ISAPI, CGI, DSO --- Linux?

Good day!

Under Windows I can use Delphi to create an ISAPI dll to run on IIS for the purpose to encrypt and save data to a MySQL database. This is perfect for my purposes, because the actual ISAPI is compiled and the Encryption Algorithm is hidden.

I would like to do the same on Linux with an Apache server and MySQL database.

I have read up allot on the Internet and stumbled onto something called Dynamic Server Ojects (DSO).

Is DSO the Linux equavelant of the Windows ISAPI ?

I read that you can create these DSO's with Kylix. Following the true Spirit of Linux, I would need a free tool that can create these objects, but alas! Kylix is not free! Unless you use the LIMITED FUNCTIONALITY "Open" edition.

My questions are as follows:
- Is DSO the Linux equavelant of the Windows ISAPI ?
- If Linux supports CGI, can a CGI developed under Delphi (Windows) be used on Linux ?
- Any links to free plugins for Kylix Open to be able to create DSO ?
- Any Links to Step-by-Step tutorials on developing DSO / CGI for Linux and how to implement them under Apache 2.0

Thanks in advance!

Who is Participating?
Triple DES would be the strongest.

> My website will be hosted on secure servers

Is the server dedicated to your site or is it shared with other sites? Personally, there's no way that I'd store sensitive financials on a shred server. There's just too may ways that the data could be compromised. And, I never store that sort of info on a publically accessible server. I use a separate server to store the information that has no direct access to the Internet. And only a limited view of the stored data is visible to the web server (only partial credit card info).
> Is DSO the Linux equavelant of the Windows ISAPI ?

From the way that I seen ISAPI dlls used I'd say yes. Both are a way to extend the functionality of a web server. Since they are simply a shared library object, loaded on demand by Apache you don't have to use Lylix to create one. They can be written in C/C++ fairly easily (see any of mod_* modules for Apache for examples).

> can a CGI developed under Delphi (Windows) be used on Linux

I'd say no. But one can write a CGI for an Apache server in any language that Linux supports (Bourne shell, Perl, Python, C/C++, etc.).

rogueripperAuthor Commented:
Hi jlevie

Thanx for the HELP!

I discovered the following on 


HOWTO: Write an Apache2 (DSO) Module in C

It turns out to be extremely easy to write an Apache 2.x.x module in C. Start by creating a simple template for your module on your file system:

# /usr/local/apache2/bin/apxs -n name -g

The above command should output something like the following:

Creating [DIR]  name
Creating [FILE] name/Makefile
Creating [FILE] name/
Creating [FILE] name/mod_name.c
Creating [FILE] name/.deps

Next compile the sample module:

# apxs -c -i mod_name.c

After the module has compiled, activate the module in your httpd.conf file by adding the following lines:

LoadModule name_module modules/
<Location /nametest>
     SetHandler name

Next restart your webserver:

# /usr/local/apache2/bin/apachectl restart

Finally test your new module:

# lynx -mime_header http://localhost/nametest/

The output should be similar to the following one:

HTTP/1.1 200 OK
Date: Tue, 31 Mar 1998 14:42:22 GMT
Server: Apache/2.0.48 (Unix)
Connection: close
Content-Type: text/html

The sample page from mod_name.c


This works!

A few problems though................

How do I receive values from the "POST" or "GET"?
How do I output the HTML to a user?
How do I make a connection to save the data to a MySQL database?
In which file(s) does all my code go into?

I just cant find any tutorials on the web for what I am trying to achieve.

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

From what I see in the question it sounds like you want to have a web application that gathers some data from a user & encrypts it (how much data?) and stuffs the result into a MySQL database. It also sounds like you want to "protect" the encryption method for data security.

Doing this with a DSO would be the hard way. Personally I'd use  PHP and either one of PHP's encryption functions or call an external compiled program, depending on whether the passphrase for the encryption is fixed or part of the user data. I'd need to know more about the data and how it is used to be able to suggest an encryption method.
rogueripperAuthor Commented:
Hi jlevie

Yes, you are quite right- I would like to gather user information, ecrypt it and store it inside a MySQL database.

The web app. gathers roughly 20 text fields of [1 char min] and [100 chars max].

I wanted to use php to do the ecryption, but (as you noticed) the php script would not be compiled and therefore the encryption method would not be secure. (eventhough the web app. is hosted on a secure server at a webhost- you never know who has access to where!?). For that reason I would have made my own encryption method.

If there is anyway to compile a php script-> that would be super! - but Zend compiler costs a bundle :o(

Thanx jlevie!
The security of the data will be determined in part by the encryption method used and in part by where the passphrase comes from. If you use something like 3DES as a method (see PHP's mcrypt docs) it doesn't matter that someone figures out what encryption method is being used. Without the passphrase it would take thousands of years of compute time to break the encryption.

The problem then becomes a matter of securing the passphrase. I'm guessing that you'll be using the same passphrase for all of the data. Ideally that means that the passphrase would not be stored in a file on the server at all, but would be entered when the web server starts and held in memory. While that is practical for a local server it may not be useful on a server at a web hosting authority.  That means that the passphrase will have to reside in a file on the server.

The security of the server is what's of interest in this case. It really doesn't matter if the passphrase is held within compiled code or in plain text. If that file can be accessed by un-authorized users the passphrase can be recovered. Obiously one want's to use a dedicated server in this case because access to the server can be limited. Since a dedicated server only has accounts associated with the web site it can be far more secure than a shared server. The normal security rules  apply; all unnecessary services disabled, only ssh/scp access, all security updates in place, and only accounts for the site admins.
rogueripperAuthor Commented:
Hi jlevie!

Thankyou so much for all your help through this.

So my conclusions are the following:

I am able to compile a file to encrypt data and connect to a MySQL database, but the work involved would need to be developed in C. ---- ouch!

My website will be hosted on secure servers- I just wanted to take extra precausions to ensure security by compiling the source code somehow. I decided to develop the website using the php encryption functions via mcrypt.

I found these functions straight of the php website (it was written by Mike Zaccari). Are they any good for what I need to do?

$key = "Secret Key";

//Encrypt Function
function encrypt($encrypt)
global $key;
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
   $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv);
   $encode = base64_encode($passcrypt);
   return $encode;

//Decrypt Function
function decrypt($decrypt)
global $key;
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
   return $decrypted;


Thanx again jlevie for all your help!

They should work, although that isn't the strongest encryption that mcrypt() can do. But then you may not need anything more than that.
rogueripperAuthor Commented:
Hi jlevie

The obvious question:

So what is the strongest encryption that mcrypt can do?

I need this for excrypting sensitive financial information ---- i.e credit card details etc...

Thanx jlevie
rogueripperAuthor Commented:
Thank you jlevie for all your help!

500 points goes to you for excelant advise!

Maybe some day I could help you with a few answers!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.