Chapter 8. Security
CGI programming offers you something amazing: as soon as your script is online, it is immediately available to the entire world. Anyone from almost anywhere can run the application you created on your web server. This may make you excited, but it should also make you scared. Not everyone using the Internet has honest intentions. Crackers[12] may attempt to vandalize your web pages in order to show off to friends. Competitors or investors may try to access internal information about your organization and its products.
Not all security issues involve malevolent users. The worldwide availability of your CGI script means that someone may run your script under circumstances you never imagined and certainly never tested. Your web script should not wipe out files because someone happened to enter an apostrophe in a form field, but this is possible, and issues like these also represent security concerns.
The Importance of Web Security
Many CGI developers do not take security as seriously as they should. So before we look at how to make CGI scripts more secure, let’s look at why we should worry about security in the first place:
On the Internet, your web site represents your public image. If your web pages are unavailable or have been vandalized, that affects others’ impressions of your organization, even if the focus of your organization has nothing to do with web technology.
You may have valuable information on your web server. You may have sensitive or valuable information ...
Get CGI Programming with Perl, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.