[Date Prev] [Date Next] [Thread Prev] [Thread Next] Date Index Thread Index Search archive:
Date:Mon Apr 18 14:55:54 1996 
Subject:Re: WWW CGI scripts using Pop-11 
From:Adrian Howard 
Volume-ID:960418.05 

At 2:07 pm 18/4/96, A.Sloman@cs.bham.ac.uk wrote:
>I believe that the issue has been addressed in the environment in which
>the students are working.

I would still point students towards the FAQ. The usual way of dealing with
"normal" people running CGI scripts is to have them run with the authors
user ID. While this restricts the damange a bad CGI can inflict, it doesn't
prevent a badly implemented CGI program damaging the user, installing a
trojan, etc.

Two other useful sites on CGI security are:
        http://www.cerf.net/~paulp/cgi-security/safe-cgi.txt
        http://www.thinkage.on.ca/~mlvanbie/cgisec/

I might be completely wrong here (you may be running a private HTTP server
without world access). However, any tutorial on writing CGI scripts should
hammer the security issues in with a very large mallet :-)

>I presume that in any case one can just run netscape as a general
>purpose interface with an html file on one's own machine, as input.

Nope. Running a CGI script involves an HTTP server.


Adrian (adrianh@oneworld.co.uk)