even lists that never need to be saved get added
The purple box is never garbage-collected There are too many constructors anyway!
![Page 38: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/38.jpg)
Mutable Values
So instead, we get lazy! Only add or update the purple box when we
actually call read-from-web
![Page 39: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/39.jpg)
Mutable Values(let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop))))
lst = (cons #f ‘())
![Page 40: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/40.jpg)
Mutable Values(let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop))))
lst = (cons [a] [b])
a = #fb = ‘()
In fact, we add all new mutable values reachable from the
environment
![Page 41: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/41.jpg)
But Won’t the Store Still Be Too Big?
Yes!Even worse: the store never shrinks!Cookies aren’t feasibleFor now, put (some of) the store on
the server
![Page 42: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/42.jpg)
Security
As it stands, attackers can make up anything as the blue and
purple information!
![Page 43: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/43.jpg)
Security
(if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page))
![Page 44: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/44.jpg)
Security
(if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page))
The attacker can’t choose the red boxes, but can choose where the
arrows point …
![Page 45: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/45.jpg)
Security
(if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page))
… And that’s bad enough!
![Page 46: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/46.jpg)
Security
A solution:Encrypt the contents of the hidden
fields and the cookies Keep a secret key only on the
server
![Page 47: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/47.jpg)
Efficiency
We’ve got too many red boxes!They make the program largerMore arrows means larger values
in the hidden fields and longer page download times
![Page 48: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/48.jpg)
A Solution
“Full” CPS is too much - we don’t need all the red boxes!
![Page 49: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/49.jpg)
Efficiency
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
The program never reaches (+ n m) without going directly on
to display-to-web …
![Page 50: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/50.jpg)
Efficiency
(let ((n (read-from-web “Type a number: ”))
(m (read-from-web “and another: ”)))
(display-to-web “The sum is: ” (+ n m)))
… so we can combine the two boxes!
![Page 51: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/51.jpg)
Security
(if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page))
This also helps with security:
No guarantees
The attacker can’t name the display-secret-page box anymore
![Page 52: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/52.jpg)
Conclusions
Even in a real language, we can compile direct-style programs into CGI style so they can run on Apache
It’s important to try out theories by scaling them to real-sized applications
![Page 53: Compiling Web Scripts for Apache](https://reader036.fdocuments.in/reader036/viewer/2022062305/56814876550346895db57daf/html5/thumbnails/53.jpg)
Thank You!