O'Reilly logo

Open Source Web Development with LAMP: Using Linux, Apache, MySQL, Perl, and PHP by Brent Ware, James Lee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7.9. CGI Security Considerations

Although CGI programming is not inherently insecure, insecure CGI programs are easy to write. In this section, we discuss some of the most common security issues with CGI programs. If you heed these suggestions, you will be a long way toward being secure, or at least you will not be an easy target.

7.9.1. Avoid Shipped and Downloaded CGI Programs

We mentioned this before in Chapter 3, but it deserves mention again: Do not trust preshipped CGIs. Before developing your own CGI scripts, remove all the ones you find in cgi-bin, or if you want to keep them around, change their permissions so that they are not executable.

And never download CGI programs from source code web sites. Many contain serious security problems. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required