HP3000-L Archives

September 1995, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Stupid shell tricks (cgi risks?)
From:
Jerry Bostick <[log in to unmask]>
Reply To:
Jerry Bostick <[log in to unmask]>
Date:
Sat, 9 Sep 1995 00:17:58 GMT
Content-Type:
text/plain
Parts/Attachments:
text/plain (38 lines) 
In article <[log in to unmask]>, [log in to unmask] says...
>
>At the minimum, the user logon for your httpd job should have minimal file
>access.
 
Guys,
 
IMHO, *no* Common Gateway Interface should be implemented via a script.
if security is an issue, use *only* compiled programs, as you have
much more control over *what can happen*.
 
just my $.02
 
jerry
 
 
>
>Jeff Kell ([log in to unmask]) wrote:
>: Hopefully one of our more Posix or Un*x oriented readers can answer this
>: question...
>
>: Just how "dangerous" are cgi-bin scripts?
 
[rest snipped]
 
 
--
Former Hughes Aircraft employee, NOW  \\|//  an Outsourcee 4 CSC
+-----------------------+My opinions  |O-O|  are JUST THAT !!!
| Jerry Bostick         +----------oOO-(_)-OOo-----------------+
| Computer Systems Engineer Specialist, Senior                 |
| Computer Sciences Corp.  work tel.:   714 441-6975           |
| PO Box 3310              work fax.:   714 732-2070           |
| Fullerton, Ca. 92635   work-e-mail: [log in to unmask] |
| USA                    home-e-mail: [log in to unmask]   |
|             *HOME PAGE*: http://www.earthlink.net/~jbostick  |
+--------------------------------------------------------------+

ATOM RSS1 RSS2