[2090] in bugtraq
Guidelines for cgi-bin scripts
daemon@ATHENA.MIT.EDU (Lee Silverman)
Tue Aug 8 11:43:45 1995
Date: Tue, 8 Aug 1995 08:39:09 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Lee Silverman <lee@NETSPACE.ORG>
X-To: adamlowe@NETSPACE.ORG
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Given all the posts here lately about holes in cgi-bin scripts, has anyone
come up with a good set of guidelines to tell programs what is and is not
acceptable for putting in cgi-bin programs?
For example, if someone gave you a cgi-bin script and asked you to tell
them if it was going to cause any security holes, what would you look for?
Paul, what methods have you been using to track all these bugs in freeware
cgi-bin packages? (If you don't mind telling us...)
Lee Silverman lee@netspace.org http://www.netspace.org/users/lee/
Live each day as if your life had just begun. -- Goethe
