WWW.SAS does not support any mechanism that would allow a remote user to execute arbitrary programs or scripts on our machines because of the inherent security risks involved. This means that CGI scripts aren't allowed.

Writing a "secure" program that is not vulnerable to attacks by a remote user requires skill. An insecure program might result in an intruder gaining unauthorized access to a SAS machine. Since we can't trust our (more than 12,000) users to write secure programs and since we don't have the manpower to inspect everyone's scripts, we have decided that they aren't allowed.

You can read about some of the security risks at:

Additionally, allowing arbitrary scripts that external users can execute means that people who are not legitimate users of our systems are consuming our CPU resources - this could have a disruptive impact on the performance of the machines.

Make a New Search

Last modified: Tuesday, 28-May-2002 10:03:40 EDT