Database Search

match allmatch any Look in all areasLook in current areas Check all datesPrevious dayPrevious 3 daysPrevious weekPrevious fortnightPrevious monthPrevious 2 monthsPrevious 3 monthsPrevious half-yearPrevious year

TechHome

	Error Messages
	Examples
	How to
	Installation and Licensing
	NT4 and IIS

• !!NEWSFLASH!!
• CGI Forms to Change NT User Passwords
• Event ID 1000 in Server log
• Executing Webbatch from Browser
• Form Variables Empty
• Is Webbatch an ISAPI product
• ISPs and WebBatch
• LED in WebBatch
• Mail.web Character Limit
• NCSA Log report maker script
• Netscape is attempting to download Webbatch
• ParseData Limitations
• Perflib Performance Data Problem
• Return the Filename Associate with Form Data
• Security and User Authentication
• Variable Name Not Passed by IE6 or IE7
• Webbatch and Printing to Local Printer
• Webbatch and REXX
• WebBatch and Server Platforms Supported
• WebBatch and Windows 2003 Server
• Webbatch on MS Personal Web Server
• WebBatch on Virtual Servers
• WebBatch Security
• WebBatch vs WinBatch
• WebBatch Web Host
• WebParamData Fails with DIV Tag
• WebParamSet and TimeOut Error
• What is WebBatch and How Does It Work

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

WebBatch Security

---

Question:

I've used WebBatch to write an application whose form I want to make available outside our firewall, which means either punching a hole through our firewall or installing WebBatch on a server outside the firewall. Our IT department, which is unfamiliar with WebBatch, has security concerns about placing any executable outside our firewall. Is their concern justified? Would we make ourselves more vulnerable to hackers?

Answer:

That is a hard question to answer. In short, you can tell them that WebBatch is a CGI program, just like Perl. It (WebBatch) does check to make sure that the script it's running is located in the WebBatch directory or a subdirectory thereof, but if your system setup allows someone to place a CGI script in that directory, they would be able to run it.

1. Its the IT departments job to be concerned. I would also be concerned if I did not understand the situation.

2. Doing anything has security implications.

3. I would guestimate WebBatch is more secure than Perl or other CGI languages.

4. If outside users can connect to a webserver inside the firewall *now*, then I do not think any further firewall holes need be punched to put WebBatch on the insider server.

5. If webbatch is placed on an outside server...well then it is outside the firewall. The machine would need normal securing as in not letting outsiders modify the webbatch cgi directory or any subdirectories there of

6. and of course, like any cgi program it should not have code in it to allow anything harmful to be done. It is also recommended that outsiders not be allowed to actually get their hands on the source code of the program for inspection. And that the machine should be secured assuming that all the cgi source code is published on all the hacker sites. These are general cgi program guidelines, not specific to WebBatch.

7. WebBatch, by restricting the .web files that it will execute to the webbatch cgi directory and subdirectories limits the number of directories that you have to watch for rogue .web files to infiltrate.

---

Article ID:   W16298

File Created: 2005:02:18:12:19:40

Last Updated: 2005:02:18:12:19:40