Security on the World Wide Web
Papers about Web (in)Security
Known Holes (and fixes?) in Web Software
- HTML Hole
- a security hole in some versions of httpd.
Writing Secure Web Applications
Safecgiperl Beta Announcement
This distribution is intended to be installed on a World Wide Web
server and allows CGI programs written in Perl5 to be run in a
sanitised environment. It makes use of the Safe extension module for
Perl5--any attempted unsafe operation in the CGI program is trapped
and causes a fatal compile-time error. Wrappers and utility functions
for useful but potentially unsafe operations (such as opening files
and sending mail) can be written in (unrestricted) perl and then
shared with the sanitised compartment.
Pre-requisites are perl5.001m and the Safe extension module.
Earlier patchlevels of perl5.001 than perl5.001m are possible but
not recommended. The Safe extension module is available from its
home site as
ftp://ftp.ox.ac.uk/pub/perl/Safe-b2.tar.gz or from
perl mirror sites.
The safecgiperl distribution contains two programs (a small C program to
be run setuid root by the web server and a perl program cgiperl which
creates a sanitised Safe compartment in which to run the CGI program)
and a bit of documentation.
Availability:
ftp://ftp.ox.ac.uk/pub/perl/safecgiperl-b1.tar.gz
Secure Web Protocols
SSL - Secure Sockets Layer
Other Secure HTML Protocols
Return to the
top of this page.
Return to the
security pages.
Return to the
dc.sage home page.
Author:
Rob Jenson
Last Revised: $Date: 1997/04/26 17:33:45 $ $Revision: 1.2 $
![[HELLER INFORMATION SYSTEMS]](/icons/hislogo.gif)
dc.sage
gratefully acknowledges the sponsorship of
Heller Information Services
for this and other Internet services.
This document is © copyright 1996, 1997 Robert B. Jenson.
All Rights to use of and reproduction of the content is
granted freely to all members of
dc.sage.
All other rights reserved.
These pages maintained by:
The dc.sage Web Folks.