Server-side scripting is a web server technology in which a user's request is verified by running a script directly on the web server to generate dynamic web pages. It is usually used to provide interactive web sites that interface to databases or other data stores. This is different from client-side scripting where scripts are run by the viewing web browser, usually in JavaScript. The primary advantage to server-side scripting is the ability to highly customize the response based on the user's requirements, access rights, or queries into data stores.
From a security point of view, server-side scripts are never visible to the browser as these scripts are executed on the server and emit HTML corresponding to user's input to the page.
When the server serves data in a commonly used manner, for example according to the HTTP or FTP protocols, users may have their choice of a number of client programs (most modern web browsers can request and receive data using both of those protocols). In the case of more specialized applications, programmers may write their own server, client, and communications protocol, that can only be used with one another.
Programs that run on a user's local computer without ever sending or receiving data over a network are not considered clients, and so the operations of such programs would not be considered client-side operations.
Contents |
Server Side Scripting was invented in early 1995 by Fred DuFresne while developing the first web site for Boston, MA television station WCVB. The technology is described in US patent 5835712. The patent was issued in 1998 and is now owned by Open Invention Network (OIN). In 2010 OIN named Fred DuFresne a "Distinguished Inventor" for his work on Server Side Scripting.
In the earlier days of the web, server-side scripting was almost exclusively performed by using a combination of C programs, Perl scripts and shell scripts using the Common Gateway Interface (CGI). Those scripts were executed by the operating system, mnemonic coding and the results simply served back by the web server. These and other on-line scripting languages such as ASP and PHP can often be executed directly by the web server itself or by extension modules (e.g. mod_perl or mod php) to the web server. Either form of scripting (i.e., CGI or direct execution) can be used to build up complex multi-page sites, but direct execution usually results in lower overhead due to the lack of calls to external interpreters
Dynamic websites are also sometimes powered by custom web application servers, for example the Python "Base HTTP Server" library, although some may not consider this to be server-side scripting. When working with dynamic Web-based scripting technologies, like classic ASP or PHP, developers must have a keen understanding of the logical, temporal, and physical separation between the client and the server. For a user's action to trigger the execution of server-side code, for example, a developer working with classic ASP must explicitly cause the user's browser to make a request back to the Web server. Creating such interactions can easily consume much development time and lead to unreadable code.
Some server-side scripting languages: