The safety of CGI (2)

Below default circumstance, the global option below installs so:

Options Indexes FollowSymLinks

When searched document wanting in the catalog that appoints when URL, indexes allows you to appoint a file. Below default circumstance, this variable is Index.html, through Srm.conf medium DirectoryIndex is appointed, very the intent that accords with us. FollowSymLinks means a server to be able to return the data that symbolic join points to. I did not see this characteristic necessity, so I prohibited it. Now, this group looks as if such:

Options Indexes

If I want to make CGI program effective in any catalog, I can install through including ExecCGI option:

Options Indexes ExecCGI

This one, couple the AddType statement in Srm.conf, the patulous name that can allow me to add.cgi through all CGI giving the order in any catalog will carry out a CGI.

Default circumstance issues the configuration of NCSA Httpd, all settings that.htAccess file founds to make Access.conf medium in having proper attribute and the specific list that visit limitation through be in can be surmounted. Below this kind of circumstance, I do not mind an user to change their visit limitation. However, I do not want to gift the ability that the user carries out CGI and.htaccess file in the catalog of themselves.

AddType Application/x-httpd-cgi.cgi
Options Indexes ExecCGI

Accordingly, my editor Access.conf will allow an user to surmount besides all settings outside option:

AllowOverride FileInfo AuthConfig Limit

Now, the configuration of my server safety. I allow to run CGI in Cgi-bin catalog only, and make the server embeds the instruction disables completely. The server moves with Nobody user, the nonexistent user in my system. I prohibited all character that I do not need, and the user is insurmountable these year of special limitation. Want to know a lot of other configuration information, include detailed visit restriction, consult please NCSA server shows a file.

2. draws up safe CGI program

Your computer that assumes you had made and Web server are very safe, should learn how to draw up at the back of you so the CGI program with a very good security. The principle that writes safe CGI and in front mentioned likeness:

A. Your program can realize the function that you assign only.
B. Do not give a client additional the information that it does not need to know.
C. Do not believe the client gives you accurate information.

The safe hidden trouble that exists possibly about the first had explained in my example in Guestbook. I mentioned a few common errors that can uncover loophole, but, you should remember likewise: You ought to consider all implications of each function that you use.

The 2nd is general security principle is simple patulous: What the person besides the system understands your system is less, your system is impossible more by breach.
1、分页标题#e#< 2、分页标题#e#< 3、分页标题#e#<