[LINK] RFI: Web-Forms, HTTP POST and CGI

Roger Clarke Roger.Clarke@xamax.com.au
Sat, 19 Oct 2002 18:08:04 +1000 

I never thought I'd be into industrial archaeology;  but as I get 
older I'm finding it more interesting than I expected.

I'm trying to nail down documentation of the early days of eCommerce.

When did we start seeing web-forms that captured credit-card details, 
and passed them to CGI-scripts, thereby enabling interaction with 
server-side applications, in particular interfacing with the EFT/POS 
network?

The following would be greatly appreciated:
-   authoritative sources for the earliest specs for forms, HTTP POST, CGI;
-   the earliest versions of browser and servers that implemented them;
-   documents that explained them, and how to implement them.

___________


Here are some preliminary findings (which are intended to find their 
way onto a page on my web-site once I'm satisfied it's sufficiently 
accurate).


1.  Preliminary Analysis

The elements necessary to support eCommerce of this kind appear to be:
-   a browser that implements a version of HTML that supports web-forms;
-   the HTTP POST method;
-   a server that supports CGI scripts;
-   an application that interfaces to the EFT/POS system to get credit;
     authorisations and capture the transactions into the financial system.


2.  Browsers and Web-Forms

I haven't yet established whether the earliest versions of HTML and 
browsers supported web-forms.

HTML 2.0, which is defined in RFC 1866 (November 1995) at 
ftp://ftp.rfc-editor.org/in-notes/rfc1866.txt, already included the 
forms feature (s.8, pp.39-48).  See also 
http://www.w3.org/MarkUp/#previous and RFC 1867 (November 1995) at 
ftp://ftp.rfc-editor.org/in-notes/rfc1867.txt

I haven't laid my hands on a spec for any earlier version(s) of HTML. 
I think there was a v1.0, and I presume that it also had the forms 
feature in it.  Surprisingly, Berners-Lee's 'Weaving the Web', Harper 
Business, 2000, seems to be silent on when the forms feature first 
appeared.

Although there were several predecessors, popularisation really began 
when NCSA made Mosaic available in February 1993.  The people and 
ideas escaped into Netscape.  The first version of the Netscape 
browser (Mozilla) was released in October 1994 (although it was 
technically a beta version and the first commercial version came out 
in December 1994).

[As a working hypothesis, I'll assume that Mosaic didn't support 
forms, but Netscape did].


3.  HTTP POST

HTTP 1.0 is defined in RFC 1945 (May 1996) at 
ftp://ftp.rfc-editor.org/in-notes/rfc1945.txt.  The POST method is 
defined in s.8.3 on pp.30-31.

But it was operational long before that, and certainly by late 1992, 
by which time http://www.w3c.org/History.html records that there were 
26 reliable web-servers in existence.

Several references mention that the CERN httpd server was 
*re*-written in July 1993, but not whether a formal spec existed, nor 
whether the POST method was specified and/or implemented.

Again, Berners-Lee (2000) seems to be silent on when HTTP became 
'published', when a stable spec became available (e.g. was there ever 
a 0.x version?), and whether it contained the POST method from the 
outset.  The W3C History page at http://www.w3c.org/History.html is 
also silent on this.

[As a working hypothesis, I'll assume that the POST method was 
supported from the earliest days of HTTP].


4.  CGI

According to http://httpd.apache.org/docs/misc/FAQ.html#cgi-spec, 
"The Common Gateway Interface (CGI) specification [v1.1] can be found 
at the original NCSA site 
http://hoohoo.ncsa.uiuc.edu/cgi/interface.html.  This version hasn't 
been updated since 1995 ... ".  (To put it another way, CGI hasn't 
enjoyed the attention of either the W3C or IETF).

According to http://httpd.apache.org/ABOUT_APACHE.html, "In February 
of 1995, the most popular server software on the Web was the public 
domain HTTP daemon [httpd],  developed by Rob McCool at the National 
Center for Supercomputing Applications [NCSA], University of 
Illinois, Urbana-Champaign [UIUC].  However, development of that 
httpd had stalled after Rob left NCSA in mid-1994  ...  Using NCSA 
httpd 1.3 as a base, we added all of the published bug fixes and 
worthwhile enhancements we could find, tested the result on our own 
servers, and made the first official public release (0.6.2) of the 
Apache server in April 1995.  ...  Apache 1.0 was released on 
December 1, 1995.  Less than a year after the group was formed, the 
Apache server passed NCSA's httpd as the #1 server on the Internet 
and according to the survey by Netcraft, it retains that position 
today".

[As a working hypothesis, I'll assume that the NCSA httpd server 
supported CGI scripting from late 1992, and Apache supported it from 
the outset in April 1995].


5.  Gatewaying into the EFT/POS System

I haven't done any work on this aspect yet.  My memory is that the 
early applications had an air-gap, and companies re-keyed the 
credit-card details.  Interfaces were soon written, however (to save 
manual effort, errors, and cost, and enable speed of response).  At 
first, they were unofficial, because there were lots of rules about 
connection to, and capture of data into, the EFT/POS system.  But 
official gateways emerged by about 1996.

You'd think I'd remember it better, given that I wrote this:
http://www.anu.edu.au/people/Roger.Clarke/EC/CrCards.html


6.  Conclusions

[I'm guessing that all of the elements were in place by late 1994, 
with Netscape, HTML 1.0, HTTP 1.0, and NCSA httpd and Apache shortly 
afterwards.  I recall that Hotwired claimed that it was the first 
such site, in October 1994 - although I've heard competing claims 
occasionally.  But I can't find anything about it on the Wired and 
Hotwired sites.

Heck, I wuz there from mid-1993 using Mosaic and teaching students 
with it;  and I even sold a few reports using the technology in 
mid-1996;  but I'm blessed if I can nail all the details down.  Who'd 
be a historian??]

-- 
Roger Clarke              http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                 Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke@xamax.com.au            http://www.xamax.com.au/

Visiting Professor, Uni of Hong Kong, Dept of Comp Sci and Info Sys
Visiting Fellow, Australian National University, Dept of Comp Sci
----------
For Link list information see http://sunsite.anu.edu.au/link/