Principles of CGI security

CGI-BIN security means preventing attacks against the web server itself, and also attacks against other systems which might get launched from the web server.

Always scan (and clean) input for:

  1. Shell escapes
  2. HTML tags
  3. Length limits (gets(3) is rare, but not extinct)
Daniel F. Boyd / boyd@localnet.com
Last modified: Tue Mar 19 02:08:19 1996