[Tutor] CGI pitfalls
shendric@arches.uga.edu
shendric@arches.uga.edu
Wed, 10 Apr 2002 10:36:31 -0500
Hi all,
I wrote a small cgi progam for a website that I'm maintaining and I was
wondering what security issues I should be considering. Right now, the
program simply provides a way to dynamically create pages for the site,
which will make it easier to maintain as the site grows.
There is a base webpage that includes links that call the cgi with an id
variable:
http://www.uga.edu/lsava-bin/archivetest.cgi?id=Smith
as an example.
The cgi then uses that id to look up appropriate links related to that
id and create a page of links.
What I'm concerned with would be the kinds of things a person (say a
*bad* person) might be able to do by putting something in the id
variable.
Any thoughts?
Sean