homepage Welcome to WebmasterWorld Guest from 54.197.111.87
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Perl & server side includes on a overloaded server
How safe shtml really are? (server returning the source code)
explorador




msg:4102764
 2:02 am on Mar 23, 2010 (gmt 0)

Hi webmasters, I'm wondering about the source code security on shtml files with perl code or server side includes. I searched on the web for answers but still no luck.

Per example: sometimes certain problems on a server may cause php files to be downloaded instead of executed (specially on peak times). I'm sure the server config has a lot to do with it. As far as my experience goes, my perl code never been compromised (or showed), the only problem if any was "internal server error" or "out of memory" when there is too much work at once (shared servers).

By now I came up with a solution on a project using shtml files, this can call and execute in place many perl files OR the best feature for me here is to execute conditions and show certain portions of the html and hidding the rest to the user.

PD. I have a lot of files that instead of turning into code inside a perl file I would like to keep them as html files for dreamweaver modifications on the file. Long explanation short: not always it will be us as programmers who will modify the layout (beyond css).

I know shtml files mean extra work on the server, but if a problem occurs, would the source code ever be compromised? showed to the user?

Thanks in advance.

 

phranque




msg:4102803
 4:01 am on Mar 23, 2010 (gmt 0)

there are three things you can do that will help to prevent code exposure and these methods are all mentioned in this Webmaster General thread:
Include File Is Not Working [webmasterworld.com]

- the include virtual [httpd.apache.org] SSI command
- the AddHandler Directive [httpd.apache.org] of the apache mod_mime module
- the ScriptAlias Directive [httpd.apache.org] of the apache mod_alias module

explorador




msg:4103834
 4:05 pm on Mar 24, 2010 (gmt 0)

Thanks phranque, I'm not sure I understand this is related to my question. Even so I read the info and it is useful for me in other ways.

What I meant is if at any time server side includes fail just like php files on certain situations (not regarding a bad config). Using SSI would help me a lot to preserve the original html files with their sections being editable in Dreamweaver while the scripts are only scripts.

My solution to this today is to keep the html files as they are and create perl files who would only read and print those html files. Why? I want to avoid copying the text and creating the perl file itself with the html inside. Keeping separate files sure means x2 files but I can (or anybody) can edit the html file and then upload it back to the server.

As for security, I found on the links you provide me something very useful that goes kinda like this: "you can run perl scripts outside the server cgi-bin but in case of failure the source code might be revealed... so, store the perl files ONLY inside the cgi-bin". That's what I always do and will keep doing, this solves my question in many ways.

So at the end I will avoid SSI, will keep using perl inside the cgi-bin and will add mod rewrite to the formula to have site.com/page.htm instead of the long url.

Thanks, the info was very useful.

phranque




msg:4104207
 4:22 am on Mar 25, 2010 (gmt 0)

you are quite welcome - i was trying to point out how you can protect your code from exposure by method of invocation, file naming convention or location.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved