OneGate was designed with security in mind. While it makes every attempt to be a secure application gateway, you have to do your part as well.

The biggest pitfall of CGI programming is trusting external data and using it for system calls without vetting it first. This can be catastrophic, and lead to destruction of data. OneGate does not use any remote data in remote commands, nor does it provide you any facility to do so via the program set command file. However, it does not (and can not) prevent you from persuing this extremely hazardous practice within the applications you call from the command file. Those applications could conceivably call other programs unsafely, if you blindly trust data provided from outside your control and use it in a command line context. DO NOT DO THIS. Doing so is tantamount to leaving the keys to your car on the hood while you quickly nip into Wal*Mart for even one tiny item. There's a good chance your car won't be there when you get back. Likewise, bad things will inevitably happen if you commit this grave security error.

OneGate handles upload filenames safely. You are provided a safe filename, generated by OneGate, for use. You are also provided the original filename that the file was known by on the remote system, if the application sends it. However, trusting that remote filename can be extremely hazardous. You should always have your software inspect such filenames for rogue content before utilising them.

OneGate simply passes the data it obtains without parsing it or censoring it. As a generic gateway application, it can not and should not do so. It is up to you to make sure that your application adequately scans and validates the incoming data to ensure it is safe for use in whatever context is applicable.

It is your responsibility to make sure that your configurations restrict access to applications as appropriate. For anything not intended for general public consumption, you should implement access controls with the program set virtual firewall and user authentication mechanisms available in OneGate. OneGate can easily cooperate with any HTTP Basic Authentication already in use on your web site.

Security is one of the biggest issues with CGI programming. OneGate does its best to make the environment safe as possible without compromising the data integrity. It is your responsibility to ensure that your applications use the data safely.

For a complete list of points to check over in your integration efforts, please consult this more comprehensive list that we have released to the public to aid in CGI security education.