Basic HTML version of Foils prepared May 19 99

Foil 8 Structure of Internet and Security-I

From Remarks on Internet and Java Security Basic Information Track Computational Science Course CPS616 -- Spring Semester 1999. by Geoffrey Fox, Mehmet Sen
Information travels from server to client and back and one needs to discuss server,client and their connection.
  • Secure the server: here one needs to be worried about preserving confidentiality of data (different for different parts of information) and privileges/capabilities of CGI scripts
  • Scripting capability of Perl can be exploited in unwise CGI programs
  • User could input string "I am Geoffrey" or more deviously something like "I am";rm -r *;print "Pretty Evil" and the hidden program can delete files if the Perl CGI script unwisely applied eval(input string)!
  • A slightly more complex input can be dangerous with other Perl commands -- this can be circumvented by testing input for special characters

© Northeast Parallel Architectures Center, Syracuse University, npac@npac.syr.edu

If you have any comments about this server, send e-mail to webmaster@npac.syr.edu.

Page produced by wwwfoil on Wed May 19 1999