CGI and external JavaScript nightmare

Paul Boddie paul at boddie.org.uk
Thu Oct 18 19:16:32 CEST 2007


On 18 Okt, 17:24, Steve Holden <st... at holdenweb.com> wrote:
> allen.fowler wrote:

[Quoting IamIan...]

> >> One CGI question - since all of my CGIs are spitting out HTML is their
> >> source code safe? wget and linking to the source deliver the output
> >> HTML. Are there any other methods of trying to steal the source CGI I
> >> need to protect against?

[...]

> > Not sure I fully understand the question.
>
> > Can you post the CGI code here?
>
> That's funny.

Yes, there's no point in employing sophisticated technical mechanisms
for security when they are all undermined by some good old-fashioned
social engineering. ;-)

> The OP's problem is that he suffers from the delusion that people want
> to steal the source code for his CGI script.

The solution being that of ensuring that the Web server settings tell
the server to always run CGI scripts and never serve up the scripts
themselves as content. Additional security, such as file permissions,
access to the server, and so on, are beyond the scope of casual Usenet
advice with the level of detail provided by the inquirer.

Paul




More information about the Python-list mailing list