Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

Review of www.inf.ed.ac.uk CGIs

For security reasons we are reviewing our use of user authored CGI scripts that are currently running on our web services.

Those CGIs that run as the author, such as those on homepages.inf.ed.ac.uk and sweb.inf.ed.ac.uk, are not under review at the moment, but other CGIs that run as the web server daemon are.

The main services this affects are CGIs on www.inf.ed.ac.uk and those on groups.inf.ed.ac.uk.

In the first instance we’ve looked at the accesses of all CGIs on www.inf.ed.ac.uk, and if a CGI has not been accessed in the last 6 months, we no longer serve it from the web server. There is also a default deny for any new CGIs added to www.inf, so those that have access to the CGI area of www.inf will need to ask computing staff to enable serving of any new CGI. At this point we’ll want to review its contents, and discuss how accessible it needs to be, e.g. do you expect only current students and staff to access it.

We’ll then start security reviewing the remaining active CGIs, and contacting authors/owners where appropriate.

This is only the beginning of a longer process, and we’ll start looking at CGIs on groups.inf.ed.ac.uk next.

If you have any old CGIs that are nolonger used, then removing them will help us with our review, and increase the security of the Informatics services.

Neil

Review of www.inf.ed.ac.uk CGIs / Computing Systems by is licensed under a

Posted by

Categories

News Service Update

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Review of www.inf.ed.ac.uk CGIs / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel