Solved

Web servers and security?

Posted on 2001-09-12
6
167 Views
Last Modified: 2013-12-25
Hi.

I've just uploaded a script to a web server and wondered....what will stop other "users" from pinching my script or reading it to get user information (robots pinching email addresses, hackers pinching passwords etc..)

I'm sure that this is a pretty common issue as with any other server side applications.  I basically want to know how to make it as secure as possible.

Thanks a lot,

John.
0
Comment
Question by:Jaymol
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 3

Accepted Solution

by:
bigbed earned 50 total points
ID: 6476995
If the web server executes the script whenever it is requested, people won't be able to see the source of it - just the output :)
0
 
LVL 6

Author Comment

by:Jaymol
ID: 6477007
But there are ways around that.

John.
0
 
LVL 3

Expert Comment

by:bigbed
ID: 6477137
are there?
if so, there may be some .htaccess magic to only allow execute.  Best to check www.apache.org.
If you're not using apache, I'm afraid I don't know.
0
Monthly Recap

May was a big month for new releases from Linux Academy! Take a look at what our team built recently in our blog. You can access the newest releases from our blog.

 
LVL 8

Expert Comment

by:bebonham
ID: 6477945
there is no way around it short of hacking into the server...or another comp on that same network so just prevent that
0
 
LVL 1

Expert Comment

by:kirthir
ID: 6486687
Here are few of the tips for CGI security

1)Never trust input from forms.
The following things are all false:
If I create a selection list, the input for that field will be one of the option choices.
If I set the maximum length of the input field then the browser will send at most that many characters for that field.

2)Beware the eval statement
Languages like PERL and the Bourne shell provide an eval command which allow you to construct a string and have the interpreter execute that string. This can be very dangerous.

3)Do not trust the client to do anything
A well-behaved client will escape any characters which have special meaning to the Bourne shell in a query string and thus avoid problems with your script misinterpreting the characters. A mischevious client may use special characters to confuse your script and gain unauthorized access.

4)Turn off server-side includes
If your server is unfortunate enough to support server-side includes, turn them off for your script directories!!!. The server-side includes can be abused by clients which prey on scripts which directly output things they have been sent.

0
 
LVL 6

Author Comment

by:Jaymol
ID: 6486793
Thanks for your comments.  This one is closest to the response I was looking for.

John.
0

Featured Post

Quiz: What Do These Organizations Have In Common?

Hint: Their teams ended up taking quizzes, too.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will focus on how to use WhizBase as a tool for sending ICQ messages to ICQ. Here I will use a new technology in WhizBase, published in WhizBase 5.1 version. In this tutorial I will use 3 files, pager.wbsp for the processing, e…
Recently I have been answering a lot of questions like this in IT forums that I frequent. The question posed is usually something along the lines of "We have software X installed and need to uninstall it for reason Y" or some other variant of the sa…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question