Solved

CGI SECUIRTY

Posted on 2003-12-02
1
187 Views
Last Modified: 2013-12-25
Hi Yall
Ive got a cgi "e-greeting card" located here.

http://www.21stcenturyspace.co.uk/card.html

i havent modfied it at all although there is a directory that contains the card gifs on the server thats CHMOD'd 777

the html card is also written to this directory for the recipient to view.

Does anyone know if there are any security issues related to this directory.


Cheers

MM
0
Comment
Question by:metalmickey
1 Comment
 
LVL 6

Accepted Solution

by:
aolXFT earned 125 total points
Comment Utility
If it is on a shared server it can be a security risk to have it there.

It would be safer to put it outside the web-server-tree.

If you are using apache, you can mod the config to not allow any access to that directory, by the webserver. (Your CGI scripts will still be able to read and write to that dir)

The biggest problem would be people putting code into that directory, leading to execution of aribitory code.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Making a simple AJAX shopping cart Couple years ago I made my first shopping cart, I used iframe and JavaScript, it was very good at that time, there were no sessions or AJAX, I used cookies on clients machine. Today we have more advanced techno…
It is a general practice to get rid of old user profiles on a computer  in a LAN environment. As I have been working with a company in a LAN environment where users move from one place to some other place at times. This will make many user profil…
Learn the basics of strings in Python: declaration, operations, indices, and slicing. Strings are declared with quotations; for example: s = "string": Strings are immutable.: Strings may be concatenated or multiplied using the addition and multiplic…
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now