The World Wide Web Security FAQ

• Up to Table of contents
• Forward to What's New

1. Introduction

Copies of this document can be obtained at:

• http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html (html)
• http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.tar.gz (tar gzipped archive)

The author of this FAQ has very limited experience with the Macintosh and Windows servers (although he's slowly learning!). Web servers for these operating systems are pretty new, and there hasn't been much time for collective wisdom on the security issues for these platforms to form. I apologize for the pronounced Unix (and Linux) bias in this document. Help in fleshing out these topics is welcomed!

Much of this document is abstracted from the author's book "How to Set Up and Maintain a World Wide Web Site", published by Addison-Wesley.

This document is © copyright 1995, 1996 Lincoln D. Stein. It may be freely mirrored electronically as long as the authorship is correctly attributed and the entire document is maintained intact. Small excerpts of up to five paragraphs are allowed, however. Distribution in printed form is prohibited unless prior permission is obtained from the author.

Many thanks to the following people for their helpful comments and contributions to this document:

• Bob Bagwill <bagwill@nist.gov>
• Jim Carroll <jcarroll@wellspring.us.dg.com>
• Tom Christiansen <tchrist@mox.perl.com>
• Mike Daren <mdaren@dtsa.osd.mil>
• John Franks < john@math.nwu.edu>
• Paul Hoffman <www-servers@proper.com>
• Laura Pearlman <pearlman@rand.org>
• Louis Perrochon <perrocho@inf.ethz.ch>
• David Weisman <weisman@osf.org>
• William C. DenBesten <DenBesten@cs.bgsu.edu>
• Ian Redfern<redferni@logica.com>
• Bob Denny <rdenny@dc3.com>
• Eric Hammond <eric.hammond@sdrc.com>
• Peter Trei <trei@process.com>
• Brian Kendig <brian@netscape.com>

• Up to Table of contents
• Forward to General Questions