Solved

CGI SECUIRTY

Posted on 2003-12-02
1
191 Views
Last Modified: 2013-12-25
Hi Yall
Ive got a cgi "e-greeting card" located here.

http://www.21stcenturyspace.co.uk/card.html

i havent modfied it at all although there is a directory that contains the card gifs on the server thats CHMOD'd 777

the html card is also written to this directory for the recipient to view.

Does anyone know if there are any security issues related to this directory.


Cheers

MM
0
Comment
Question by:metalmickey
1 Comment
 
LVL 6

Accepted Solution

by:
aolXFT earned 125 total points
ID: 9860663
If it is on a shared server it can be a security risk to have it there.

It would be safer to put it outside the web-server-tree.

If you are using apache, you can mod the config to not allow any access to that directory, by the webserver. (Your CGI scripts will still be able to read and write to that dir)

The biggest problem would be people putting code into that directory, leading to execution of aribitory code.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wallpaper not updating when file is swapped out 6 59
Need help editing script 3 78
BATCH to EXE Converter 2 32
PowerShell logging 1 13
If you get a (Blue Screen of Death), your system writes a small file called a minidump. Your first step is to make certain your computer is setup to record memory dumps. Right click My Computer, choose properties. Click on the advanced tab, an…
Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question