In my previous post Serving 200 million requests per day with a cgi-bin, I did some quick performance testing of CGI using a program written in Go.
Go works excellently for CGI programs, for many of the same reasons it works so well for CLI programs and system daemons.
But, out of curiosity, I decided to do a bit more CGI testing with other languages.
CGI is good technology, actually#
There’s a misconception that because CGI is old or because many CGI scripts had security vulnerabilities, CGI itself is somehow insecure or bad.
That’s just not the case. CGI is a simple protocol that works very well.
It’s not any more or less difficult to write secure CGI programs than it is to write any other kind of HTTP handler code.
The common alternatives to CGI, FastCGI and reverse proxies, aren’t a free lunch and have their own security complications.
The benchmarking server#
This time I used an AMD Genoa-based 60 vCPU / 240 GB RAM virtual machine to serve as a reasonable medium-sized machine.
... continue reading