Basic HTML version of Foils prepared August 4 1997

Foil 8 Structure of Internet and Security-I

From Remarks on Java and Internet Security Web Certificate CPS616 Enhancement -- Summer 1997 . by Geoffrey C. Fox


Information travels from server to client and back and one needs to discuss server,client and their connection.
  • Secure the server: here one needs to be worried about preserving confidentiality of data (different for different parts of information) and privileges/capabilities of CGI scripts
  • Scripting capability of Perl can be exploited in unwise CGI programs
  • User could input string "I am Geoffrey" or more deviously something like "I am";rm -r *;print "Pretty Evil" and the hidden program can delete files if the Perl CGI script unwisely applied eval(input string)!
  • A slightly more complex input can be dangerous with other Perl commands -- this can be circumvented by testing input for special characters



© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed Apr 1 1998