Section for Week 10, Thursday, 3/18/99  -- REVIEW SHEET

Review of topics for the final.  This is not necessarily a complete list,
but it should serve as a guide for your studying for the final.
The final will be cumulative in spirit but will concentrate on the material
in the latter half of the course.

0.  HOMEWORK -- it is imperative you know everything that's been on HW, as
	        that is the most likely material to be on the final.    
    EXAMS -- anything that's appeared on a midterm or quiz is also fair
	     game for the final.

1.  UNIX -- You should know all of the standard commands:
    ls, more, cat, rm, mkdir, rmdir, cd, ln, pwd, wc, sort, grep, echo, cp,
    mv, chmod (and the appropriate modes for different purposes -- CGI,
    html, command-line scripts, as well as the numeric versions).  Make sure
    you understand redirection using <, >, >>, and | on the command line.

2.  Perl constructs:
    Header "#!/usr/local/bin/perl5 -w" line -- what does it do?  
    Operators:
	[=+*/-], ||, &&, or, and (and differences with the ||, &&), -e,
	defined, <=>
    Functions:
        print, length, split, join, sort, reverse, push, pop, shift, chomp,
	chop, keys, values, chmod, time, localtime, flock, srand, rand,
	require, crypt
    Constructs & Variables:
	while, for, foreach, do, if, unless, $_, @_, @ARGV, <>, <STDIN>,
	`...`,  "here" documents, subroutines, $! (errno of last `...`),
	%ENV, $;
    Syntax:
	$v, @v, %v, $#v (index of last value), scalar @v (=1+$#v)
    RegExps:
	matching, substitution, multipliers, char classes, memory,
        alternation (or), anchoring (^, $), case sensitivity, \d == [0-9],
        \w == [a-zA-Z0-9_], \s == [ \r\n\f\t], caps for negation of these.  
	Global matching (in loop context, or in subst context).
    Strings:
	\n, \r, \t, \f, \b, \a, \e, \007, \x7f, \cX (^X), \\, \", \[lLuUQE], 
	`.', `x', eq, ne, lt, gt, le, ge, cmp

3.  HTML:
    Tags:
	!DOCTYPE, HTML, HEAD, TITLE, BODY, FORM (and related tags -- see
	6-Tuesday notes for these), TABLE (and their uses for aligning
	forms),
    Server-side:
	Know SSI #include and #exec syntax and function
	Redirects -- Location: line
    Cascading Style Sheets:
	Know the syntax for specifying rules and externally linking style
	sheets.  Know the properties and values on handout U.
    Frames: 
	syntax & uses.
    Imagemaps -- see 9-Thursday for this
    XML: 
	Syntax, header, examples from class and HW.

4.  CGI:
    Content-type: text/html 
    Acquiring QUERY_STRING and extracting the data (know &Get_Form_Data
    *well*).  Understand encoding of QUERY_STRING.
    Passing data along in HIDDEN fields from one CGI to the next (via
    virtual forms).
    Everything that's in cgi_helper as of the last assignment is fair game.

5.  GENERAL: 
    hex vs. decimal vs. binary vs. octal
    Diffie-Hellman Key Exchange

6.  Q&A:
xa) How is it specified which of GET and POST is used, and how does the CGI
    program know which?
    FORM TAG IN HTML SPECIFIES METHOD="GET|POST", CGI GETS IT FROM
    QUERY_STRING
 b) Why is the original ASCII chart 128 symbols, not 64 or 256?
    7 BITS, ONE FOR CONTROL
xc) Can two users read a web page at the same time?  Run a CGI program at
    the same time?  What is an example of a CGI application for which two
    users should not be allowed to run the CGI program at the same time?
    How can they be prevented from doing that?
    YES FOR WEB PAGES/CGI PROGRAMS.  IF ANY WRITING IS BEING DONE BY THE
    CGI, NOT MORE THAN ONE COPY SHOULD RUN SIMULT.  SCRIPT-WIDE LOCK FILES
    WOULD DO.
xd) What is the problem of "statelessness" of CGI?  How can information
    be passed from one CGI call to another?
    STATELESSNESS PREVENTS INFORMATION ENTERED IN ONE FORM FROM BEING
    AVAILABLE DOWN THE LINE.  HIDDEN FIELDS CAN CIRCUMVENT THIS.
xe) Can two different HTML forms activate the same CGI script?  If they
    do, how could the script be told which one is sending the information?
    YES.  SET SPECIFIC HIDDEN FIELDS IN THE FORMS.
 f) Why do server-side include and exec look like comments?
    SO THAT IF THE SERVER DOESN'T SUPPORT THE FEATURE AND THE HTML IS PASSED
    TO THE BROWSER, THE BROWSER WILL IGNORE IT.
xg) How can a dummy lockfile be used to make it possible for a CGI script
    to run for only one user at a time, even though it may open and
    close a data file several times?  Why is it a bad idea to use the
    same dummy lockfile name for several different CGI programs?
    USE A DUMMY LOCKFILE TO LOCK UP AT THE BEGINNING OF THE SCRIPT AND
    UNLOCK RIGHT AT THE END.  DIFFERENT CGI'S (THAT SHOULD BE ABLE TO RUN
    CONCURRENTLY) SHOULD NOT USE THE SAME LOCK FILE BECAUSE THIS CAUSES
    SCRIPTS TO WAIT WHEN THEY DON'T NEED TO.
 h) To be able to test a CGI script that uses GET by just running it
    on a command line, you can temporarily edit the script to set
    some environmental variables at the beginning.  Which ones?
    QUERY_STRING, REQUEST_METHOD.
 i) If you have a web form that asks for passwords, why would you save
    the passwords in encrypted form?  How can you use a Perl function
    to do the encrypting?
    BECAUSE ANY DATA PASSED BACK AND FORTH IN HIDDEN FIELDS IS NOT SECURE.
    USE CRYPT:
    $encrypted=crypt $password, $salt;
    where salt is a two-character string from [a-zA-Z0-9./], used to perturb
    the encryption in one of 64^2=4096 ways.