| Line: 42 to 42 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Yet another! Obviously there aren't enough already in existence, and thanks to sourceforge and freshmeat every nitwit who can write 200 lines of perl can now have their own project. This one features either command-line or CGI operation. | ||||||||
| Added: | ||||||||
| > > | A note about security: these packages tend to fall into two categories: those that generate a bunch of static pages and those that generate pages on the fly. Clearly the latter has more functional potential, as it can provide picture upload, dynamic comments, etc. What shouldn't be overlooked, however, are the security implications of the dynamic approach. If you generate a bunch of static pages and put them in a viewable path then you haven't added any additional security risk to your server beyond your web server software. Every CGI, however, is a new program which gets run each time someone looks at a page. I don't know about you, but I feel fairly confident that most of the obvious (and non-obvious) security holes in Apache have been found and fixed. OTOH, I really can't say the same thing about "Ed's picture album CGI program." In summary, why expose yourself to more risk than you need to? Use the static approach. | |||||||
|
-- TobyCabot - 14 Jun 2001 | ||||||||