[LINK] RFI: Web-Forms, HTTP POST and CGI
Sat, 19 Oct 2002 18:08:04 +1000
I never thought I'd be into industrial archaeology; but as I get
older I'm finding it more interesting than I expected.
I'm trying to nail down documentation of the early days of eCommerce.
When did we start seeing web-forms that captured credit-card details,
and passed them to CGI-scripts, thereby enabling interaction with
server-side applications, in particular interfacing with the EFT/POS
The following would be greatly appreciated:
- authoritative sources for the earliest specs for forms, HTTP POST, CGI;
- the earliest versions of browser and servers that implemented them;
- documents that explained them, and how to implement them.
Here are some preliminary findings (which are intended to find their
way onto a page on my web-site once I'm satisfied it's sufficiently
1. Preliminary Analysis
The elements necessary to support eCommerce of this kind appear to be:
- a browser that implements a version of HTML that supports web-forms;
- the HTTP POST method;
- a server that supports CGI scripts;
- an application that interfaces to the EFT/POS system to get credit;
authorisations and capture the transactions into the financial system.
2. Browsers and Web-Forms
I haven't yet established whether the earliest versions of HTML and
browsers supported web-forms.
HTML 2.0, which is defined in RFC 1866 (November 1995) at
ftp://ftp.rfc-editor.org/in-notes/rfc1866.txt, already included the
forms feature (s.8, pp.39-48). See also
http://www.w3.org/MarkUp/#previous and RFC 1867 (November 1995) at
I haven't laid my hands on a spec for any earlier version(s) of HTML.
I think there was a v1.0, and I presume that it also had the forms
feature in it. Surprisingly, Berners-Lee's 'Weaving the Web', Harper
Business, 2000, seems to be silent on when the forms feature first
Although there were several predecessors, popularisation really began
when NCSA made Mosaic available in February 1993. The people and
ideas escaped into Netscape. The first version of the Netscape
browser (Mozilla) was released in October 1994 (although it was
technically a beta version and the first commercial version came out
in December 1994).
[As a working hypothesis, I'll assume that Mosaic didn't support
forms, but Netscape did].
3. HTTP POST
HTTP 1.0 is defined in RFC 1945 (May 1996) at
ftp://ftp.rfc-editor.org/in-notes/rfc1945.txt. The POST method is
defined in s.8.3 on pp.30-31.
But it was operational long before that, and certainly by late 1992,
by which time http://www.w3c.org/History.html records that there were
26 reliable web-servers in existence.
Several references mention that the CERN httpd server was
*re*-written in July 1993, but not whether a formal spec existed, nor
whether the POST method was specified and/or implemented.
Again, Berners-Lee (2000) seems to be silent on when HTTP became
'published', when a stable spec became available (e.g. was there ever
a 0.x version?), and whether it contained the POST method from the
outset. The W3C History page at http://www.w3c.org/History.html is
also silent on this.
[As a working hypothesis, I'll assume that the POST method was
supported from the earliest days of HTTP].
According to http://httpd.apache.org/docs/misc/FAQ.html#cgi-spec,
"The Common Gateway Interface (CGI) specification [v1.1] can be found
at the original NCSA site
http://hoohoo.ncsa.uiuc.edu/cgi/interface.html. This version hasn't
been updated since 1995 ... ". (To put it another way, CGI hasn't
enjoyed the attention of either the W3C or IETF).
According to http://httpd.apache.org/ABOUT_APACHE.html, "In February
of 1995, the most popular server software on the Web was the public
domain HTTP daemon [httpd], developed by Rob McCool at the National
Center for Supercomputing Applications [NCSA], University of
Illinois, Urbana-Champaign [UIUC]. However, development of that
httpd had stalled after Rob left NCSA in mid-1994 ... Using NCSA
httpd 1.3 as a base, we added all of the published bug fixes and
worthwhile enhancements we could find, tested the result on our own
servers, and made the first official public release (0.6.2) of the
Apache server in April 1995. ... Apache 1.0 was released on
December 1, 1995. Less than a year after the group was formed, the
Apache server passed NCSA's httpd as the #1 server on the Internet
and according to the survey by Netcraft, it retains that position
[As a working hypothesis, I'll assume that the NCSA httpd server
supported CGI scripting from late 1992, and Apache supported it from
the outset in April 1995].
5. Gatewaying into the EFT/POS System
I haven't done any work on this aspect yet. My memory is that the
early applications had an air-gap, and companies re-keyed the
credit-card details. Interfaces were soon written, however (to save
manual effort, errors, and cost, and enable speed of response). At
first, they were unofficial, because there were lots of rules about
connection to, and capture of data into, the EFT/POS system. But
official gateways emerged by about 1996.
You'd think I'd remember it better, given that I wrote this:
[I'm guessing that all of the elements were in place by late 1994,
with Netscape, HTML 1.0, HTTP 1.0, and NCSA httpd and Apache shortly
afterwards. I recall that Hotwired claimed that it was the first
such site, in October 1994 - although I've heard competing claims
occasionally. But I can't find anything about it on the Wired and
Heck, I wuz there from mid-1993 using Mosaic and teaching students
with it; and I even sold a few reports using the technology in
mid-1996; but I'm blessed if I can nail all the details down. Who'd
be a historian??]
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
Visiting Professor, Uni of Hong Kong, Dept of Comp Sci and Info Sys
Visiting Fellow, Australian National University, Dept of Comp Sci
For Link list information see http://sunsite.anu.edu.au/link/