Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

Re: Re: Script Visability and Security

by echo (Pilgrim)
on Sep 18, 2001 at 11:24 UTC ( #113059=note: print w/replies, xml ) Need Help??

in reply to Re: Script Visability and Security
in thread Script Visability and Security

If the cgi environment is set up correctly, advertising the location of the script has no effect on security.

True, and this is the well-known There's no security through obscurity. However revealing such information is still a bad idea. Although it may not have a direct effect on this CGI script, it does reveal private information about the server which may be used to exploit another vulnerability, in another program or script. Think of a potential attacker quietly collecting all sorts of tidbits about how the server is layed out. Each piece of information is not a security issue in itself, but in the end it all adds up and can provide the attacker with enough information to compromise the system. That is why disclosing file system paths is never a good idea, and such bugs are a frequent topic on Bugtraq.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://113059]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (3)
As of 2022-01-20 12:15 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (56 votes). Check out past polls.