Web form CGI, Security?

O

one man army

I would like to generate a few simple web forms. Is the Perl CGI, and a
cgi-enabled directory, a huge security hole?

I read the lines that say to disable upload, and limit the size of a
POST.

I'm asking my host to install CGI, although I know he is security
conscious.

thanks for your informed opinions
 
G

Gunnar Hjalmarsson

one said:
I would like to generate a few simple web forms. Is the Perl CGI, and a
cgi-enabled directory, a huge security hole?

Together with clueless programmers: Yes.
I read the lines that say to disable upload, and limit the size of a
POST.

I'm asking my host to install CGI, although I know he is security
conscious.

Then convince them that you aren't clueless (´cause you aren't, are you?).

To be safe, you can for instance study
http://www.w3.org/Security/Faq/www-security-faq.html
 
X

xhoster

one man army said:
I would like to generate a few simple web forms. Is the Perl CGI, and a
cgi-enabled directory, a huge security hole?

If you have to ask if it is a security hole, then in your hands it will
be a security hole. Read the CGI security FAQs on the web, and perldoc
perlsec.
I read the lines that say to disable upload,

If you don't need uploads, sure. If you do need upload, then you probably
shouldn't disable it.
and limit the size of a
POST.

I good idea if there is a clear limit to how big a legitimate post
can be.
I'm asking my host to install CGI, although I know he is security
conscious.

In that case, he should be able to provide you with much more
custom-tailored advice than we can.

Xho
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,481
Members
44,900
Latest member
Nell636132

Latest Threads

Top