Server-side scripting is defined as “web server technology in which the user’s request is fulfilled by running a script directly on a web server to generate dynamic web pages.” In simpler terms, a server-side script runs on the server rather than your computer. When you visit a website, the script will create the web page on the fly (dynamically).
Dynamic websites have become very popular because they are so much easier to maintain. Rather than having to edit HTML pages on a local computer and then upload them back to the server via FTP, websites with server-side scripts can usually be updated right on the server. The files themselves do not change, as they only contain the scripts. Instead, the information is stored in an SQL or flat file database.
Popular server-side scripting languages include Perl, PHP, ASP, JSP, Ruby, ColdFusion, and Python.
Some of the advantages of server-side scripting are:
1. It does not require the user to download plugins like Java or Flash (client-side scripting).
2. You can create a single website template for the entire website. Each new dynamic page you create will automatically use it.
3. You can configure a site to use a content management system, which simplifies the editing, publishing, adding of images, and creation of web applications. Many apps are often available in the form of extensions or addons.
4. Load times are generally faster than client-side scripting.
5. Your scripts are hidden from view. Users only see the HTML output, even when they view the source.
There are some disadvantages to server-side scripting, but the most significant one is that the scripts can be used by attackers to gain access to the server. Because the scripts respond to URL input, changing the URL to something that exploits a security hole can give the user server access, sometimes even as root. To combat such attacks, system administrators should keep all server-side scripts updated to their latest secure versions and also use an application firewall, such as ModSecurity.