|
|
8. The webThe WWW is most vulnerable because of CGI scripts that
allow an attacker to execute arbitrary commands on a WWW server under the
effective user-id of the server process. For
a complete discussion of this and how to prevent it see the following CERT
publication: ftp://ftp.cert.org/pub/tech_tips/cgi_metacharacters Also, a very complete explanation of the security problems
related to the WWW (and there are a lot of them) can be found here: http://www.w3.org/Security/Faq We recommend that if you don’t need to run a Web server of your own, then don’t. IT can provide AFS space to departments that want Web pages to appear under www.asu.edu. You can save your compute power by running your Web pages on IT servers, but you’ll still have access to maintain your pages since they reside in AFS spcae. If you still need to run a Web server of your own at ASU, then you should carefully read and understand these documents. Please contact ASU’s Webmaster if you have any questions regarding Web space at ASU or about how to set up your pages in AFS. |
|