7.9. CGI Security Considerations
Although CGI programming is not inherently insecure, insecure CGI programs are easy to write. In this section, we discuss some of the most common security issues with CGI programs. If you heed these suggestions, you will be a long way toward being secure, or at least you will not be an easy target.
7.9.1. Avoid Shipped and Downloaded CGI Programs
We mentioned this before in Chapter 3, but it deserves mention again: Do not trust preshipped CGIs. Before developing your own CGI scripts, remove all the ones you find in cgi-bin, or if you want to keep them around, change their permissions so that they are not executable.
And never download CGI programs from source code web sites. Many contain serious security problems. ...
Get Open Source Web Development with LAMP: Using Linux, Apache, MySQL, Perl, and PHP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.