Re: CGI scripts in sh

["Robert G. Ferrell" <root () rgfsparc cr usgs gov>]

> I got a question concerning CGI scripts, i've been told that
> sh scripts are way more insecure than perl or c/c++ scripts.

We could devote all the resources of this mailing list for the next year
just to discussing or, more likely arguing over, this point.  The truth is that
programming securely is a state of mind that should be adopted regardless of
the language you're using.  If you don't do some sort of bounds checking on
user-entered information, for example, you're asking for trouble across the
board.

No matter how many levels of abstraction you place between the source code and
the operating system, if you don't practice safe programming, eventually you'll
get burned.  Sanity is definitely a top-down commodity.

Cheers,

RGF

Robert G. Ferrell, CISSP
Information Systems Security Officer
National Business Center
U. S. Dept. of the Interior
Robert_G_Ferrell () nbc gov
========================================
 Who goeth without humor goeth unarmed.
========================================