Bugtraq mailing list archives
Guidelines for cgi-bin scripts
From: lee () NETSPACE ORG (Lee Silverman)
Date: Tue, 8 Aug 1995 08:39:09 -0400
Given all the posts here lately about holes in cgi-bin scripts, has anyone come up with a good set of guidelines to tell programs what is and is not acceptable for putting in cgi-bin programs? For example, if someone gave you a cgi-bin script and asked you to tell them if it was going to cause any security holes, what would you look for? Paul, what methods have you been using to track all these bugs in freeware cgi-bin packages? (If you don't mind telling us...) Lee Silverman lee () netspace org http://www.netspace.org/users/lee/ Live each day as if your life had just begun. -- Goethe
Current thread:
- SECURITY HOLE: FormMail Paul Phillips (Aug 02)
- followup: local mail delivery der Mouse (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 03)
- PERL (was: Re: SECURITY HOLE: FormMail) VaX#n8 (Aug 07)
- Re: PERL (was: Re: SECURITY HOLE: FormMail) Philip Guenther (Aug 07)
- Guidelines for cgi-bin scripts Lee Silverman (Aug 08)
- Re: Guidelines for cgi-bin scripts Dave Andersen (Aug 08)
- Re: Guidelines for cgi-bin scripts Christian Wettergren (Aug 09)
- <Possible follow-ups>
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 03)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Neil Woods (Aug 05)
- More holes, was: Re: SECURITY HOLE: FormMail Ivo (Aug 05)
- My email handler, ~ escapes, etc. Tom (Aug 05)
- Simple CGI email handler, fixed Tom (Aug 05)
- Re: SECURITY HOLE: FormMail Christian Wettergren (Aug 04)
- Re: SECURITY HOLE: FormMail Andrew Macpherson (Aug 04)
- Re: SECURITY HOLE: FormMail Jukka Ukkonen (Aug 07)