|
|
Register • FAQ
• Search • Login |
|
|
Page 1 of 1
|
[ 1 post ] |
|
Web Servers Pay Particular Attention to Security
Author |
Message |
robinhood12
Joined: Thu Aug 26, 2010 9:46 pm Posts: 17 Location: Uik
|
Web Servers Pay Particular Attention to Security
Web Servers Pay Particular Attention to Security
Web Servers If you are hosting your Web site on your own server, you need to pay particular attention to security. You should probably install intrusion detection software such as Tripwire. Here are some other basic steps you can take to help create a more secure Web site: * Running the Server Servers running on Unix and Linux should be run as an account with little or no access. If you need a Web user, then make sure that that user account has no permissions on the server. NEVER RUN YOUR SERVER AS ROOT. It is better to run the server as "nobody", and only run as a Web user if you absolutely have to. * CGI-BIN Directory Make sure that your interpreters (programs that run your CGIs) are not stored in your cgi-bin directory. Perl, sh, Tcl, and so on, should be in directories that are not accessible from the Web. CGI programs that use an interpreter should call that interpreter with the first line of the CGI. * Insecure CGIs The most common problem with CGIs is that they allow readers to input anything to the Web server. For example, if you have a Web form that doesn't check the data before passing it to the server, a hacker using your site could type in code to view your /etc/passwd file. There is a CERT tech tip that explains how to do this.
The best place to go to learn about security on the Internet is the CERT Coordination Center. There you can find out about new vulnerabilities and solutions immediately.
Thanks
|
Thu Aug 26, 2010 9:51 pm |
|
|
|
|
Page 1 of 1
|
[ 1 post ] |
|
Who is online |
Users browsing this forum: No registered users and 7 guests |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|