FirstSearch script security

[Chris Howard]

> The answer is simple: Yes and No.  If you are not careful in writing your 
> CGI scripting, you can leave yourself open to attacks, particularly if 
> you a) are using a UNIX platform for your server, and b) if you use 
> sendmail or other SUID types of programs that take user input.

UNIX isn't the only platform with problems.
The biggest hole I have seen is on Windows NT platforms when 
the perl.exe program is placed in the CGI program directory.   Much 
badness.

On a related note:  what newsgroups, mailing lists, web sites do you 
all use to keep up on web security issues?



--
Chris Howard    choward at iastate.edu    (515) 294-6521
Iowa State University Library -- Automated Systems Division