tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rhino" <>
Subject Security of Servlets
Date Thu, 30 Sep 2004 18:55:45 GMT
We are giving some thought to putting a CGI-based Wiki, specifically OddMuse, on a website
that runs on a Linux server. In 'Using Linux (Fourth Edition)', the authors warn that "The
biggest cause for concern about protecting your site from external threats is CGI scripts."
They go on to suggest various precautions that will reduce the risk.

This has me wondering if servlets are equally insecure or have a much stronger security model.
I also have Jason Hunter's 'Java Servlet Programming (Second Edition)' which has a 30 page
chapter on Security that details how various forms of authentication take place in servlets.
However, I can't find any categorical statement that says servlets are actually any more secure
than CGI. 

I was wondering if someone with extensive experience with the security aspects of both servlets
and CGI can give me any sense of which is more secure and why? I need this information so
that we can choose the right approach for our wiki.

Also, if servlets are more secure than CGI, is anyone aware of a wiki that runs as a servlet,
preferably open source?

rhino1 AT sympatico DOT ca
"There are two ways of constructing a software design. One way is to make it so simple that
there are obviously no deficiencies. And the other way is to make it so complicated that there
are no obvious deficiencies." - C.A.R. Hoare
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message