![Apache Today [Your Apache News Source]](/pics/at_logo.png){kind=logo}
|
|
| Your Daily Source for Apache News and Information |
| Breaking News | Preferences | Contribute | Triggers | Link Us | Search | About |
"A CGI script can, intentionally or otherwise, do anything that the user it runs as can do. Typically, CGI scripts run as the same user as the Web server. On most UNIX systems, the Apache Web server is used and by default, Apache runs as user "nobody". By convention, "nobody" is a user for unprivileged operations. Some may think that something running as nobody could not do much to compromise a Web server, but there are many ways security can be compromised."
"... The Webmaster must ensure that all CGI scripts placed on any Web server have been through a process to find and fix security holes. ..."
Complete Story
Related Stories:
The Perl You Need to Know: Benchmarking Perl(Jan 23, 2001)
Linux Journal: Web Servers and Dynamic Content(Jan 20, 2001)
PHPeverywhere: Comparing PHP with Perl for Dynamic Web Pages(Jan 05, 2001)
ApacheWeek: Web Authoring and HTTP(Dec 29, 2000)
How's my server doing?(Dec 21, 2000)
DevShed: CGI.pm Basics(Nov 22, 2000)
The Perl Basics You Need To Know(Aug 02, 2000)
LinuxDev.net: Developing Python-Based CGI-Scripts: Preparations(Jun 14, 2000)
Apache Guide: Dynamic Content with CGI(Jun 05, 2000)
| About Triggers | Newsletters | Media Kit | Security | Triggers | Login |
internet.com Privacy Policy All times are recorded in UTC. Linux is a trademark of Linus Torvalds. Powered by Linux 2.2.12, Apache 1.3.9. and PHP 3.14 © Copyright 2000, internet.com Corp. All Rights Reserved.Legal Notices. |