Skip to main content
General information about WWW

General information about WWW

Search
Help Pages for CERN Web Services
General User Information
General information about WWW
Web site Management
Web Authoring
CERN Library Proxy
Shorten long URL
  

 Contact Service Desk

Email:service-desk@cern.ch
Phone: +41 22 76 77777

 

Security on the WWW

Skip Navigation LinksHelp Pages for CERN Web Services > General information about WWW > Security on the WWW



 

From the moment where a web site is connected to the Internet, you open a window at the community.
In a schematic way, two risks introduce themselves to you :

  • this window, or its content, is modified  or looked at without your consent
  • this window is used to look at something else which you don't choice to introduce
  • Permissions

    The first part concern permissions of your web site. By default, all pages you add to your web site are readable by everybody on the Internet. Access control is useful to restrict access to your web site according to your particular needs. Pages under access control will prompt for a valid username / password. After these settings, what a surfer sees depends on how you set the permissions.

    An example of the purpose of access control concerns search engine. All search engine have little robot programs which can surf on the web and index all news page for its search engine. If you don't want your web pages are in the search engines database, you must create permissions for those.

    Permissions is a very important point because if you don't set correctly access control, you could have some people will be able to modify your web pages and documents or something else according to their permissions.

    You can have more information about the permissions in the part "Permissions / Access rights / Delegation".

    Script security

    Scripts are potentially a vulnerable part of a web server. They may provide opportunities for hackers to exploit the system either by taking confidential information or by causing damage to the system (e.g. deleting files).

    There are two ways in which scripts may be used in a manner not intended by the writer of the script :

    1. The scripts may leak information about the host system which allows hackers to penetrate the system.
       
    2. Scripts which process user input may come under attack by hackers who trick the script into executing commands.

    Although scripts should always run as "nobody" (i.e. minimal permissions), that is still enough for the script to be able to read the password file. Therefore all scripts which process user input should take the necessary precautions to stop security being breached. Web pages containing forms and dynamic pages which call a script are particularly at risk. 

    SSL protocol

    The SSL protocol (Secure Sockets Layer) was developed by Netscape in collaboration with Mastercard, the Bank of America, MCI and Silicon Graphics, for transmitting private documents on the Web. It uses encryption to keep information private in transit, authenticates the server, and ensures that data sent between client and server is not tampered with. It is implemented on both server and client. You can see this protocol in commercial transactions such as giving a credit car number. Its URL form is begins with https:// rather than http://
    Example : https://www.cern.ch/web
    In the status bar, a little padlock meaning the SSL presence.

                                                       
                                              In Internet Explorer                        In Mozilla

    This protocol is recommended for all web sites because the connection between the client and the server is made totally secure so hacker's attacks are more difficult against web sites.