We are giving some thought to putting a CGI-based Wiki, specifically
OddMuse, on a website that runs on a Linux server. In 'Using Linux (Fourth
Edition)', the authors warn that "The biggest cause for concern about
protecting your site from external threats is CGI scripts." They go on to
suggest various precautions that will reduce the risk.

This has me wondering if servlets are equally insecure or have a much
stronger security model. I also have Jason Hunter's 'Java Servlet
Programming (Second Edition)' which has a 30 page chapter on Security that
details how various forms of authentication take place in servlets. However,
I can't find any categorical statement that says servlets are actually any
more secure than CGI.

I was wondering if someone with extensive experience with the security
aspects of both servlets and CGI can give me any sense of which is more
secure and why? I need this information so that we can choose the right
approach for our wiki.

---
Henry

_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented Microsoft®
SmartScreen Technology.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
 Start enjoying all the benefits of MSN® Premium right now and get the
first two months FREE*.

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to