A secure World-Wide-Web daemon

In this paper we begin by discussing some of the protection-related history of World-Wide-Web servers and clients, some of their better-known vulnerabilities, and the need for a more secure server environment. We then discuss the protection goals we believe to be of import to a World-Wide-Web server, outline some of the principles we believe to be important to attaining such a server, and analyze the design of a server that we believe to be secure relative to my stated goals. Finally, we discuss some of the experience we have had with this server, the development of a secure gopher server using nearly the same code, and future work. Copyright (C) 1996 Elsevier Science Ltd