Chapter 8. Security
something amazing: as soon as your script is online, it is
immediately available to the entire world. Anyone from almost
anywhere can run the application you created on your web server. This
may make you excited, but it should also make you scared. Not
everyone using the Internet has honest intentions. Crackers may attempt to vandalize your web pages in
order to show off to friends. Competitors or investors may try to
access internal information about your organization and its products.
A cracker is someone who attempts to break
into computers, snoop network transmissions, and get into other forms
of online mischief. This is quite different from a
hacker, a clever programmer who can find
creative, simple solutions to problems. Many programmers (most of
whom consider themselves hackers) draw a sharp distinction between
the two terms, even though the mainstream media often does
Not all security issues involve malevolent users. The worldwide
availability of your CGI script means that someone may run your
script under circumstances you never imagined and certainly never
tested. Your web script should not wipe out files because someone
happened to enter an apostrophe in a form field, but this is
possible, and issues like these also represent security concerns.
8.1. The Importance of Web Security
Many CGI developers do not take
security as seriously as
they should. So before we look at how to make CGI scripts more
secure, let's look at why we should worry about security in the
On the Internet, your web site represents your public
image. If your web pages are unavailable or have been
vandalized, that affects others' impressions of your
organization, even if the focus of your organization has nothing to
do with web technology.
You may have valuable information on your web
server. You may have sensitive or valuable information
available in a restricted area that you may wish to keep unauthorized
people from accessing. For example, you may have content or services
available to paying members, which you would not want non-paying
customers or non-members to access. Even files that are not part of
your web server's document tree and are thus not available
online to anyone (e.g., credit card numbers) could be compromised.
Someone who has cracked your web server has easier access
to the rest of your network. If you have no valuable
information on your web server, you probably cannot say that about
your entire network. If someone breaks into your web server, it
becomes much easier for them to break into another system on your
network, especially if your web server is inside your
organization's firewall (which, for this reason, is generally a
You sacrifice potential income when your system is
down. If your organization generates revenue directly from
your web site, you certainly lose income when your system is
unavailable. However, even if you do not fall into this group, you
likely offer marketing literature or contact information online.
Potential customers who are unable to access this information may
look elsewhere when making their decision.
You waste time and resources fixing problems.
You must perform many tasks when your systems are compromised. First,
you must determine the extent of the damage. Then you probably need
to restore from backups. You must also determine what went wrong. If
a cracker gained access to your web server, then you must determine
how the cracker managed this in order to prevent future break-ins. If
a CGI script damaged files, then you must locate and fix the bug to
prevent future problems.
You expose yourself to liability. If you develop
CGI scripts for other companies, and one of those CGI scripts is
responsible for a large security problem, then you may understandably
be liable. However, even if it is your company for whom you're
developing CGI scripts, you may be liable to other parties. For
example, if someone cracks your web server, they could use it as a
base to stage attacks on other companies. Likewise, if your company
stores information that others consider sensitive (e.g., your
customers' credit card numbers), you may be liable to them if
that information is leaked.
These are only some of the many reasons why web security is so
important. You may be able to come up with other reasons yourself. So
now that you recognize the importance of creating secure CGI scripts,
you may be wondering what makes a CGI script secure. It can be summed
up in one simple maxim: never trust any data coming from
the user. This sounds quite simple, but in practice
it's not. In the remainder of this chapter, we'll explore
how to do this.
Copyright © 2001 O'Reilly & Associates. All rights reserved.