CGI Security Issues: Recognizing Problems and Finding Solutions
Almost all CGI security holes come from interaction with the user. By accepting input from an outside source, a simple, predictable CGI program suddenly takes on any number of new dimensions, each of which might have the smallest crack through which a hacker can slip. It is interaction with the user—through XHTML forms or file paths—that gives CGI scripts their power but also makes them the most potentially dangerous part of running a Web server.
Caution
Writing secure CGI scripts is largely an exercise in creativity and paranoia. You must be creative to think of all the ways that users, either innocently or otherwise, can send you data that has the potential to cause trouble. And ...
Get Platinum Edition Using XHTML™, XML, and Java™ 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.