im writing a socket server that will act as a http server that takes user input that is validated and executes a few system calls and outputs html

what security risks can i encounter?

Hi lenix. Welcome to GIDForums. When you say that this will act a http server what do you mean exactly? Are you wanting to communicate on port 80? You may want to open up another port to do this possibly depending on what you are doing.

There are always security risks in allowing traffic onto your machine. The only secure machine is one that is not hooked up to the internet. But that isn't much use now is it.

Full security is beyond my meager background. I also think that it is a continual process. Every day there are security updates to all kinds of computer packages because a new exploit was found.

Anyway, if you give some more info on what you are doing maybe someone here can help a little more. It sounds like an intriguing problem and actually one that I am working on myself for a project.

Cheers,
d

yea .....

well its not really an actual HTTP SERVER that gives the WWW access w/out knowing what they're doing ...


basically its a 'control panel' in an essence... you goto port ANY/USERDEFINED and it outputs based on your input .. the output is html .. you first 'login' then it outputs the first page ... management options, etc... click add user blah blah then the prog parses the GET and it says ok add this user here ...

now... i have written this method in c++ .. i have verified that all my strings are secure and should have no buffer overflow capabilities ...

this prog is using sockets to create the 'server' ... i was curious if there was any other method of someone creating a security threat...


thanks for your response