CGI hackability. and the lack of use of JAVA ?

from what ive read, one the the places an attacker gains access to a machine is by hacking a CGI script...Buffer overflows in binary CGI's or Code Injection attacks on Script CGI'safter reading about how buffer overflow attacks work, ive re-examined some of my C++ programs and fould un-checked buffers... meaning they COULD be vunerable.also, protecting CGI scripts from things like SQL injection is a nightmare... it seems you have to thourily validate all input for possibly malicouse code.this got me thinking... why dont more poeple use binary Java as CGI programs.Java programs are protected extremely well from buffer overflow exploits, and any kind of Code Injection would be extremely difficult.and get i never ever see a Java CGI program... is there any particular reason for this ?i understand the advantages of PERL scripts... but surely the added security of java outweighs PERL's convinience, and there are PERL extensions in java right ?

As sad as it might be, reason for this is possibly just that people don't pay attention to these kind of things. I would say that most of people who program web applications consider their work is done once the script works right. I am not very familiar to perl and especally its security, so can't really comment. From what I've heard it surely does have its share of vulnerabilities. And your point is probably right; Java would be lot more secure.One thing might be that (I'm just assuming here) that Java people might be more likely to go for JSP than binary CGI.

Possibly.ive not seem much support for it on Hosts though,,, or maybe its just not advertised as much as CGI.computer security... what a nightmare !

why still using perl?now, i've made a desicion that the best cgi for me is PHP, it companion database is MySQL, hosted in preferbably Apache server.there might still be some security flaws in php, but there are many people around the world trying to fix that. i believe now, php is mature enough, especially PHP5.