We are giving some thought to putting a CGI-based Wiki, specifically
OddMuse, on a website that runs on a Linux server. In 'Using Linux (Fourth
Edition)', the authors warn that "The biggest cause for concern about protecting
your site from external threats is CGI scripts." They go on to suggest various
precautions that will reduce the risk.
This has me wondering if servlets are equally insecure or have a much
stronger security model. I also have Jason Hunter's 'Java Servlet Programming
(Second Edition)' which has a 30 page chapter on Security that details how
various forms of authentication take place in servlets. However, I can't find
any categorical statement that says servlets are actually any more secure than
CGI.
I was wondering if someone with extensive experience with the security
aspects of both servlets and CGI can give me any sense of which is more secure
and why? I need this information so that we can choose the right approach
for our wiki.
Also, if servlets are more secure than CGI, is anyone aware of a wiki that
runs as a servlet, preferably open source?
Rhino
--- rhino1 AT sympatico DOT ca "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." - C.A.R. Hoare |
- Re: Security of Servlets Rhino
- Re: Security of Servlets QM
- Re: Security of Servlets Hassan Schroeder
- RE: Security of Servlets Shapira, Yoav
- RE: Security of Servlets Pawson, David
- RE: Security of Servlets Shapira, Yoav
- RE: Security of Servlets Pawson, David
- RE: Security of Servlets Shapira, Yoav