Inside Attacks: Precautions with Local Users

A common mistake in CGI security is to forget local users. Although people browsing your site over the Web usually won't have access to security considerations, such as file permissions and owners, local users of your Web server do, and you must guard against these threats even more than those from the Web.

Caution

Local system security is a big subject, and almost any reference on it will give you good tips on protecting the integrity of your machine from local users. As a general rule, if your system as a whole is safe, your Web site is safe, too.

The CGI Script User

Most Web servers are installed to run CGI scripts as a special user. This is the user that owns the CGI program while it runs, and ...

Get Platinum Edition Using XHTML™, XML, and Java™ 2 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.