Solved

Web servers and security?

Posted on 2001-09-12
6
164 Views
Last Modified: 2013-12-25
Hi.

I've just uploaded a script to a web server and wondered....what will stop other "users" from pinching my script or reading it to get user information (robots pinching email addresses, hackers pinching passwords etc..)

I'm sure that this is a pretty common issue as with any other server side applications.  I basically want to know how to make it as secure as possible.

Thanks a lot,

John.
0
Comment
Question by:Jaymol
6 Comments
 
LVL 3

Accepted Solution

by:
bigbed earned 50 total points
ID: 6476995
If the web server executes the script whenever it is requested, people won't be able to see the source of it - just the output :)
0
 
LVL 6

Author Comment

by:Jaymol
ID: 6477007
But there are ways around that.

John.
0
 
LVL 3

Expert Comment

by:bigbed
ID: 6477137
are there?
if so, there may be some .htaccess magic to only allow execute.  Best to check www.apache.org.
If you're not using apache, I'm afraid I don't know.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 8

Expert Comment

by:bebonham
ID: 6477945
there is no way around it short of hacking into the server...or another comp on that same network so just prevent that
0
 
LVL 1

Expert Comment

by:kirthir
ID: 6486687
Here are few of the tips for CGI security

1)Never trust input from forms.
The following things are all false:
If I create a selection list, the input for that field will be one of the option choices.
If I set the maximum length of the input field then the browser will send at most that many characters for that field.

2)Beware the eval statement
Languages like PERL and the Bourne shell provide an eval command which allow you to construct a string and have the interpreter execute that string. This can be very dangerous.

3)Do not trust the client to do anything
A well-behaved client will escape any characters which have special meaning to the Bourne shell in a query string and thus avoid problems with your script misinterpreting the characters. A mischevious client may use special characters to confuse your script and gain unauthorized access.

4)Turn off server-side includes
If your server is unfortunate enough to support server-side includes, turn them off for your script directories!!!. The server-side includes can be abused by clients which prey on scripts which directly output things they have been sent.

0
 
LVL 6

Author Comment

by:Jaymol
ID: 6486793
Thanks for your comments.  This one is closest to the response I was looking for.

John.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
This article will show, step by step, how to integrate R code into a R Sweave document
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question