CGI hackability. and the lack of use of JAVA ?
free web hosting
Free Web Hosting > Computers & Tech > Designing > Web Design and HTML

CGI hackability. and the lack of use of JAVA ?

qwijibow
Oct 17 2004, 03:07 PM
from what ive read, one the the places an attacker gains access to a machine is by hacking a CGI script...
Buffer overflows in binary CGI's or Code Injection attacks on Script CGI's

after reading about how buffer overflow attacks work, ive re-examined some of my C++ programs and fould un-checked buffers... meaning they COULD be vunerable.

also, protecting CGI scripts from things like SQL injection is a nightmare... it seems you have to thourily validate all input for possibly malicouse code.

this got me thinking... why dont more poeple use binary Java as CGI programs.
Java programs are protected extremely well from buffer overflow exploits, and any kind of Code Injection would be extremely difficult.

and get i never ever see a Java CGI program... is there any particular reason for this ?

i understand the advantages of PERL scripts... but surely the added security of java outweighs PERL's convinience, and there are PERL extensions in java right ?


Reply

Hercco
Oct 21 2004, 10:43 PM
As sad as it might be, reason for this is possibly just that people don't pay attention to these kind of things.

I would say that most of people who program web applications consider their work is done once the script works right.

I am not very familiar to perl and especally its security, so can't really comment. From what I've heard it surely does have its share of vulnerabilities. And your point is probably right; Java would be lot more secure.

One thing might be that (I'm just assuming here) that Java people might be more likely to go for JSP than binary CGI.

Reply

qwijibow
Oct 22 2004, 02:18 PM
Possibly.
ive not seem much support for it on Hosts though,,, or maybe its just not advertised as much as CGI.

computer security... what a nightmare !

Reply

wanhafizi
Dec 20 2004, 04:00 PM
why still using perl?

now, i've made a desicion that the best cgi for me is PHP, it companion database is MySQL, hosted in preferbably Apache server.

there might still be some security flaws in php, but there are many people around the world trying to fix that. i believe now, php is mature enough, especially PHP5.

Reply

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

Similar Topics

Keywords : Cgi Hackability Lack Java

  1. Help With Java Applet - With XHTML 1.1/XHTML 1.0 Strict! (8)
  2. Simple Java Script Code For Print Pages - (0)
    A simple java script code for printing your website pages just copy and paste below code on your
    pages you can use image or text instead of button. Print screen button function
    varitext(text){ text=document print(text) } // End --> onclick="varitext()">
    be successful ! Soleimanian...
  3. java scripts - (2)
    If u need any kind of help in C++ java HTML perl just reply This .. I'll try my best to solve
    U......



Looking for cgi, hackability, lack, java






*SIMILAR VIDEOS*
Searching Video's for cgi, hackability, lack, java
Watch the latest videos on YouTube.com
advertisement




CGI hackability. and the lack of use of JAVA ?