ISAPI, CGI, DSO --- Linux?

Posted on 2004-08-19
Last Modified: 2011-09-20
Good day!

Under Windows I can use Delphi to create an ISAPI dll to run on IIS for the purpose to encrypt and save data to a MySQL database. This is perfect for my purposes, because the actual ISAPI is compiled and the Encryption Algorithm is hidden.

I would like to do the same on Linux with an Apache server and MySQL database.

I have read up allot on the Internet and stumbled onto something called Dynamic Server Ojects (DSO).

Is DSO the Linux equavelant of the Windows ISAPI ?

I read that you can create these DSO's with Kylix. Following the true Spirit of Linux, I would need a free tool that can create these objects, but alas! Kylix is not free! Unless you use the LIMITED FUNCTIONALITY "Open" edition.

My questions are as follows:
- Is DSO the Linux equavelant of the Windows ISAPI ?
- If Linux supports CGI, can a CGI developed under Delphi (Windows) be used on Linux ?
- Any links to free plugins for Kylix Open to be able to create DSO ?
- Any Links to Step-by-Step tutorials on developing DSO / CGI for Linux and how to implement them under Apache 2.0

Thanks in advance!

Question by:rogueripper
  • 5
  • 5
LVL 40

Expert Comment

ID: 11846724
> Is DSO the Linux equavelant of the Windows ISAPI ?

From the way that I seen ISAPI dlls used I'd say yes. Both are a way to extend the functionality of a web server. Since they are simply a shared library object, loaded on demand by Apache you don't have to use Lylix to create one. They can be written in C/C++ fairly easily (see any of mod_* modules for Apache for examples).

> can a CGI developed under Delphi (Windows) be used on Linux

I'd say no. But one can write a CGI for an Apache server in any language that Linux supports (Bourne shell, Perl, Python, C/C++, etc.).


Author Comment

ID: 11850575
Hi jlevie

Thanx for the HELP!

I discovered the following on 


HOWTO: Write an Apache2 (DSO) Module in C

It turns out to be extremely easy to write an Apache 2.x.x module in C. Start by creating a simple template for your module on your file system:

# /usr/local/apache2/bin/apxs -n name -g

The above command should output something like the following:

Creating [DIR]  name
Creating [FILE] name/Makefile
Creating [FILE] name/
Creating [FILE] name/mod_name.c
Creating [FILE] name/.deps

Next compile the sample module:

# apxs -c -i mod_name.c

After the module has compiled, activate the module in your httpd.conf file by adding the following lines:

LoadModule name_module modules/
<Location /nametest>
     SetHandler name

Next restart your webserver:

# /usr/local/apache2/bin/apachectl restart

Finally test your new module:

# lynx -mime_header http://localhost/nametest/

The output should be similar to the following one:

HTTP/1.1 200 OK
Date: Tue, 31 Mar 1998 14:42:22 GMT
Server: Apache/2.0.48 (Unix)
Connection: close
Content-Type: text/html

The sample page from mod_name.c


This works!

A few problems though................

How do I receive values from the "POST" or "GET"?
How do I output the HTML to a user?
How do I make a connection to save the data to a MySQL database?
In which file(s) does all my code go into?

I just cant find any tutorials on the web for what I am trying to achieve.

LVL 40

Expert Comment

ID: 11852181
From what I see in the question it sounds like you want to have a web application that gathers some data from a user & encrypts it (how much data?) and stuffs the result into a MySQL database. It also sounds like you want to "protect" the encryption method for data security.

Doing this with a DSO would be the hard way. Personally I'd use  PHP and either one of PHP's encryption functions or call an external compiled program, depending on whether the passphrase for the encryption is fixed or part of the user data. I'd need to know more about the data and how it is used to be able to suggest an encryption method.
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.


Author Comment

ID: 11867776
Hi jlevie

Yes, you are quite right- I would like to gather user information, ecrypt it and store it inside a MySQL database.

The web app. gathers roughly 20 text fields of [1 char min] and [100 chars max].

I wanted to use php to do the ecryption, but (as you noticed) the php script would not be compiled and therefore the encryption method would not be secure. (eventhough the web app. is hosted on a secure server at a webhost- you never know who has access to where!?). For that reason I would have made my own encryption method.

If there is anyway to compile a php script-> that would be super! - but Zend compiler costs a bundle :o(

Thanx jlevie!
LVL 40

Expert Comment

ID: 11873654
The security of the data will be determined in part by the encryption method used and in part by where the passphrase comes from. If you use something like 3DES as a method (see PHP's mcrypt docs) it doesn't matter that someone figures out what encryption method is being used. Without the passphrase it would take thousands of years of compute time to break the encryption.

The problem then becomes a matter of securing the passphrase. I'm guessing that you'll be using the same passphrase for all of the data. Ideally that means that the passphrase would not be stored in a file on the server at all, but would be entered when the web server starts and held in memory. While that is practical for a local server it may not be useful on a server at a web hosting authority.  That means that the passphrase will have to reside in a file on the server.

The security of the server is what's of interest in this case. It really doesn't matter if the passphrase is held within compiled code or in plain text. If that file can be accessed by un-authorized users the passphrase can be recovered. Obiously one want's to use a dedicated server in this case because access to the server can be limited. Since a dedicated server only has accounts associated with the web site it can be far more secure than a shared server. The normal security rules  apply; all unnecessary services disabled, only ssh/scp access, all security updates in place, and only accounts for the site admins.

Author Comment

ID: 11878595
Hi jlevie!

Thankyou so much for all your help through this.

So my conclusions are the following:

I am able to compile a file to encrypt data and connect to a MySQL database, but the work involved would need to be developed in C. ---- ouch!

My website will be hosted on secure servers- I just wanted to take extra precausions to ensure security by compiling the source code somehow. I decided to develop the website using the php encryption functions via mcrypt.

I found these functions straight of the php website (it was written by Mike Zaccari). Are they any good for what I need to do?

$key = "Secret Key";

//Encrypt Function
function encrypt($encrypt)
global $key;
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
   $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv);
   $encode = base64_encode($passcrypt);
   return $encode;

//Decrypt Function
function decrypt($decrypt)
global $key;
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
   return $decrypted;


Thanx again jlevie for all your help!

LVL 40

Expert Comment

ID: 11880252
They should work, although that isn't the strongest encryption that mcrypt() can do. But then you may not need anything more than that.

Author Comment

ID: 11880332
Hi jlevie

The obvious question:

So what is the strongest encryption that mcrypt can do?

I need this for excrypting sensitive financial information ---- i.e credit card details etc...

Thanx jlevie
LVL 40

Accepted Solution

jlevie earned 500 total points
ID: 11880530
Triple DES would be the strongest.

> My website will be hosted on secure servers

Is the server dedicated to your site or is it shared with other sites? Personally, there's no way that I'd store sensitive financials on a shred server. There's just too may ways that the data could be compromised. And, I never store that sort of info on a publically accessible server. I use a separate server to store the information that has no direct access to the Internet. And only a limited view of the stored data is visible to the web server (only partial credit card info).

Author Comment

ID: 11892330
Thank you jlevie for all your help!

500 points goes to you for excelant advise!

Maybe some day I could help you with a few answers!


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem to line 1 60
Linux 10 111
Identify Linux loader 67 181
fsstat very high only on nfs client side rhel 10 105
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question