Building a secure Web site (2)

web| Security | Site 4, Public Gateway Interface Introduction (CGI)

While discussing the Internet and Web technology to provide a smart service to people, we cannot fail to mention CGI (Common Gateway Interface). It is the standard interface software for exchanging data between a Web server and an external application. With the Cgi,web Web site will not only be static pages of the collection point, but you can run a certain program on the Web server, output a dynamic page. CGI is a language-independent interface, and CGI programs can be written using any programming language that can access environment variables and produce output, C, C + +, PERL, Shell, and so on.

CGI's relationship to the Web server: First, the user's Web server must support the CGI program, and the CGI application must run on the Web server. The client (web browser) often post, get two ways to submit form data (graph, table, text link, etc.) to the Web server, and the Web server transmits data to the CGI application using the corresponding data transfer method. CGI to the data processing, the dynamically generated Web page to the Web server, the server will send the page sent to the client requesting data. The client submits the data by post, and the Web server enters and accepts data to the CGI in a standard manner, and the CGI reads and outputs the data in a standard way; The client submits the data in a get way, and the Web server in the Unix class system transmits the data to the CGI application through the environment variable mode, The CGI application must read the data from the environment variables and the output will be sent to the standard output as well.
　　
Second, the establishment of web security system

The environment on which the Web is built includes computer hardware, operating systems, computer networks, and many network services and applications, all of which have security implications that ultimately threaten web security. The WEB's security architecture is very complex, mainly including the following:
　　
* Security of client software (both Web browser software);
* Security of the computer device running the browser and its operating system (host system security);
* Client's local area network (LAN);
* INTERNET;
* Server-side local area network (LAN);
* Running the server's computer equipment and operating system security (host system security);
* Web server Software on the server.

When analyzing the security of a Web server, it is important to consider all of these aspects, because they are interconnected, and each aspect affects the security of the Web server, with the least security of which determines the security level of a given server. Due to space limitations, it is not possible to discuss all the factors that affect web security in detail. In view of the most direct factors that affect web security, the following discusses the security settings and management of Web server software and the operating system that supports the operation of the server.

1, the security requirements of the host system

The attacker of the network usually obtains the host's access rights through the host's access, once the attacker breaks through this mechanism, can complete any operation. On a computer, usually through the password authentication mechanism to achieve the landing on the computer system. Now most PCs do not provide authentication systems, nor do they have the concept of identity, and are extremely susceptible to access to the system. Therefore, a PC without authentication mechanism is the most insecure platform for Web servers. Therefore, to ensure that the host system authentication mechanism, strict settings and management access password, is the host system against the threat of strong protection.

2, the security requirements of the Web server

With the development of "open systems" and the knowledge of the Internet, it is very easy to get the use of simple, powerful system security attack tools. Many highly skilled people who visit your Web site have enough experience and tools to visit what they are interested in. There is also a frequent flow of talent today, "system-related personnel" may be for a variety of reasons to leave the original position, the system may also be the secret of the spread.

Different Web sites have different security requirements. To build a Web site is to better provide information and services, to a certain extent, the Web site is the spokesperson of its owners, in order to meet the security requirements of the Web server, maintain the image and reputation, must be a variety of users access to Web resources of the right to strict management; maintain Web service availability, Take proactive prevention and detection measures to prevent others from destroying, causing equipment, operating system outage or service paralysis; Make sure that the Web server is not used as a springboard for further intrusion into the internal network and other networks, preventing the internal network from breaking, while avoiding unnecessary hassles and even legal disputes.