Solved

Web servers and security?

Posted on 2001-09-12
6
166 Views
Last Modified: 2013-12-25
Hi.

I've just uploaded a script to a web server and wondered....what will stop other "users" from pinching my script or reading it to get user information (robots pinching email addresses, hackers pinching passwords etc..)

I'm sure that this is a pretty common issue as with any other server side applications.  I basically want to know how to make it as secure as possible.

Thanks a lot,

John.
0
Comment
Question by:Jaymol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Accepted Solution

by:
bigbed earned 50 total points
ID: 6476995
If the web server executes the script whenever it is requested, people won't be able to see the source of it - just the output :)
0
 
LVL 6

Author Comment

by:Jaymol
ID: 6477007
But there are ways around that.

John.
0
 
LVL 3

Expert Comment

by:bigbed
ID: 6477137
are there?
if so, there may be some .htaccess magic to only allow execute.  Best to check www.apache.org.
If you're not using apache, I'm afraid I don't know.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 8

Expert Comment

by:bebonham
ID: 6477945
there is no way around it short of hacking into the server...or another comp on that same network so just prevent that
0
 
LVL 1

Expert Comment

by:kirthir
ID: 6486687
Here are few of the tips for CGI security

1)Never trust input from forms.
The following things are all false:
If I create a selection list, the input for that field will be one of the option choices.
If I set the maximum length of the input field then the browser will send at most that many characters for that field.

2)Beware the eval statement
Languages like PERL and the Bourne shell provide an eval command which allow you to construct a string and have the interpreter execute that string. This can be very dangerous.

3)Do not trust the client to do anything
A well-behaved client will escape any characters which have special meaning to the Bourne shell in a query string and thus avoid problems with your script misinterpreting the characters. A mischevious client may use special characters to confuse your script and gain unauthorized access.

4)Turn off server-side includes
If your server is unfortunate enough to support server-side includes, turn them off for your script directories!!!. The server-side includes can be abused by clients which prey on scripts which directly output things they have been sent.

0
 
LVL 6

Author Comment

by:Jaymol
ID: 6486793
Thanks for your comments.  This one is closest to the response I was looking for.

John.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This tutorial will give you a fast look what you can do with WhizBase. I expect you already know how to work with HTML at least, and that you understand the basics of the internet and how the internet works. WhizBase is a server-s…
In this tutorial I will show you how to make a simple HTML bar chart with the usage of WhizBase, If you want more information about WhizBase please read my previous articles at http://www.experts-exchange.com/ARTH_5123186.html (http://www.experts-ex…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question