WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WebBatch
plus
plus
plus
plus
plus

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

WebBatch Security


Question:

I've used WebBatch to write an application whose form I want to make available outside our firewall, which means either punching a hole through our firewall or installing WebBatch on a server outside the firewall. Our IT department, which is unfamiliar with WebBatch, has security concerns about placing any executable outside our firewall. Is their concern justified? Would we make ourselves more vulnerable to hackers?

Answer:

That is a hard question to answer. In short, you can tell them that WebBatch is a CGI program, just like Perl. It (WebBatch) does check to make sure that the script it's running is located in the WebBatch directory or a subdirectory thereof, but if your system setup allows someone to place a CGI script in that directory, they would be able to run it.
  1. Its the IT departments job to be concerned. I would also be concerned if I did not understand the situation.

  2. Doing anything has security implications.

  3. I would guestimate WebBatch is more secure than Perl or other CGI languages.

  4. If outside users can connect to a webserver inside the firewall *now*, then I do not think any further firewall holes need be punched to put WebBatch on the insider server.

  5. If webbatch is placed on an outside server...well then it is outside the firewall. The machine would need normal securing as in not letting outsiders modify the webbatch cgi directory or any subdirectories there of

  6. and of course, like any cgi program it should not have code in it to allow anything harmful to be done. It is also recommended that outsiders not be allowed to actually get their hands on the source code of the program for inspection. And that the machine should be secured assuming that all the cgi source code is published on all the hacker sites. These are general cgi program guidelines, not specific to WebBatch.

  7. WebBatch, by restricting the .web files that it will execute to the webbatch cgi directory and subdirectories limits the number of directories that you have to watch for rogue .web files to infiltrate.

Article ID:   W16298
File Created: 2010:02:17:11:58:08
Last Updated: 2005:02:18:12:19:40