At 09:56 -0500 1/26/12, Mark Montague wrote, and I snipped a bunch: >On January 26, 2012 2:50 , Tarzan Jane ><mailto:lapierr...@hotmail.com><lapierr...@hotmail.com> wrote: > >>Concerning the security I believe when using binary scripts, security is >>increased some levels. Since the cgi binaries are no longer acsii files, >>injecting or altering code is hardly possible. The only way to breach >>security is to replace the binary itself. And for that you need to know which >>type of processor is being used to produce the correct executable. I can tell >>it's not Intel or AMD...... >>If I overlook something concering security please let me know. >> > >If you use binary executable instead of interpreted scripts, it's true that >you eliminate some security concerns. For example, the attacker cannot >provide high level code for the binary to interpret at runtime unless the >binary contains its own interpreter for some reason (or invokes an external >interpreter, which you may not be aware of in all cases). However, there are >still many security concerns which still exist. And there are types of >attacks that binary executables are *more* vulnerable to than scripts -- for >example, buffer overflow and/or stack smashing attacks.
What about cgiwrap ? Is it still supported? Can it do the job? I know it's not a perfect solution but at least it's an attempt. -- --> Halloween == Oct 31 == Dec 25 == Christmas <-- --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
