WebHostingSSH

Guidelines on Securing Public Web Servers

server, not the browser's security context for communicating with the attacker.  Thus,

the program will execute in an inappropriate security context with inappropriate

privileges.

Character set encoding should be explicitly set in each page.  Then the user data

should be scanned for byte sequences that mean special characters for the given

encoding scheme.

Each character in a specified character set can be encoded using its numeric value.

Encoding the output can be used as an alternate for filtering the data.  Encoding

becomes especially important when special characters, such as copyright symbol, can

be part of the dynamic data.  However, encoding data can be resource intensive and a

balance must be picked between encoding and other alternates methods for filtering

the data.

Cookies should be examined for any special characters.  Any special characters

should be filtered out.

Employ an encryption mechanism to encrypt passwords entered through script forms

(see Section 7.5).

For Web applications that are restricted by username and password, none of the Web

pages in the application should be accessible without going through the appropriate

login process.

Many Web servers and some other Web server software install sample scripts or

executables during the installation process.  Many of these have known vulnerabilities

and should be removed immediately.  See appropriate vendor documentation or Web

site for more information.

When considering a server side content generator, it is important to review public vulnerability

and security databases (such as the ICAT Metabase,

http://icat.nist.gov

) to determine the

relative risk of various technologies under consideration.  Although the historical record will

not be a perfect indicator of future risk, it does indicate which technologies appear to be more

vulnerable.

Various organizations research network and system security topics and periodically publish

information concerning recently discovered vulnerabilities in service software.  This includes

Web server software and supporting technologies, such as scripting languages and external

programs.  External programs that are in wide scale use are regularly analyzed by researchers,

users, and security incident response teams and by members of the intruder community.

Intruders will often publish exploit scripts that take advantage of known vulnerabilities in Web

service software and external programs commonly used by public Web servers.  Web

administrators should review public information sources frequently and be aware of all

security relevant information about any external programs that they are considering.





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Web Hosting SSH

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Web Hosting SSH
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved