Server programming overview
he Enterprise server can be programmed using a variety of tools. Your choice of tool depends on the nature of your programming task, your skill set, and the tools you have available.
CGI (Common Gateway Interface) is widely used on the Word Wide Web, because it lets you run Perl, command shell, or even C and C++ programs. But it can be slow, and it does have some security issues. Chapter 1 addresses the use of CGI.
JavaScript provides the capacity to do server-side scripts. It is a high-level tool that addresses common tasks, facilitates the use of databases, and provides "hooks" that let you call C functions if you need to. To learn more about using JavaScript, consult the LiveWire Developer's Guide.
Java applets run as CGI programs on the server side. Netscape has developed a package called netscape.server.applet that provides a number of classes, such as HttpApplet, Server, and ServerApplet, that give you the tools to develop server-side applets. Java is discussed further in Chapters 2 and 3, and the package is covered in Chapter 7.
The web server provide a set of server application functions (SAFs) that handle authorization translation, name translation, path checks, object typing, logging and error handling--as discussed in Appendix B and in Chapter 4.
The server plug-in application programming interface (server plug-in API) is a low-level programming tool. It provides a wealth of C functions that you can call to program custom functions for your server that replace or supplement the standard set of server functions.
The following section discusses the issues you must consider when choosing among the available tools.
Comparison of server programming tools
Netscape offers server programmers three different tools for programming servers: Java (and Java applets), JavaScript, and the server plug-in API.
Java and Java applets
Java is a complete programming language that supports platform-independent application development. It was developed by Sun Microsystems, to be
Of particular significance to developers of network client applications is the ability of a Java application, called an "applet", to be securely downloaded from any one computer to another in a network. The application can then be loaded dynamically and executed immediately.
On the server side, the ability to use Java applets means that developers can use the same language for server programming as they do for client programming. Because Java includes threading (sometimes called "light processes"), fewer system resources are consumed. Code is safer because Java has no pointers, reducing the chance of accidental or malicious damage to the data and code of the server.
JavaScript
JavaScript is a scripting language that lets the developer specify dynamic behavior entirely within HTML documents. It is derived from Java but is considerably simpler. This means that HTML authors who are not professional programmers can incorporate a rich variety of dynamic behaviors into their documents without the need to write separate support programs such as CGI scripts or Java applets.
A simple example illustrates the power of JavaScript. In the past, to process an HTML form the user had to fill out various elements of the form, and then click on a Submit button. This caused the filled-out form to be transported to a server for processing by a CGI script. The user had to wait for a round-trip over the network, which could take several seconds. Further, the results appeared in a new document, not the one containing the original form.
JavaScript, on the other hand, extends the HTML form by adding an event model similar to most GUIs. It enables the various elements of a form to be associated with events, which can be triggered immediately when the user carries out keyboard or mouse actions within the form. The events invoke JavaScript functions, which have been declared in the document's header. This permits immediate feedback to the user, which can range from simple error checking to complete computations whose results are displayed on the original form. The user sees immediate feedback and, because processing of JavaScript is done on the client, the need for a network round-trip and the invocation of a separate CGI program at the server is completely eliminated.
The ability of JavaScript to add dynamic content to a document goes far beyond this simple example. JavaScript provides access to a substantial proportion of the power of Java itself.
JavaScript plays an especially significant role on the server side of Internet Application Framework applications. The Internet Application Framework includes JavaScript facilities to provide high-performance native access to standard relational databases such as Oracle, Informix, and Sybase.
Server plug-in API
Server plug-in API is the fastest-executing, most powerful of the three tools. But because it's the most sophisticated of the three tools to program, it opens up more possible risks to the server (such as crashing because of a problem in the code of a plug-in function created by a programmer) and to the client than either of the other two. If you need greater power or better performance than the other mechanisms offer, use server plug-in API.
Server application programming
Various Netscape products provide a number of mechanisms for integrating code to execute on a web server. As is the case with client-side integration, both platform-independent and platform-native code can be integrated.
The server programming mechanisms fall into three different groups:
CGI (Common Gateway Interface)
CGI is the Internet standard interface for invoking server-based scripts or compiled programs. It is the most prevalent means of providing dynamic content to HTML documents. Developers can use virtually any scripting language (such as sh, ksh, Perl, or TCL); the majority of present CGI scripts are in Perl. Previously compiled programs written in C, C++, FORTRAN, or other procedural languages may also be invoked using CGI.
CGI programs run as independent processes, initiated by the HTTP server each time a request for services is received from a client. This has three important consequences. First, it makes CGI programs contributed from arbitrary sources relatively safe to run. They can fail without damaging the server. Second, the server is able to, and does, constrain the access of the CGI program to server resources by restricting its permissions and visibility to the server environment. Third, CGI program execution involves a performance penalty due to, among other things, the overhead involved in spawning a process for each request. These three considerations--safety, access, and performance--are addressed in various ways by the other server APIs described in the following sections.
Server plug-in API
The Netscape server plug-in API provides seamless integration of user-specified functions into the Netscape Enterprise Server. Code for NT or Unix platforms can be incorporated to achieve high-performance extensions to the baseline server behavior. A common object model of the server request-handling process is used for either type of platform.
Server plug-in API is a lower-level interface than CGI, Java, and JavaScript. It is also not subject to the safety features that they are--an errant server plug-in API function can crash the server. For these reasons, it is intended for use primarily by professional software developers or server administrators. Typical uses of server plug-in API include:
Java and JavaScript Server APIs
Netscape is working with leading Internet software vendors to define a standard server interface using Java and JavaScript. This uniform server API lets developers to write server applications as well as extend the capabilities of a web server in a cross-platform way by providing: