Re: Web form CGI, Security?

---

• From: "Peter L. Berghold" <peter@xxxxxxxxxxxx>
• Date: Sat, 29 Oct 2005 22:48:32 -0400

---

one man army wrote:
> I would like to generate a few simple web forms. Is the Perl CGI, and a
> cgi-enabled directory, a huge security hole?
>

Is a door on a house a huge security hole? It is if you leave the door
unlocked.


> I read the lines that say to disable upload, and limit the size of a
> POST.
>

If you don't understand the implications of doing uploads... don't do them.

> I'm asking my host to install CGI, although I know he is security
> conscious.
>

Again... understand the implications of what you are asking your hosting
facility to do this. The reason a lot of hosting facilities don't allow
CGI is because folks don't know what they are doing.

On the other hand I can think of all sorts of ways I could set up a
virtual server to limit the "damage" that a ill-written CGI can do. I
would feel more comfortable hosting my applications with some folks that
understand how to do that as well.

>From what you've posted, however, I would suggest doing your homework
before proceeding.



--
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Peter L. Berghold Peter@xxxxxxxxxxxx
"Those who fail to learn from history are condemned to repeat it."
AIM: redcowdawg Yahoo IM: blue_cowdawg ICQ: 11455958
.

---

• Prev by Date: Re: Perl site - Elementary question
• Next by Date: Re: why the perl docs suck
• Previous by thread: Re: Web form CGI, Security?
• Next by thread: FAQ 1.8 Is Perl difficult to learn?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: sendmail compromised - Somebody help me! ... I also discovered, to my shock, that the default PHP configuration was ... Your CGIs are a potential problem: Running awstats as a CGI is the path ... Typhoid Mary of risk -- as, judging by its sorry security history, is ... (comp.os.linux.security) [UNIX] Security Bug Found in ht://Dig htsearch CGI (DoS, File Exposure) ... Subject: Security Bug Found in ht://Dig htsearch CGI (DoS, File Exposure) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The htsearch CGI runs as both the CGI and as a command-line program. ... (Securiteam) Re: Ten least secure programs ... security safeguards that can be activated to make the script more safe. ... checking on data input and will abort the program if it is asked to handle ... programmer who wrote the CGI script. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... (Security-Basics) [NEWS] Axis Network Camera Requires No Authentication to Access Sensitive Information ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Axis Network Cameras suffers from a security flaw in the CGI they include. ... (Securiteam) Re: Python v PHP: fair comparison? ... but would you consider a python cgi application a good ... php running as cgi you mean. ... he's referring to deployment on really cheap hosting ... (comp.lang.python)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

coding.derkeiler.com  > Archive  > Perl  > comp.lang.perl.misc  > 2005-10