I've used WebBatch to write an application whose form I want to make available outside our firewall, which means either
punching a hole through our firewall or installing WebBatch on a server outside the firewall. Our IT department, which is
unfamiliar with WebBatch, has security concerns about placing any executable outside our firewall. Is their concern justified?
Would we make ourselves more vulnerable to hackers?
That is a hard question to answer. In short, you can tell them that WebBatch is a CGI program, just like Perl. It (WebBatch) does check
to make sure that the script it's running is located in the WebBatch directory or a subdirectory thereof, but if your system
setup allows someone to place a CGI script in that directory, they would be able to run it.
- Its the IT departments job to be concerned. I would also be concerned if I did not understand the situation.
- Doing anything has security implications.
- I would guestimate WebBatch is more secure than Perl or other CGI languages.
- If outside users can connect to a webserver inside the firewall *now*, then I do not think any further firewall
holes need be punched to put WebBatch on the insider server.
- If webbatch is placed on an outside server...well then it is outside the firewall. The machine would need normal
securing as in not letting outsiders modify the webbatch cgi directory or any subdirectories there of
- and of course, like any cgi program it should not have code in it to allow anything harmful to be done. It is also recommended
that outsiders not be allowed to actually get their hands on the source code of the program for inspection. And that the machine
should be secured assuming that all the cgi source code is published on all the hacker sites. These are general cgi program
guidelines, not specific to WebBatch.
- WebBatch, by restricting the .web files that it will execute to the webbatch cgi directory and subdirectories limits the
number of directories that you have to watch for rogue .web files to infiltrate.
Article ID: W16298
File Created: 2010:02:17:11:58:08
Last Updated: 2005:02:18:12:19:40