A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

SysAdmin: Safer CGI Scripting

SysAdmin: Safer CGI Scripting

By ServerWatch Staff (Send Email)
Posted Feb 9, 2001


"A CGI script can, intentionally or otherwise, do anything that the user it runs as can do. Typically, CGI scripts run as the same user as the Web server. On most UNIX systems, the Apache Web server is used and by default, Apache runs as user "nobody". By convention, "nobody" is a user for unprivileged operations. Some may think that something running as nobody could not do much to compromise a Web server, but there are many ways security can be compromised."

"... The Webmaster must ensure that all CGI scripts placed on any Web server have been through a process to find and fix security holes. ..." A CGI script can, intentionally or otherwise, do anything that the user it runs as can do. Typically, CGI scripts run as the same user as the Web server. On most UNIX systems, the Apache Web server is used and by default, Apache runs as user nobody. By convention, nobody is a user for unprivileged operations. Some may think that something running as nobody could not do much to compromise a Web server, but there are many ways security can be compromised.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date