Abstract:
This paper describes the security trouble of authentication algorithm based on environment variable in CGI mode and points out it’s caused by excessively trust the environment variable of server. Moreover, this paper also introduces a replaced algorithm based on validation of random image code with irregular background in client.
Key words:
CGI,
Authentication,
Environment variable,
Image code
摘要: 分析了CGI模式中常见的基于环境变量的认证算法所存在的安全隐患,给出了根源是过分信赖服务端环境变量所致的结论。指出了基于随机带无规则的背景图片码认证的客户端提交是一种可行的、较安全的替换算法。
关键词:
通用网关接口,
认证,
环境变量,
图片码
QIAN Pengjiang; WANG Shitong. Security Analysis of Authentication Based on Environment Variable
in CGI Mode
[J]. Computer Engineering, 2006, 32(23): 140-142.
钱鹏江;王士同. CGI模式中基于环境变量认证的安全性分析[J]. 计算机工程, 2006, 32(23): 140-142.