Perl: the Markov chain saw | |
PerlMonks |
Re: Data Security in Perlby gryphon (Abbot) |
on Sep 04, 2002 at 15:46 UTC ( [id://195112]=note: print w/replies, xml ) | Need Help?? |
Greetings, For learning more about CGI security, check out Ovid's "Web Programming Using Perl" Course. It's quite good. Lesson Three is a good overview of security. One thing that Ovid points out is that you can't really trust Apache (via .htaccess files) to handle all the security for you. For what you're talking about, though, it seems that you've got a series of pseudo database files that are read by your scripts. You just want these files to be inaccessible to the public via the a URL, right? In such cases, I typically build two directories from whatever root directory I'm in. Assuming a fairly default Apache conf, /var/www/html is the root dir for the Web server files. I'll usually mkdir /var/www/hidden or something similar, then put all my pseudo database files in there. The scripts in /var/www/html or /var/www/perl can get to the "hidden" dir easily, but unless Apache is misconfigured, it'll be really difficult for an end-user to get there without reasonably significant hacking. gryphon Update: Hey, cool! This is my 100th post.
In Section
Seekers of Perl Wisdom
|
|