Vulnerability Development mailing list archives
Re: CGI scripts in sh
From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Thu, 21 Sep 2000 12:46:14 -0500
I got a question concerning CGI scripts, i've been told that sh scripts are way more insecure than perl or c/c++ scripts.
We could devote all the resources of this mailing list for the next year just to discussing or, more likely arguing over, this point. The truth is that programming securely is a state of mind that should be adopted regardless of the language you're using. If you don't do some sort of bounds checking on user-entered information, for example, you're asking for trouble across the board. No matter how many levels of abstraction you place between the source code and the operating system, if you don't practice safe programming, eventually you'll get burned. Sanity is definitely a top-down commodity. Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell () nbc gov ======================================== Who goeth without humor goeth unarmed. ========================================
Current thread:
- Re: CGI scripts in sh Robert G. Ferrell (Sep 21)