HP Webwise MPE/iX secure web server tutorial - April 2002
April 4, 2002
Solution Symposium
Page 88
hp e3000
webwise
secure web
server
security tips (cont.)
• Most security problems BY FAR are the result of sloppy
CGI programming
• Explicitly validate every byte of data sent by browser
• A CGI hole can give the whole world the same
access as a :HELLO WWW.APACHE session
• Restrict CGI/SSI authorship to trusted users
• Don’t allow CGI/SSI to be used outside of the
APACHE account