Which of the following is the best way to secure CGI scripts?

A.
Configure the firewall to filter CGI at ports 80 and 443

B.
Disable anonymous HTTP logins when using CGI

C.
Ensure that the code checks all user input

D.
Active Java on the primary web server

Explanation:
CGI are executable programs which run on the server. The CGI programs may need to access files and other resources. In order to insure protection, a user account should be used that has been authorized for access. When using the anonymous login, you are using a guest account, and assigning resources to a guest or anonymous account can create a large security exposure.
Incorrect Answers:
A: CGI is code that executes at the server. It is not inherent in the protocol, so it can’t be filtered.
C: Producing a program that is perfect in that it checks all input and checks for all possible error condition is a perfect program. No one can write a perfect program and account for every possible condition. Plus, if you could, you can’t b expected to enforce it, it is not always in your control.
1D0-470
D: Using JAVA may be used in place of CGI scripts, but JAVA does not add security to CGI.