Boxed and Wrapped
By Lincoln D. Stein
Web-hosting services and academic Web sites share a common problem: They play host to many Web authors with different levels of skill and scruples. The Webmasters don't trust the authors, and authors don't trust each other. An unscrupulous author might attempt to modify another author's files, or to gain access to parts of the system forbidden to him. An unknowing or unwitting author might inadvertently open up a security hole in the Web site.
As long as authors don't have CGI-scripting privileges, it's relatively easy to keep their system access under control. You can use file-system privileges to limit the files, directories, and other system resources to which the authors have access. If you are very concerned about security, you can restrict authors' login rights. For instance, you might refuse authors shell access, forcing them to use FTP, FrontPage extensions, or some other restricted mechanism for uploading and modifying Web pages.
CGI scripts are hosting services' Achilles heel. A single poorly written CGI script can punch a hole in a site's security that you could drive a fourteen-wheeler through. The safest course would be to forbid CGI scripting entirely, but that's rarely feasible. Hosting services that try to, learn the hard way about market economics. If the customers want to write custom CGI scripts, they'll just move to another hosting service that offers this option.
An alternative to forbidding CGI scripting entirely is to provide authors with a carefully vetted list of approved scripts: a guestbook, a page-hit counter, a feedback form, a search engine, and an online ordering system.
