Whats to worry about?
Unfortunately, there’s a lot to worry about. There are security risks that affect Web servers, the local area networks that host Web sites, and even innocent users of Web browsers. The risks are most severe from the Webmaster’s perspective. The moment you install a Web server at your site, you’ve opened a window into your local network that the entire Internet can peer through. Most visitors are content to window shop, but a few will try to to peek at things you don’t intend for public consumption. Others, not content with looking without touching, will attempt to force the window open and crawl in. The results can range from the merely embarassing, for instance the discovery one morning that your site’s home page has been replaced by an obscene parody, to the damaging, for example the theft of your entire database of customer information. It’s a maxim in system security circles that buggy software opens up security holes.
Unfortunately, there’s a lot to worry about. The moment you install a Web server at your site, you’ve opened a window into your local network that the entire Internet can peer through. Most visitors are content to window shop, but a few will try to to peek at things you don’t intend for public consumption. Others, not content with looking without touching, will attempt to force the window open and crawl in. It’s a maxim in system security circles that buggy software opens up security holes. It’s a maxim in software development circles that large, complex programs contain bugs. Unfortunately, Web servers are large, complex programs that can (and in some cases have been proven to) contain security holes. Furthermore, the open architecture of Web servers allows arbitrary CGI scripts to be executed on the server’s side of the connection in response to remote requests. Any CGI script installed at your site may contain bugs, and every such bug is a potential security hole.
