Chapter 9: CGI Security    (01)

<Next | Table of Contents | Previous>    (02)

Summary    (03)

Security is an all-encompassing thing when you are dealing with networked applications such as the World Wide Web. Writing secure CGI applications is not tremendously useful if your Web server is not securely configured. A properly configured Web server, on the other hand, can minimize the damage of a badly written CGI script.    (04)

In general, remember the following principles:    (05)

• Your programs should do only what you want them to do, no more.    (06)
• Don't reveal any more information about your server than necessary.    (07)
• Minimize the potential damage if someone successfully breaks into your machine.    (08)
• Make sure your applications are robust.    (09)

When you are writing CGI programs, be especially wary of the limitations (or lack thereof) of your programming language and for passing unsanitized variables to the shell.    (010)

<Next | Table of Contents | Previous>    (011)

Copyright © 1997 Sams.Net Publishing    (012)