Structure of Internet and Security-I

• Information travels from server to client and back and one needs to discuss server,client and their connection.

  • Secure the server: here one needs to be worried about preserving confidentiality of data (different for different parts of information) and privileges/capabilities of CGI scripts
  • Scripting capability of Perl can be exploited in unwise CGI programs
  • User could input string “I am Geoffrey” or more deviously something like “I am”;rm -r *;print ”Pretty Evil” and the hidden program can delete files if the Perl CGI script unwisely applied eval(input string)!
  • A slightly more complex input can be dangerous with other Perl commands -- this can be circumvented by testing input for special characters

Previous slide

Next slide

Back to first slide

View graphic version