Common CGI Security Holes
You can make several common mistakes when you code CGI scripts that can make it easy for intruders to break into your Web server. If you avoid these pitfalls, you’ll be way ahead of the game when it comes to protecting your server from attack.
A Note on How CGI Works
One thing you might not realize is that users can always access your CGI scripts without using the interface you’ve provided when they know where the CGI script is. For example, you might be using maxsize attributes on all your text entry fields, and you might validate all the form input using JavaScript before it’s sent to the CGI script, but users can bypass all that if they choose to, especially if your form uses the GET method.
Remember that the
Get Sams Teach Yourself CGI in 24 Hours, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.