[ Pobierz całość w formacie PDF ]
.All a hacker needs is for you to execute one line of code thathe wrote, and you've handed him the keys to the kingdom.You shouldreview-and be sure that you understand-every line of code thatwill execute on your sever as a CGI script.In fact, the entire point of this book-learning how to programCGI scripts-is a good idea, if only to sight check the programsand libraries you can download off the Web.Remember, always look a gift horse in the mouth!The Extremes of Paranoia and the Limits of Your TimeAlthough sight-checking all the code you pull off the Web is often a good idea, it can take huge amounts of time, especially if the code is complex or difficult to follow.At some point, you may be tempted to throw caution to the wind and hope for thebest, installing the program and firing up your browser.The reason you downloaded a CGI program in the first place was to save time.Right?If you do decide to give your paranoia a rest and just run a program that you didn't write, reduce your risk by getting the CGI script from a well-known and highly regarded site.The NCSA httpd, for instance, is far too big for the average user to go over line by line, but downloading it from its home site at http://www.ncsa.uiuc.edu is as close to a guarantee of its integrity as you're likelyto get.In fact, anything downloaded from NCSA will be prescreened for you.In truth, dozens of well-known sites on the Web will have done most of the paranoia-induced code checking for you.Downloading code from any of them is just another layer of protection that you can use for your own benefit.Such sites include thefollowing:ftp://ftp.ncsa.uiuc.edu/Web/httpd/Unix/ncsa_httpd/cgi (NCSA Archive)http://www.novia.net/~geewhiz (Virtual Webwerx Division Zero - CGI Land)http://www.lpage.com/cgi (The World Famous Guestbook Server)http://sweetbay.will.uiuc.edu/cgi++ (cgi++)http://www.aee.com/wdw (The Web Developers Warehouse)Being Polite, Playing NiceFinally, if you do appropriate CGI code off the Web to use eitherin its entirety or as a smaller part of a larger program you'rewriting, you should be aware of a few things.Just because code is freely available doesn't mean that it's free,or free for you to do with as you want.Often, programs and librariesare protected by copyrights, and if the original author hasn'treleased the rights into the public domain, he may use them toimpose restrictions on how his program may be used.He may forbidyou to break up his script and use parts of it in yours, for example.In general, before you use someone else's code (even if you'vedecided that it's secure), it's a good idea to contract the authorand ask permission.At the very least, it's polite, and the vastmajority of the time he will be overjoyed that someone is gettingsome use of code he wrote.And, of course, it's always courteousto cite the original authors of the pieces of your program
[ Pobierz całość w formacie PDF ]