Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To

The 100% Pure 80211 Event

Apache HTTPD Links
The Jakarta Project
Apache Project
The Apache Software Foundation
PHP Server Side Scripting
Apache Module Registry
Apache XML Project
The Apache FAQ
Apache-Perl Integration Project
Apache-Related Projects
The Java Apache Project

Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ISP Resources
ASP Resources
Wireless Internet
Internet Resources
Internet Lists
Career Resources

Advertising Info
Corporate Info
SysAdmin: Safer CGI Scripting
Feb 9, 2001, 20 :36 UTC (0 Talkback[s]) (1038 reads) (Other stories by Charles Walker and Larry Bennett)

"A CGI script can, intentionally or otherwise, do anything that the user it runs as can do. Typically, CGI scripts run as the same user as the Web server. On most UNIX systems, the Apache Web server is used and by default, Apache runs as user "nobody". By convention, "nobody" is a user for unprivileged operations. Some may think that something running as nobody could not do much to compromise a Web server, but there are many ways security can be compromised."

"... The Webmaster must ensure that all CGI scripts placed on any Web server have been through a process to find and fix security holes. ..."

Complete Story

Related Stories:
The Perl You Need to Know: Benchmarking Perl(Jan 23, 2001)
Linux Journal: Web Servers and Dynamic Content(Jan 20, 2001)
PHPeverywhere: Comparing PHP with Perl for Dynamic Web Pages(Jan 05, 2001)
ApacheWeek: Web Authoring and HTTP(Dec 29, 2000)
How's my server doing?(Dec 21, 2000)
DevShed: Basics(Nov 22, 2000)
The Perl Basics You Need To Know(Aug 02, 2000) Developing Python-Based CGI-Scripts: Preparations(Jun 14, 2000)
Apache Guide: Dynamic Content with CGI(Jun 05, 2000)

  Current Newswire: mod_perl in 30 minutes

Sun to allow open source Java implementations

SECURITY: Vulnerability in Apache for Win32 batch file processing mod_perl Developer's Cookbook

mod_l33t added to Apache Module Registry

Linux Easy Installer - Security Fixes

Daemon News: Jakarta-Tomcat on FreeBSD 4.4

Moto, a compilable server-side scripting language

SECURITY: Flaws Found in PHP Leave Web Servers Open to Attack

Everything Solaris: Apache: Handling Traffic

No talkbacks posted.
Enter your comments below.
Your Name: Your Email Address:

Subject: CC: [will also send this talkback to an E-Mail address]

See our talkback-policy for or guidelines on talkback content.

The Premier Event for Grid Computing Products/Services
About Triggers Media Kit Security Triggers Login

All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.