AsiaBSDCon 2017 Secure CGI



Writing secure applications is hard.

Writing secure CGI applications is harder: the environment is more constrained and the number of potential attackers is significant. (I.e., high cost of mistakes.)

What else?

Be careful with Capsicum development unless your application opens all file descriptors prior to all work: this is not a practical design choice for all applications, and may hinder future feature adoption.

While SQLite is attractive due to its simplicity, the simplicity is a lie. Until there's a better way to control temporary file creation and/or database file descriptors, it presents significant challenges for security. (If we were to embed a PostgreSQL database server in our application, however, we'd have the same issues.)

Thank you.