Why are CGI and FastCGI different?
CGI and FastCGI scripts share some unusual properties:
- often need to implement
platform
technology (database, e-mailing, processing, etc.) within a single application - constrained starting environment (file-system jail, privilege-dropped, etc.)
- high attacker access
- a reputation for rapid application growth and feature response
- large number of
moving target
technologies: HTML5, JSON, CSS, etc. - high cost of mistakes
The result? Highly complex applications in constrained environments with a large number of possible attackers. What could possibly go wrong?