CGI Programming OpenFAQ

Can I safely allow my users to run their own CGI scripts?

Contributors:

CGI scripts are a very powerful facility, with some risks attached to them. In a Unix system, if CGI scripts run with the same user ID as the web server itself, poorly or maliciously written scripts can damage files or open security holes.

There are two important steps that should be taken to correct this:

1. NEVER run your web server as root; make sure it is configured to change to another user ID at startup time. (This is standard practice in all web server distributions, but administrators have been known to change it back to running as root anyway. Don't.)

2. Consider using a wrapper such as , user.c , or CGIwrap or the module for this purpose that comes with the Apache server to ensure that each CGI script runs with the permissions and user ID of the user responsible for it.

3. Consider routinely scheduled back-ups if data preservation is important to you.

4. Consider routinely scheduled monitoring or automatic monitoring of service and data if it is important that the data and service be available at all time.

5. Consider intrusion and destructive behavior detection systems, remote logging service for identification, and a good lawyer if web security is important to you or you have the resources to spend on enforcing security other than dealing with the potential headaches.

6. Consider hiring security experts or at least plan to test internally your web applications, test your web server, and test other network services for even better security.

7. Consider security issues in your requirements analysis, specification, design, implementation, and testing phases when developing web applications.

If proper precautions are taken, user CGI scripts can be reasonably safe. As always, dumb mistakes that open security holes for outsiders are more likely to be the cause of problems than actual malice on the part of your own users.

Next | Table of Contents