HTTP, CGI, and security

[robm () ncsa uiuc edu (Rob McCool)]

Hi there, I've been told that you've been advising people on security in
programs which handle forms in NCSA httpd. I just wanted to confirm that
you're talking about what I think you're talking about, and perhaps see any
warnings you may have sent out to people. I am the developer of NCSA httpd
and security issues in a system wherein programs are executed with data from
foreign clients are extremely important to us.

The document http://hoohoo.ncsa.uiuc.edu/cgi/security.html discusses how to
write safe shell scripts and gives examples of things which shouldn't be
done. I'd like you to take a look at our document and let us know if there's
anything we missed.

Thanks
--Rob