Last principle is a very good very important process designing principle only, but also be a security is very good likewise. CGI program should be on the safe side, hale. The first thing that a Hacker may do is to think all method to adjust an input to come ceaselessly through be in your CGI program jumble program, achieve the goal that scores the computer then. If your program is not hale, so at this moment, it perhaps can break down, the function that perhaps can realize other (of course these functions are your unallowed) . These two kinds of possibility are offensive. To put an end to this kind of possibility, the information form that does not send possibly to your client or value are made any assume.
The essence of most CGI program is simple input / output a program. The specification that it draws a client to carry is returned a few answer. This kind of program does not have a risk almost (also can appear of course flaw, you can see from the back) . Because CGI program is not interested in the input, without what wrong likelihood happens. However, once your program uses an input to start, the callback uses the possibility other programs, keep a file, perhaps do the and rather than with a few more powerful functions to return the thing of output simply, so you can risk the venture that introduces safe flaw. Normally, the function is direct with safe risk proportionate.
The risk sex of 2-1. language
Different language has its inherent safe risk. Any languages can write safe CGI program, but the eccentricity that you must notice every language (sharp) . Here, I discuss C and Perl only, but their some character do not apply to other language. The designation of conceivable other language information, consult please proper file.
Those who be in front is paragraphic we are acquired, generally speaking, compile CGI program more desirable than explaining script. Compiler has two advantages: Above all, you do not need to have server apprehensible interpreter; Next, the source file of the program cannot be visited. Attention, the traditional explanation like Perl language can be compiled binary form. (About how coming true in Perl, consult please of Larry WaRandall Schwartz " Perl process designing " ) from safe footing for, the Perl program that compile and the C program that compile are euqally good with.
Like C such vulgarrer languages can appear to be called the problem of Buffer Overflow. C language is good without what handle string inside the method of buy. Normally the finger that the method perhaps states array of a character perhaps points to character. Before apt of a lot of people one kind of method, because its process designing is simpler. Think below two functions are equivalent program code.
Program 1. In C language use array defines string.
#include
#include
#define Message "Hello, world! World!! Int Main()
{Char Buffer[80];Strcpy(buffer, message);Printf("%sn" , buffer);Return 0;
}
Program 2. In C language use finger defines string.
Previous 1 23 4 Next