comment on

If the cgi environment is set up correctly, advertising the location of the script has no effect on security.

True, and this is the well-known There's no security through obscurity. However revealing such information is still a bad idea. Although it may not have a direct effect on this CGI script, it does reveal private information about the server which may be used to exploit another vulnerability, in another program or script. Think of a potential attacker quietly collecting all sorts of tidbits about how the server is layed out. Each piece of information is not a security issue in itself, but in the end it all adds up and can provide the attacker with enough information to compromise the system. That is why disclosing file system paths is never a good idea, and such bugs are a frequent topic on Bugtraq.

In reply to Re: Re: Script Visability and Security by echo
in thread Script Visability and Security by jerrygarciuh

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.