AsiaBSDCon 2017 Secure CGI

CGI application design strategies

CGI application design strategies

How can we design our applications to meet these needs? There are two main methods.

  1. Modular: one binary per facility.
    Assumes facility choice is well-defined and seperable, but much more straightforward to secure.
  2. Monolithic: one binary invoking another.
    More resource intensive and possibly difficult to secure.
  3. Asynchronous: one primary binary and secondary workers.
    Requires more significant development infrastructure, but much more secure.

We'll focus on monolithic design because it's easier.