• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 173
  • Last Modified:

Web servers and security?

Hi.

I've just uploaded a script to a web server and wondered....what will stop other "users" from pinching my script or reading it to get user information (robots pinching email addresses, hackers pinching passwords etc..)

I'm sure that this is a pretty common issue as with any other server side applications.  I basically want to know how to make it as secure as possible.

Thanks a lot,

John.
0
Jaymol
Asked:
Jaymol
1 Solution
 
bigbedCommented:
If the web server executes the script whenever it is requested, people won't be able to see the source of it - just the output :)
0
 
JaymolAuthor Commented:
But there are ways around that.

John.
0
 
bigbedCommented:
are there?
if so, there may be some .htaccess magic to only allow execute.  Best to check www.apache.org.
If you're not using apache, I'm afraid I don't know.
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
bebonhamCommented:
there is no way around it short of hacking into the server...or another comp on that same network so just prevent that
0
 
kirthirCommented:
Here are few of the tips for CGI security

1)Never trust input from forms.
The following things are all false:
If I create a selection list, the input for that field will be one of the option choices.
If I set the maximum length of the input field then the browser will send at most that many characters for that field.

2)Beware the eval statement
Languages like PERL and the Bourne shell provide an eval command which allow you to construct a string and have the interpreter execute that string. This can be very dangerous.

3)Do not trust the client to do anything
A well-behaved client will escape any characters which have special meaning to the Bourne shell in a query string and thus avoid problems with your script misinterpreting the characters. A mischevious client may use special characters to confuse your script and gain unauthorized access.

4)Turn off server-side includes
If your server is unfortunate enough to support server-side includes, turn them off for your script directories!!!. The server-side includes can be abused by clients which prey on scripts which directly output things they have been sent.

0
 
JaymolAuthor Commented:
Thanks for your comments.  This one is closest to the response I was looking for.

John.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now