Hello everyone,

I've just thrown together a web-based installer for a web-app of mine. This basically comes down to making a web-based application that takes in a bunch of information, via a form, validates it and takes that information to build the necessary directory structure, config file, SQL database - that sort of thing.

My users aren't going to know what an, "ssh" is, or a, "cpan", etc. They're expecting to untar a distro, throw it up, run, "install.cgi" and fill out a bunch of stuff. My other task is to make that, "bunch of stuff" easy as possible for them to fill out - or only fill out, if it's optional. Whew!

Something you see a lot in php, not so much in Perl.

I'm at the point where I'm happy that it works, etc, but I'm not so happy with how it interacts with the file system. I'm worried about security and want to make this thing work as well as possible, on as many unix-like platforms as possible. I'm also worried about file permission problems with my web-app and the file structure it needs to manipulate. For the most part, I'm assuming the CGI script is running under suEXEC.

For the most part, when I need to mv, cp, rm, (etc) something, I fall down and use backticks. Once I do, a big red flag goes up in the back of my mind - it doesn't sound like Best Practices to me and before I actually and truly ship this app, I want to replace the backticks with built-ins or subs from a module.

Some of the parameters I need for any method is it being either a core module, a pure-perl module or, built-in. Here's a small list of things I'm thinking of using, instead:

mv    - File::Copy
cp    - File::Copy
rm    - unlink built-in
chmod - chmod built-in
[download]

I'm a little worried that my use of Perl subroutines, instead of backticks are going to get me into trouble - will I have the same permissions in the directory structure using builtins/modules as I do with my backticks? Any best practices/nuggets of wisdom I should follow?

The other, strangely simple, yet strangely difficult thing to know is that web-apps own URL. Currently, I just use CGI.pm's url() sub, but this also will fail from time to time. Is there an alternative?

There's also quite a bit of file/directory munging and right now, this isn't handled very smartly - File::Spec isn't even being utilized. I was looking at Path::Class to handle this. Something as simple as wanting to know the absolute path, or the user's home directory aren't handled by anything I know in a standardizes way - I don't know if this is a security measure or what. It makes making something like this somewhat aggravating :)

Sorry to have to ask so many, seemingly simple questions - the installer works, but it doesn't work in a way I would be proud to show the world how Perl does things. I'm sure compiling a list of best-practices for web-app installers would help others down the road.