[Israel.pm] securing CGI scripts

Shlomo Yona shlomo at cs.haifa.ac.il
Sun Sep 26 23:08:41 PDT 2004


Hello,

I have a CGI script that is used to serve as a
"web-interface" (along with an HTML form) demo for a
commanline program I wrote.

I've been asked to put it on a public web server and allow
free access to this demo.

Now... the demo takes the input written in a FORM and pipes
it to a pipeline of oneliners and then prints back a
transformation of the returned output.

This "logic" seems very insecure and may result in data loss
on the server.

I wonder if you guys can give some finger-rules, suggestions
and tips that will enable me to get back to the script and
do something to increase its security.

Thanks.

-- 
Shlomo Yona
shlomo at cs.haifa.ac.il
http://cs.haifa.ac.il/~shlomo/



More information about the Perl mailing list