Study: Web Security

Web Security

File Descriptor An integer that describes an open file within a process. The number is created at the time of the file being opened. Anything that reads, writes, or closes a file uses the file descriptor as an input paramater. In Unix, file descriptors 0, 1, and 2 refer to the standard input, standard output, and standard error files respectively.

Perl Practical Extraction and Report Language Created by Larry Wall in 1987

CGI Common Gateway Interface This is where servers process user input on the server side and return output

*Always set $PATH and $IFS in all CGI scripts. DON’T trust the preset values of these variables

*VALIDATE USER INPUT. Only allow the characters that are needed for a particular field. Rather than eliminating what shouldn’t be used, disallow everything and allow only certain things (a default closed configuration). Investigate the possible use of well known input validation functions if you don’t want to write your own.

PHP Created by Rasmus Lerdorf originally as a Perl CGI script called “Personal Home Page”, or simply “PHP”. The original purpose for the script was to log visitors to his resume page on his website. Like Perl, PHP must be used within HTML in order to work over the web.