CGI Requests

Problem with CGI scripts

The problem with CGI scripts is that each one presents an opportunity for exploitable bugs. CGI scripts should be written with care and attention since they are Internet servers or miniature servers. Unfortunately, for many Web authors, CGI scripts are their first encounter with network programming. CGI scripts can present security holes in two ways:

They may intentionally or unintentionally leak information about the host system that will help hackers break in.
Scripts that process remote user input, such as the contents of a form or a "searchable index" command, may be vulnerable to attacks in which the remote user tricks them into executing commands.

CGI scripts are potential security holes even though you run your server as "nobody". A subverted CGI script running as noone still has enough privileges to mail out the system password file, examine the network information maps, or launch a log-in session on a high numbered port (it just needs to execute a few commands in Perl to accomplish this).
Even if your server runs in a chroot directory, a incorrectly written CGI script can leak sufficient system information to compromise the host.

Java Servlets

1) Here is how the Web Server handles CGI requests

2)Browser sends a request to the server — 2) Browser sends a request to the server

5) Another user is at this site at the same time

6) This user makes a request to run the same CGI scripts

8) A new copy of the Perl interpreter is started.

9) The first CGI proces returns HTML to the user

10) CGI Program and Perl interpreter are closed

11) The second CGI process returns HTML to the user

12) The CGI program and Perl interpreter are closed.