mailing list archives
HTTP, CGI, and security
From: robm () ncsa uiuc edu (Rob McCool)
Date: Thu, 17 Feb 1994 03:02:14 -0600
Hi there, I've been told that you've been advising people on security in
programs which handle forms in NCSA httpd. I just wanted to confirm that
you're talking about what I think you're talking about, and perhaps see any
warnings you may have sent out to people. I am the developer of NCSA httpd
and security issues in a system wherein programs are executed with data from
foreign clients are extremely important to us.
The document http://hoohoo.ncsa.uiuc.edu/cgi/security.html discusses how to
write safe shell scripts and gives examples of things which shouldn't be
done. I'd like you to take a look at our document and let us know if there's
anything we missed.
- HTTP, CGI, and security Rob McCool (Feb 17)