Jump to content
xisto Community
Sign in to follow this  
Followers 0
qwijibow

CGI hackability. and the lack of use of JAVA ?

By qwijibow, in Websites and Web Designing

Recommended Posts

qwijibow    0

qwijibow
Posted

from what ive read, one the the places an attacker gains access to a machine is by hacking a CGI script...Buffer overflows in binary CGI's or Code Injection attacks on Script CGI'safter reading about how buffer overflow attacks work, ive re-examined some of my C++ programs and fould un-checked buffers... meaning they COULD be vunerable.also, protecting CGI scripts from things like SQL injection is a nightmare... it seems you have to thourily validate all input for possibly malicouse code.this got me thinking... why dont more poeple use binary Java as CGI programs.Java programs are protected extremely well from buffer overflow exploits, and any kind of Code Injection would be extremely difficult.and get i never ever see a Java CGI program... is there any particular reason for this ?i understand the advantages of PERL scripts... but surely the added security of java outweighs PERL's convinience, and there are PERL extensions in java right ?

Share this post

Link to post
Share on other sites

Hercco    0

Hercco
Posted

As sad as it might be, reason for this is possibly just that people don't pay attention to these kind of things. I would say that most of people who program web applications consider their work is done once the script works right. I am not very familiar to perl and especally its security, so can't really comment. From what I've heard it surely does have its share of vulnerabilities. And your point is probably right; Java would be lot more secure.One thing might be that (I'm just assuming here) that Java people might be more likely to go for JSP than binary CGI.

Share this post

Link to post
Share on other sites

qwijibow    0

qwijibow
Posted

Possibly.ive not seem much support for it on Hosts though,,, or maybe its just not advertised as much as CGI.computer security... what a nightmare !

Share this post

Link to post
Share on other sites

whafizi    0

whafizi
Posted

why still using perl?now, i've made a desicion that the best cgi for me is PHP, it companion database is MySQL, hosted in preferbably Apache server.there might still be some security flaws in php, but there are many people around the world trying to fix that. i believe now, php is mature enough, especially PHP5.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept