Barracuda Server versus CGI

Introduction to CGI

Common Gateway Interface (CGI) is a standard method to generate dynamic content on web pages and web applications providing the interface between web server and programs to deliver content. This medium was created and grew in popularization as a standard way to create web content since the late 90's. CGI programs are typically designed in PERL for host platforms and C/C++ in embedded devices since PERL is typically too CPU and memory intensive for embedded devices. Each web-page managed by CGI is typically designed as a standalone computer program, and it is therefore not uncommon to have a large number of CGI programs in a CGI managed web-application.

See also Node.js vs. Barracuda App Server

CGI cannot be used in embedded devices if the operating system does not support the process model since CGI is an API, based on passing environment variables from a web-server to an external process. The following comparison therefore applies to using a web-server with operating systems such as embedded Linux and QNX.

Comparing the Barracuda Embedded Application Server to CGI

The security problems associated with CGI:

CGI Security

Envision that your objective is to create a water container. To meet this criteria the natural selection would be to start with something that may resemble a bucket. When we compare CGI in analogy, the solution provides a starting point which is equivalent to that of a strainer. Consequently, the application developer must spend a considerable effort identifying and sealing all of the holes of this strainer (CGI).

Unfortunately, CGI has no inherent or native security built into its structure, and with its many vulnerabilities, it creates a struggle to maintain such a solution in today's IoT generation of devices. Manufacturers are becoming increasingly aware of these problems, but usually as a casualty of consequence in the daily news rather than the advanced step to negate avoidable liabilities.


CGI is particularly slow in embedded devices with limited CPU since the web server must request the operating system to load, initialize, and execute the external CGI processes. A CGI process is typically loaded, initialized, executed, and terminated by the operating system for each web-page accessed. Starting up the CGI process takes up much more time and memory than the actual work of generating the output. Due to speed issues, web-applications designed using CGI in CPU limited devices will in many cases be too impractical for normal use. The users of the web-application may become impatient and regard the web-application of poor quality.

In Barracuda, web applications are extremely fast as they are part of the server if designed in CSP or loaded into the server at startup if designed in LSP. Additionally, since Barracuda is designed from the ground up for resource constrained devices, web-applications designed using CSP or LSP are generally blinding fast.

Lua Server Pages, or LSP for short, and C/C++ Server Pages, or CSP for short, are technologies that enable you to make dynamic and interactive web pages. LSP is similar to CSP except that LSP does not need to be compiled. Lua is a lightweight functional programming language, designed as a scripting language with extensible semantics as a primary goal.

Development time:

One can find many discussions online when searching, for example, on Google for CGI versus ASP, or CGI versus PHP, etc. One soon gets a more clear understanding that developing CGI applications are much more cumbersome than more modern alternatives. These discussions are typically related to CGI developed in PERL or other high-level scripting languages. A CGI process developed in the C/C++ language is for obvious reasons much slower to design than to design a CGI script in PERL or any other scripting language. In addition, a CGI C/C++ framework must either be developed or purchased separately. This framework/library must be linked with all CGI programs (pages) developed, and CGI applications for embedded devices become extremely tedious and expensive to develop. CGI processes designed in C/C++ scale poorly, and it can become very expensive to add features and/or change web-applications designed using CGI.

Barracuda, on the other hand, provides a feature rich and easy to use web-framework that CSP and LSP applications can take advantage of. We dare to compare our LSP plug-in in functionality and ease of development with high end application servers such as those that can run ASP .NET web applications.


We often get questions about the size of the Barracuda Embedded Application Server, though customers typically do not think about the size of the web-application, which can easily and rapidly increase in size. A CGI based web-application designed in C/C++ increases in size rapidly as pages are added. Barracuda stores applications designed in LSP as ZIP files, thus considerably reducing the size compared to CGI based web-applications.

Do you still want to use CGI?

We provide a CGI plugin on our GitHub source code repository.

Comparing the Barracuda App Server with other web servers

The difference between an application server and web server is explained in the What is an Embedded Application Server tutorial.

Things you cannot do with CGI

CGI can only be used on high level operating systems such as embedded Linux and QNX. Also, CGI cannot be used for modern web development and excludes the use of real time WebSocket communication as shown in the video below.

Additional Embedded Web Server Tutorials

Need a helping hand?

Our consulting services are your first line of defense when complexities arise in networking, security, or device management. And for those keen to take the reins, our extensive tutorials on embedded web servers and IoT are your perfect companion. With Real Time Logic, expertise meets empowerment. Your vision, our mission.


OPC-UA Client & Server

An easy to use OPC UA stack that enables bridging of OPC-UA enabled industrial products with cloud services, IT, and HTML5 user interfaces.

Edge Controller

Edge Controller

Use our user programmable Edge-Controller as a tool to accelerate development of the next generation industrial edge products and to facilitate rapid IoT and IIoT development.

On-Premises IoT

On-Premises IoT Platform

Learn how to use the Barracuda App Server as your On-Premises IoT Foundation.

Embedded Web Server

Barracuda Embedded Web Server

The compact Web Server C library is included in the Barracuda App Server protocol suite but can also be used standalone.

WebSocket Server

Microcontroller Friendly

The tiny Minnow Server enables modern web server user interfaces to be used as the graphical front end for tiny microcontrollers. Make sure to check out the reference design and the Minnow Server design guide.

WebDAV Server

Network File System

Why use FTP when you can use your device as a secure network drive.

HTTP Client

Secure HTTP Client Library

PikeHTTP is a compact and secure HTTP client C library that greatly simplifies the design of HTTP/REST style apps in C or C++.

WebSocket Client

Microcontroller Friendly

The embedded WebSocket C library lets developers design tiny and secure IoT applications based on the WebSocket protocol.

SMTP Client

Secure Embedded SMTP Library

Send alarms and other notifications from any microcontroller powered product.

Crypto Library

RayCrypto C Library

The RayCrypto engine is an extremely small and fast embedded crypto library designed specifically for embedded resource-constrained devices.

Embedded PKI Service

Automatic SSL Certificate Management for Devices

Real Time Logic's SharkTrust™ service is an automatic Public Key Infrastructure (PKI) solution for products containing an Embedded Web Server.


Modbus TCP client

The Modbus client enables bridging of Modbus enabled industrial products with modern IoT devices and HTML5 powered HMIs.

Posted in Whitepapers