?
Solved

CGI SECUIRTY

Posted on 2003-12-02
1
Medium Priority
?
195 Views
Last Modified: 2013-12-25
Hi Yall
Ive got a cgi "e-greeting card" located here.

http://www.21stcenturyspace.co.uk/card.html

i havent modfied it at all although there is a directory that contains the card gifs on the server thats CHMOD'd 777

the html card is also written to this directory for the recipient to view.

Does anyone know if there are any security issues related to this directory.


Cheers

MM
0
Comment
Question by:metalmickey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 6

Accepted Solution

by:
aolXFT earned 500 total points
ID: 9860663
If it is on a shared server it can be a security risk to have it there.

It would be safer to put it outside the web-server-tree.

If you are using apache, you can mod the config to not allow any access to that directory, by the webserver. (Your CGI scripts will still be able to read and write to that dir)

The biggest problem would be people putting code into that directory, leading to execution of aribitory code.
0

Featured Post

How To Reduce Deployment Times With Pre-Baked AMIs

Even if we can't include all the files in the base image, we can sometimes include some of the larger files that we would otherwise have to download, and we can also sometimes remove the most time-consuming steps. This can help a lot with reducing deployment times.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question