[1760] in WWW Security List Archive
Re: Connection between WWW and database
daemon@ATHENA.MIT.EDU (Brian W. Spolarich)
Sat Mar 30 14:30:50 1996
Date: Sat, 30 Mar 1996 11:31:26 -0500 (EST)
From: "Brian W. Spolarich" <briansp@ans.net>
To: Jarno Juntunen <jjuntune@argos.ncp.fi>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <9603291111.AA11816@argos>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 29 Mar 1996, Jarno Juntunen wrote:
> I would like to know securiest way to link WWW (forms) to
> database (SQL). Can I write CGI script with Perl or Java
> or do I need third party program ?
> Is there any example scripts about Perl and Java ?
The first place to start with WWW gateway security is probably going to be
at:
http://www.yahoo.com/text/Computers_and_Internet/Internet/World_Wide_Web/Security/CGI/
I've found the documents here to be very useful in cleaning up
less-than-solid implementation choices I've made in the past. Avoiding
calls that invoke shell interpreters is a good place to start, and
treating all user input with a great deal of suspicion are probably the
ultimate groundrules.
The CPAN archives (Comprehensive Perl Arhive Network) have gateways to
a number of SQL databases...I can't speak for them in terms of overall
security, but the authors tend to be pretty responsive. The closest CPAN
archive for you will probably be ftp://ftp.funet.fi/pub/languages/perl/CPAN/
I'm sure other, wiser folks can comment on Java tools and products.
-brian
--
Brian W. Spolarich - ANS CO+RE Systems - briansp@ans.net - (313)677-7311
We're Starfleet officers...weird is part of the job.
