Are compiled languages such as C safer than interpreted languages like Perl and shell scripts?
The answer is “yes”, but with many qualifications and explanations. First of all is the issue of the remote user’s access to the script’s source code. The more the hacker knows about how a script works, the more likely he is to find bugs to exploit. With a script written in a compiled language like C, you can compile it to binary form, place it in cgi-bin/, and not worry about intruders gaining access to the source code. However, with an interpreted script, the source code is always potentially available. Even though a properly-configured server will not return the source code to an executable script, there are many scenarios in which this can be bypassed. Consider the following scenario. For convenience’s sake, you’ve decided to identify CGI scripts to the server using the .cgi extension. Later on, you need to make a small change to an interpreted CGI script. You open it up with the Emacs text editor and modify the script. Unfortunately the edit leaves a backup copy of the script sour
Related Questions
- Can I use CGI scripts or executables written in languages other than G (perl, tcl, shell scripts, compiled code, etc) to process client requests?
- Are compiled languages such as C safer than interpreted languages like Perl and shell scripts?
- Which languages are supported in CGI (e.g. shell, Perl, Java)?