Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: Data Security in Perl

by gryphon (Abbot)
on Sep 04, 2002 at 15:46 UTC ( [id://195112]=note: print w/replies, xml ) Need Help??


in reply to Data Security in Perl

Greetings,

For learning more about CGI security, check out Ovid's "Web Programming Using Perl" Course. It's quite good. Lesson Three is a good overview of security. One thing that Ovid points out is that you can't really trust Apache (via .htaccess files) to handle all the security for you.

For what you're talking about, though, it seems that you've got a series of pseudo database files that are read by your scripts. You just want these files to be inaccessible to the public via the a URL, right? In such cases, I typically build two directories from whatever root directory I'm in. Assuming a fairly default Apache conf, /var/www/html is the root dir for the Web server files. I'll usually mkdir /var/www/hidden or something similar, then put all my pseudo database files in there. The scripts in /var/www/html or /var/www/perl can get to the "hidden" dir easily, but unless Apache is misconfigured, it'll be really difficult for an end-user to get there without reasonably significant hacking.

gryphon
code('Perl') || die;

Update: Hey, cool! This is my 100th post.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://195112]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-03-28 16:59 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found