There are numerous security implications associated with CGI scripts. Before our CGI server computer will allow you to run CGI scripts you must read, understand, and agree to the following conditions:

You should refresh your memory of the standard College of Engineering Acceptable Use Policy you agreed to when your account was created (http://www.engineering.ucsb.edu/eci/computer-use-policy)

Direct login access to the CGI server is not available. You will need to code your CGI scripts on other systems where your account is accessible; you can debug them by running them through your Unix account or by connecting to their URL on the CGI server. The CGI server accesses your account files remotely.

Your CGI scripts must not attempt to breach system or user security.

The College of Engineering technical support staff cannot debug security or other problems with your CGI scripts.

Your CGI scripts must not adversely affect the performance of the CGI server.

Your CGI scripts must not send unsolicited email messages.

You may not use scripts that are pirated, illegally obtained, or that you do not have a legal right to use.

You must not provide commercial services or advertising.

If your scripts are insecure or do not meet the above conditions it may result in:

• Your script being disabled.
• Revocation of your authorization to run scripts on the CGI server.
• Your account being disabled.
• The CGI server computer being shutdown while security is examined.

These conditions are subject to change as other CGI security issues are discovered.

CGI scripts, which are programs that are run in your account by anonymous users on the Internet, have inherent computer security risks. They are notorious for being subject to buffer overflow attacks, spam mail generation, denial of service attacks, and other dangerous security issues. If you run CGI scripts, it is at your own risk. Damage to files in your account due to security problems arising from any scripts you make available for execution are your responsibility.