The World Wide Web Security FAQ

1. Introduction

This is the World Wide Web Security Frequently Asked Question list (FAQ). It attempts to answer some of the most frequently asked questions relating to the security implications of running a Web server. There is also a short section on Web security from the browser's perspective.

Copies of this document can be obtained at:

The text-only version is no longer available because of the difficulty in maintaining parallel text and hypertext versions. However, you can convert portions of the FAQ to text by choosing "Save as text" from your browser's file menu. Please do not write to me asking for a text-only or printed version!

The author of this FAQ has very limited experience with the Macintosh and Windows servers (although he's slowly learning!). Web servers for these operating systems are pretty new, and there hasn't been much time for collective wisdom on the security issues for these platforms to form. I apologize for the pronounced Unix (and Linux) bias in this document. Help in fleshing out these topics is welcomed!

Much of this document is abstracted from the author's book "How to Set Up and Maintain a World Wide Web Site", published by Addison-Wesley.

This document is © copyright 1995, 1996 Lincoln D. Stein. It may be freely mirrored electronically as long as the authorship is correctly attributed and the entire document is maintained intact. Small excerpts of up to five paragraphs are allowed, however. Distribution in printed form is prohibited unless prior permission is obtained from the author.

Many thanks to the following people for their helpful comments and contributions to this document:

Lincoln D. Stein,
Whitehead Institute/MIT Center for Genome Research
Last modified: Thu Nov 7 14:12:09 EST 1996