How secure are CGI-based web applications?

Question

How secure are CGI-based web applications?

A significant disadvantage of using CGI is the poor performance of the web server. But how safe are CGI-based applications (mainly C / C ++)? Are there any serious holes in the CGI architecture built in C / C ++?

I would like to know some realities of CGI-based web application / website implementations. I know this is javaranch.com.

+3

security cgi

Vicky Oct 16 '08 at 10:11

source share

4 answers

Tanktalus · Answer 1 · 2008-10-17T04:58:46+0000

The main security core that I have seen anywhere, including C / C ++, will not use the standard open CGI library without reading its documentation, and I think that you are protected anyway.

. CGI. (, PHP), (Perl ), , (C/++). , , , . Do . , , , .
. , , .
, . , , CGI- Perl .. , , - . - , , . .

. - , , , . , , , 15 . SELinux .

, , ? ? , C/++, Perl. , Perl, ++. .

Andy Lester · Answer 2 · 2008-10-16T22:13:16+0000

CGI , WSAPI. , . CGI , .

Alexandr Ciornii · Answer 3 · 2009-04-26T23:42:22+0000

CGI. PHP-, , CGI - mod_php - suid.

In general, CGI has lower performance, but it is better for security - you do not have access to internal web servers (as well as to mod_perl and mod_php), so using vulnerabilities is more difficult. If you use cgi-bin, you do not execute files that are not displayed (a common mistake of PHP programmers is that they have libraries with the extension of the type .inc, so the source is displayed when this file is requested directly).

skiphoppy · Answer 4 · 2009-06-03T16:19:14+0000

Perl authentication mode provides a wonderful way to increase security.

How secure are CGI-based web applications?

More articles: