Web servers and security?

Hi.

I've just uploaded a script to a web server and wondered....what will stop other "users" from pinching my script or reading it to get user information (robots pinching email addresses, hackers pinching passwords etc..)

I'm sure that this is a pretty common issue as with any other server side applications.  I basically want to know how to make it as secure as possible.

Thanks a lot,

John.
LVL 6
JaymolAsked:
Who is Participating?
 
bigbedConnect With a Mentor Commented:
If the web server executes the script whenever it is requested, people won't be able to see the source of it - just the output :)
0
 
JaymolAuthor Commented:
But there are ways around that.

John.
0
 
bigbedCommented:
are there?
if so, there may be some .htaccess magic to only allow execute.  Best to check www.apache.org.
If you're not using apache, I'm afraid I don't know.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
bebonhamCommented:
there is no way around it short of hacking into the server...or another comp on that same network so just prevent that
0
 
kirthirCommented:
Here are few of the tips for CGI security

1)Never trust input from forms.
The following things are all false:
If I create a selection list, the input for that field will be one of the option choices.
If I set the maximum length of the input field then the browser will send at most that many characters for that field.

2)Beware the eval statement
Languages like PERL and the Bourne shell provide an eval command which allow you to construct a string and have the interpreter execute that string. This can be very dangerous.

3)Do not trust the client to do anything
A well-behaved client will escape any characters which have special meaning to the Bourne shell in a query string and thus avoid problems with your script misinterpreting the characters. A mischevious client may use special characters to confuse your script and gain unauthorized access.

4)Turn off server-side includes
If your server is unfortunate enough to support server-side includes, turn them off for your script directories!!!. The server-side includes can be abused by clients which prey on scripts which directly output things they have been sent.

0
 
JaymolAuthor Commented:
Thanks for your comments.  This one is closest to the response I was looking for.

John.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.