[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: opinion on shell cgi scripts



On 2004 Oct 27, at 3:00 PM, Dimitri Georganas wrote:

> What's the general opinion on using shell scripts as cgi scripts from
> a security viewpoint? What are the risks invoved? Is it a no-go, or
> is safety ok when certain criteria are met?

First, this has nothing to do with OpenBSD.

Security has much less to do with the language than with the code. You 
can write secure and insecure code in any language, be it assembly, C, 
Perl, Java, or (,[a-z])sh. Some languages are vulnerable to certain 
classes of bad programming that others protect against, but all have 
potential points of failure.

I'm not aware of any shell that is particularly well suited to the 
kinds of programming typically done in CGI work. However, if you're 
especially comfortable writing code for your particular shell and see 
no need (such as maintainability by others in the future) to use a 
language more traditionally used for CGI, then there's no particular 
reason not to go that route.

Cheers,

b&

[demime 0.98d removed an attachment of type application/pgp-signature which had a name of PGP.sig]