Web Security 101
Before you put CGI programs on the World Wide Web, you need to know a few things. By putting a CGI program on a web page, you are giving remote users (using web browsers) limited access to your system. Using normal HTML documents, they can retrieve only static documents from your web site. Using CGI programs, however, they're actually able to run programs on your web server.
Knowing how to write safe and secure CGI programs will make you and your web server administrator much happier. Writing such programs is not hard; you just need to follow a few simple precautions.
A Clear Link
When a web browser retrieves a page from your web server, the HTML is sent over a cleartext channel (see Figure 22.6). This means that as the data ...