Because Go Server Pages cause code to execute server-side, much thought was given to security in the project’s design:

  • Go itself is a strongly typed language with a simple-to-reason-about semantics, which reduces the likelihood of inadvertently introducing security flaws into the code used on a Web page.

  • Go Server Pages are secure by default. The Go code appearing on a page is allowed to import only those Go packages explicitly authorized by the Web administrator. Such authorizations can even be granted on a page-by-page basis, thereby supporting the principle of least privilege for each individual Go Server Page.

  • All data provided by the client (and therefore to be considered untrustworthy and potentially malicious) is quarantined within a single data structure (gospReq, of type gosp.RequestData) passed to a Go Server Page. Doing so facilitates distinguishing untrustworthy data from the rest of the program’s data.

Error messages are written exclusively to the Apache error log (e.g., /var/log/apache2/error.log) with no details other than “Internal Server Error” returned to the client. This avoids revealing potential attack vectors to malicious clients.