Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re: Re: Script Visability and Security

by echo (Pilgrim)
on Sep 18, 2001 at 11:24 UTC ( #113059=note: print w/replies, xml ) Need Help??

in reply to Re: Script Visability and Security
in thread Script Visability and Security

If the cgi environment is set up correctly, advertising the location of the script has no effect on security.

True, and this is the well-known There's no security through obscurity. However revealing such information is still a bad idea. Although it may not have a direct effect on this CGI script, it does reveal private information about the server which may be used to exploit another vulnerability, in another program or script. Think of a potential attacker quietly collecting all sorts of tidbits about how the server is layed out. Each piece of information is not a security issue in itself, but in the end it all adds up and can provide the attacker with enough information to compromise the system. That is why disclosing file system paths is never a good idea, and such bugs are a frequent topic on Bugtraq.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://113059]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others imbibing at the Monastery: (5)
As of 2019-04-21 18:54 GMT
Find Nodes?
    Voting Booth?
    I am most likely to install a new module from CPAN if:

    Results (111 votes). Check out past polls.