HTTP, CGI, and security

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Tim Newsham : "syslog/udp"
• Previous message: scott@santafe.edu: "forwarded message from Chris Goggans"

Hi there, I've been told that you've been advising people on security in
programs which handle forms in NCSA httpd. I just wanted to confirm that
you're talking about what I think you're talking about, and perhaps see any
warnings you may have sent out to people. I am the developer of NCSA httpd
and security issues in a system wherein programs are executed with data from
foreign clients are extremely important to us.

The document http://hoohoo.ncsa.uiuc.edu/cgi/security.htm discusses how to
write safe shell scripts and gives examples of things which shouldn't be
done. I'd like you to take a look at our document and let us know if there's
anything we missed.

Thanks
--Rob

• Next message: Tim Newsham : "syslog/udp"
• Previous message: scott@santafe.edu: "forwarded message from Chris Goggans"