HP Webwise MPE/iX secure web server tutorial - September 2000

September 14, 2000
Page 103
hp e3000
webwise
secure web
server
security tips (cont.)
Most security problems BY FAR are the result of sloppy
CGI programming
Explicitly validate every byte of data sent by browser
A CGI hole can give the whole world the same
access as a :HELLO SECURE.APACHE session
Restrict CGI/SSI authorship to trusted users
Don’t allow CGI/SSI to be used outside of the
APACHE account