At 09:56 -0500 1/26/12, Mark Montague wrote, and I snipped a bunch: >On January 26, 2012 2:50 , Tarzan Jane <mailto:lapierre62@xxxxxxxxxxx><lapierre62@xxxxxxxxxxx> wrote: > >>Concerning the security I believe when using binary scripts, security is increased some levels. Since the cgi binaries are no longer acsii files, injecting or altering code is hardly possible. The only way to breach security is to replace the binary itself. And for that you need to know which type of processor is being used to produce the correct executable. I can tell it's not Intel or AMD...... >>If I overlook something concering security please let me know. >> > >If you use binary executable instead of interpreted scripts, it's true that you eliminate some security concerns. For example, the attacker cannot provide high level code for the binary to interpret at runtime unless the binary contains its own interpreter for some reason (or invokes an external interpreter, which you may not be aware of in all cases). However, there are still many security concerns which still exist. And there are types of attacks that binary executables are *more* vulnerable to than scripts -- for example, buffer overflow and/or stack smashing attacks. What about cgiwrap ? Is it still supported? Can it do the job? I know it's not a perfect solution but at least it's an attempt. -- --> Halloween == Oct 31 == Dec 25 == Christmas <-- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|