On Sun, 27 Oct 2002 14:10:58 -0800 (PST), [EMAIL PROTECTED] (Admin-Stress) wrote:
>I am new to perl cgi. I would like to ask (maybe a silly question) : >Is it possible to VIEW the source code of a perl cgi from a website? >For example, I wrote a perl cgi like this http://www.myweb.com/cgi-bin/addcustomer.pl >The purpose of that script is to add new customer into my MySQL database. >So, is it possible that some one can download that script? Like using 'web site >downloader' or >'dump' or any other method? >If yes (possible), is there any way to prevent this? or to hide the cgi source code? You are "probably" safe from internet users getting your script. If your webserver is misconfigured you can view cgi files when you try to execute them, otherwise you are safe from people viewing them. Some webservers that are misconfigured, may treat a .pl file as a text file, and just display it. Try to do it yourself, enter http://www.myweb.com/cgi-bin/index.html and see what happens. If you get a list of files, there is a problem with your server. The real problem comes from other users on the server you share. Since your cgi is probably mode 755, that means other users "might be able" to ssh in to the server, and look thru the files in your /home dir. You can test how the system you are using is setup by ssh'ing in, then changing dir up to where you can see all the other user's homedirs. Then see if you can read their files. You can probably bet money that the "government" has already looked thru your files. Most ISP's have a "warning" that doing this may result in you getting kicked off their server. If you need security, then it is best that you run your own server, thru co-location. That way you are the only user, but then you still have the problem of the "night-watchman" poking around in your server. Maybe have 24-hour camera surveillance on the server? It gets complicated in a hurry, when you start talking about REAL security. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
