Improve company productivity with a Business Account.Sign Up


ISAPI, CGI, DSO --- Linux?

Posted on 2004-08-19
Medium Priority
Last Modified: 2011-09-20
Good day!

Under Windows I can use Delphi to create an ISAPI dll to run on IIS for the purpose to encrypt and save data to a MySQL database. This is perfect for my purposes, because the actual ISAPI is compiled and the Encryption Algorithm is hidden.

I would like to do the same on Linux with an Apache server and MySQL database.

I have read up allot on the Internet and stumbled onto something called Dynamic Server Ojects (DSO).

Is DSO the Linux equavelant of the Windows ISAPI ?

I read that you can create these DSO's with Kylix. Following the true Spirit of Linux, I would need a free tool that can create these objects, but alas! Kylix is not free! Unless you use the LIMITED FUNCTIONALITY "Open" edition.

My questions are as follows:
- Is DSO the Linux equavelant of the Windows ISAPI ?
- If Linux supports CGI, can a CGI developed under Delphi (Windows) be used on Linux ?
- Any links to free plugins for Kylix Open to be able to create DSO ?
- Any Links to Step-by-Step tutorials on developing DSO / CGI for Linux and how to implement them under Apache 2.0

Thanks in advance!

Question by:rogueripper
  • 5
  • 5
LVL 40

Expert Comment

ID: 11846724
> Is DSO the Linux equavelant of the Windows ISAPI ?

From the way that I seen ISAPI dlls used I'd say yes. Both are a way to extend the functionality of a web server. Since they are simply a shared library object, loaded on demand by Apache you don't have to use Lylix to create one. They can be written in C/C++ fairly easily (see any of mod_* modules for Apache for examples).

> can a CGI developed under Delphi (Windows) be used on Linux

I'd say no. But one can write a CGI for an Apache server in any language that Linux supports (Bourne shell, Perl, Python, C/C++, etc.).


Author Comment

ID: 11850575
Hi jlevie

Thanx for the HELP!

I discovered the following on 


HOWTO: Write an Apache2 (DSO) Module in C

It turns out to be extremely easy to write an Apache 2.x.x module in C. Start by creating a simple template for your module on your file system:

# /usr/local/apache2/bin/apxs -n name -g

The above command should output something like the following:

Creating [DIR]  name
Creating [FILE] name/Makefile
Creating [FILE] name/
Creating [FILE] name/mod_name.c
Creating [FILE] name/.deps

Next compile the sample module:

# apxs -c -i mod_name.c

After the module has compiled, activate the module in your httpd.conf file by adding the following lines:

LoadModule name_module modules/
<Location /nametest>
     SetHandler name

Next restart your webserver:

# /usr/local/apache2/bin/apachectl restart

Finally test your new module:

# lynx -mime_header http://localhost/nametest/

The output should be similar to the following one:

HTTP/1.1 200 OK
Date: Tue, 31 Mar 1998 14:42:22 GMT
Server: Apache/2.0.48 (Unix)
Connection: close
Content-Type: text/html

The sample page from mod_name.c


This works!

A few problems though................

How do I receive values from the "POST" or "GET"?
How do I output the HTML to a user?
How do I make a connection to save the data to a MySQL database?
In which file(s) does all my code go into?

I just cant find any tutorials on the web for what I am trying to achieve.

LVL 40

Expert Comment

ID: 11852181
From what I see in the question it sounds like you want to have a web application that gathers some data from a user & encrypts it (how much data?) and stuffs the result into a MySQL database. It also sounds like you want to "protect" the encryption method for data security.

Doing this with a DSO would be the hard way. Personally I'd use  PHP and either one of PHP's encryption functions or call an external compiled program, depending on whether the passphrase for the encryption is fixed or part of the user data. I'd need to know more about the data and how it is used to be able to suggest an encryption method.
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!


Author Comment

ID: 11867776
Hi jlevie

Yes, you are quite right- I would like to gather user information, ecrypt it and store it inside a MySQL database.

The web app. gathers roughly 20 text fields of [1 char min] and [100 chars max].

I wanted to use php to do the ecryption, but (as you noticed) the php script would not be compiled and therefore the encryption method would not be secure. (eventhough the web app. is hosted on a secure server at a webhost- you never know who has access to where!?). For that reason I would have made my own encryption method.

If there is anyway to compile a php script-> that would be super! - but Zend compiler costs a bundle :o(

Thanx jlevie!
LVL 40

Expert Comment

ID: 11873654
The security of the data will be determined in part by the encryption method used and in part by where the passphrase comes from. If you use something like 3DES as a method (see PHP's mcrypt docs) it doesn't matter that someone figures out what encryption method is being used. Without the passphrase it would take thousands of years of compute time to break the encryption.

The problem then becomes a matter of securing the passphrase. I'm guessing that you'll be using the same passphrase for all of the data. Ideally that means that the passphrase would not be stored in a file on the server at all, but would be entered when the web server starts and held in memory. While that is practical for a local server it may not be useful on a server at a web hosting authority.  That means that the passphrase will have to reside in a file on the server.

The security of the server is what's of interest in this case. It really doesn't matter if the passphrase is held within compiled code or in plain text. If that file can be accessed by un-authorized users the passphrase can be recovered. Obiously one want's to use a dedicated server in this case because access to the server can be limited. Since a dedicated server only has accounts associated with the web site it can be far more secure than a shared server. The normal security rules  apply; all unnecessary services disabled, only ssh/scp access, all security updates in place, and only accounts for the site admins.

Author Comment

ID: 11878595
Hi jlevie!

Thankyou so much for all your help through this.

So my conclusions are the following:

I am able to compile a file to encrypt data and connect to a MySQL database, but the work involved would need to be developed in C. ---- ouch!

My website will be hosted on secure servers- I just wanted to take extra precausions to ensure security by compiling the source code somehow. I decided to develop the website using the php encryption functions via mcrypt.

I found these functions straight of the php website (it was written by Mike Zaccari). Are they any good for what I need to do?

$key = "Secret Key";

//Encrypt Function
function encrypt($encrypt)
global $key;
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
   $passcrypt = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $encrypt, MCRYPT_MODE_ECB, $iv);
   $encode = base64_encode($passcrypt);
   return $encode;

//Decrypt Function
function decrypt($decrypt)
global $key;
   $decoded = base64_decode($decrypt);
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
   return $decrypted;


Thanx again jlevie for all your help!

LVL 40

Expert Comment

ID: 11880252
They should work, although that isn't the strongest encryption that mcrypt() can do. But then you may not need anything more than that.

Author Comment

ID: 11880332
Hi jlevie

The obvious question:

So what is the strongest encryption that mcrypt can do?

I need this for excrypting sensitive financial information ---- i.e credit card details etc...

Thanx jlevie
LVL 40

Accepted Solution

jlevie earned 1500 total points
ID: 11880530
Triple DES would be the strongest.

> My website will be hosted on secure servers

Is the server dedicated to your site or is it shared with other sites? Personally, there's no way that I'd store sensitive financials on a shred server. There's just too may ways that the data could be compromised. And, I never store that sort of info on a publically accessible server. I use a separate server to store the information that has no direct access to the Internet. And only a limited view of the stored data is visible to the web server (only partial credit card info).

Author Comment

ID: 11892330
Thank you jlevie for all your help!

500 points goes to you for excelant advise!

Maybe some day I could help you with a few answers!


Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

585 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question