Go4Expert (http://www.go4expert.com/)
-   Web Development (http://www.go4expert.com/articles/web-development/)
-   -   Installing CGI-Scripts (http://www.go4expert.com/articles/installing-cgi-scripts-t71/)

Lizapotter 25Feb2009 11:59

Re: Webmasters--Installing CGI-Scripts
Tips while using CGI:

1. Beware the eval statement

Languages like PERL and the Bourne shell provide an eval command which allow you to construct a string and have the interpreter execute that string. This can be very dangerous. Observe the following statement in the Bourne shell:

eval `echo $QUERY_STRING | awk 'BEGIN{RS="&"} {printf "QS_%s\n",$1}' `

This clever little snippet takes the query string, and convents it into a set of variable set commands. Unfortunately, this script can be attacked by sending it a query string which starts with a ;.

2. Do not trust the client to do anything

A well-behaved client will escape any characters which have special meaning to the Bourne shell in a query string and thus avoid problems with your script misinterpreting the characters. A mischevious client may use special characters to confuse your script and gain unauthorized access.

3. Be careful with popen and system.

If you use any data from the client to construct a command line for a call to popen() or system(), be sure to place backslashes before any characters that have special meaning to the Bourne shell before calling the function. This can be achieved easily with a short C function.

4. Turn off server-side includes

If your server is unfortunate enough to support server-side includes, turn them off for your script directories. The server-side includes can be abused by clients which prey on scripts which directly output things they have been sent.

Apostile 1Jun2009 13:25

Re: Webmasters--Installing CGI-Scripts
netCHARTING enables your web site to display massive amounts of dynamically generated data quickly and easily through a visual interface. Built with 100% managed code using C# and provided with extensive samples in both VB.NET and C#, this high performance charting control also contains a feature rich data access and aggregation system with calculation support. We continue to add value and functionality (such as the gauge and dial chart added in 2.5, the geographic map chart and vector chart in 4.0, AJAX scroll / zoom in 5.0, organizational charts in 5.1 and digital dashboards charts in 5.2) to .netCHARTING with no separate add-on purchases required. See what's new or download a fully functional, free, developer version and start charting today!

wilomr11st 8Aug2012 06:17

Re: Webmasters--Installing CGI-Scripts
Sorry Alok but cgi is not at all obsolete and lots of technology still uses cgi. Perl is the most exciting language for cgi and still in development phase its use is increasing day by day.

All times are GMT +5.5. The time now is 12:47.