Writing More Secure CGI Scripts

Last Update: November 11, 1995

Any time that a program such as a WWW server is interacting with a networked client such as a WWW browser, there is the possibility of that client attacking the program to gain unauthorized access. Even the most innocent looking script can be very dangerous to the integrity of your system.

With that in mind, I would like to present a few guidelines to help ensure your program does not come under attack. This presentation uses example from REXX and Perl, however, the principles apply to most languages.

NEW You may also want to look at Paul Phillips' CGI Security for information on Perl, C and C++. Another source of information is Lincoln Stein's well-regarded WWW Security FAQ Also if you are using Perl then you should also consider using Perl's taint checking mechanism.

[ CGI overview | Writing CGI Scripts | SLAC's CGI Wrapper | Feedback ]

This page evolved from information from Rob McCool robm@ncsa.uiuc.edu. Also I have gained many insights and useful information from John Halperin@slac.stanford.edu.

Les Cottrell