logo
internet.com
Join the free
WDVL newsletter!
home

CGI Security

Selena Sol

CGI Security

  • Okay, so security looms over every webmaster shoulder like...like...like a big scary looming thing.

  • As we saw in the pre-requisite article "Introduction to Web Programming 101", there is no such thing as a fool-proof CGI script or a safe web server.

  • The minute you give the world access to your inner world is the minute that you introduce security holes. There is no program web-based or not, that does not introduce a security risk.

  • However, since most webmasters find it essential to expand their services to include CGI, most webmasters are ready to take an intelligent risk with their CGI scripts.

  • In other words, though you can never be totally safe, you can certainly make yourself as safe as it gets!

  • In most cases, that means that though a CGI might get hacked, the hacker could not do much damage.

  • The first rule of CGI security is to use one of the standard safe libraries for reading and parsing form input. These include cgi-lib.pl for Perl 4 and 5 or cgi.pm for Perl 5.

  • These libraries have been around for years and have been tested millions of ties by users in every imaginable environment. They have gone through many revisions from learned experience and take precautions for all sorts of little buggers that you may not think about if you started writing a form handler yourself.

  • However, once you have read and parsed form data, you must also pay attention to how that data is used and make sure that you do not create a security hole in the data handling.

  • There are two primary considerations for writing safe CGI scripts as discussed by Lincoln Stein in his SafeCGI presentation. These are checking user input and restricting system calls.

Additional Resources:

Debugging CGI Scripts
Table of Contents
Introduction to Web Programming
   Tell a Friend
   Authoring
     DHTML
     HTML
     VRML
     XML
     CSS
     CGI
     Java
     JavaScript
     Perl
   Design
     Layout
     Navigation
     Images & Icons
     Multimedia
   Graphics
     Tools
     Formats
     Colour
     3D
     Images
     Icons
     Backgrounds
   Software
     Browsers
     Servers
     Editors
     Plugins
     Java
     XML
     Open Source
   Internet
     Domains
     E-Commerce
     Security
     UNIX
     Databases
     Protocols
     Caching
     History
   WDVL Resources
     Beginners Guide
     Intermediate
     Tutorials
     HTML4 Tag List
     Lexicon
     Virtual Library
   The WDVL
     Contents
     Top 100
     Site Map
     Discussion List
     FAQ
     WDVL Staff
     About WDVL.com
     Advertising Info
     Feedback

Up to => Home / Authoring / Scripting / Tutorial

Instantly look up a "techie" word using Webopedia!!


internet.com
Internet News   Internet Stocks   Internet Technology   Web Developer
Internet Marketing   ISP   Downloads   Internet Resources   International  
Search internet.com   Advertising Info   Corporate Info   Internet Trade Shows
e-commerce
Be an Affiliate   Software Store   Build Your Intranet   Travel   e-solutions   Internet Jobs
Register a Domain   Be Domain Registrar   Bookstore   A/V Network   Rent Email Lists
Press Release dist.   Sell Ad Space   Venture Capital   Research   Banking   Computer Help
WebDeveloper Network
WDJ   BrowserWatch   Java Boutique   JavaScript Source   ScriptSearch
SearchEngineWatch   StreamingMedia World   The WDVL   WebDeveloper.com
Developer Forums   Developer News   WebReference.com   The XML Files

Live coverage of Fall Internet World '99!

Copyright 1999 internet.com Corporation. Legal Notices. Privacy Policy.

www.internet.com