A while ago, I received an email from someone asking if they could post a link to my CGI course at a military site. I said that was okay and today I happened to stumble across the link at Naval Surface Warfare Center - Dahlgren Lab. The link is under "Writing Secure CGI Applications" (my real name is Curtis Poe) and it's listed as a "good starting point". That's fair. I think it is a good starting point and nothing more, but I did notice a disturbing quote on the page regarding writing those applications:

Terribly little is included in DoD guidance on how to do this other than that you should do it.

Well, that's interesting. On one hand, it's good to know that someone over there is taking this issue seriously, but it does suggest to me that the DoD may not being doing all it can to adequately deal with this issue. I can't help but wonder if they are spending so much time hardening their servers and beefing up their firewalls that they might let crackers slip in the back door?

Does anyone have any real world experience with this? My impression has been that more people get cracked due to a poor configuration than through CGI scripts. However, if the server configuration is rock-solid, then a determined cracker is going to check out those scripts. Thus, the above quote is quite worrisome.

It's also nice to note that Perlmonks is listed as a resource :)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

In reply to US National Security by Ovid

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.