The Electronic Beowulf image delivery system is implemented as a CGI script that runs on a Web server. We are using the CERN HTTPD Web server on a Sun Microsystems SPARCstation 5 equipped with 48 MB of memory running Solaris 2.3. The script, imgshow, is written in Perl[2] and is generalised such that it not specific to the Electronic Beowulf, but can be used to deliver any set of images.
As Web servers retain no state information for their clients, all state information is carried in the URL. The images returned are embedded in dynamically created HTML documents that include generated URL links that contain the current state information.
The format of a URL used to select part of a folio to zoom in on is:
http:/cgi-bin/imgshow/imageset/folio/state/x1,y1?x2,y2The string ``/imageset/folio/state/x1,y1'' is referred to in the CGI standard as the path information and the string ``x2,y2'', following the question mark is the query string. These strings are passed by the server to the Perl script in the
PATH_INFO and QUERY_STRING
environment variables. The script decodes the information passed in
these strings using regular expressions that only match alphanumeric
characters for the imageset and folio fields and match
the other fields as integer strings. This avoids the potential
security loophole of blindly interpreting arbitrary information passed
to the script in a URL.
The state field currently just contains the scale factor as described above. The coordinates x1, y1 represent the origin of the current image measured in pixels on the original, unscaled image. The coordinates x2, y2 passed in the query string are the coordinates where the user clicked, measured in pixels on the displayed image. The state and coordinate fields may be omitted, in which case the imgshow program simply returns a view of the complete image.
The imgshow program is configured by means of a hierarchy of
configuration files: one for the image
set, one for each individual
folio and optionally a configuration file for the script
itself, which can be used to override the defaults encoded in the
script.
Currently these files are read by the imgshow program using
the Perl require statement, which interprets the files as Perl
statements. This allows for flexibility at the prototyping stage as
configuration files can contain Perl code that extends the
functionality of the program, however this is unwise for production
code, since if attackers were able to overwrite one of the
configuration files, then they would will be able to have their own
code executed with the privileges with which the Web server runs.
