[fw-wiz] ASP

Steven M. Bellovin smb@research.att.com
Thu, 28 Jun 2001 14:49:16 -0400


In message <5.0.2.1.2.20010626121501.00aad070@popserv.ucop.edu>, hermit1 writes
:
>Is there a general feeling about the safety of Active Server Pages?  I know 
>a little about what needs to be done with the OS and on the programming 
>side to keep ASP from being wide open to attackers.  Is there a preferred 
>alternative?

*All* server-run scripts -- ASP, CGI, XYZZY -- are network services 
being offered to the public.  As such, they should be treated with 
extreme suspicion.  In particular, these are the reasons you don't want 
your Web servers on the inside of your firewall.

		--Steve Bellovin, http://www.research.att.com/~smb