Msg#: 4102762 posted 2:02 am on Mar 23, 2010 (gmt 0)
Hi webmasters, I'm wondering about the source code security on shtml files with perl code or server side includes. I searched on the web for answers but still no luck.
Per example: sometimes certain problems on a server may cause php files to be downloaded instead of executed (specially on peak times). I'm sure the server config has a lot to do with it. As far as my experience goes, my perl code never been compromised (or showed), the only problem if any was "internal server error" or "out of memory" when there is too much work at once (shared servers).
By now I came up with a solution on a project using shtml files, this can call and execute in place many perl files OR the best feature for me here is to execute conditions and show certain portions of the html and hidding the rest to the user.
PD. I have a lot of files that instead of turning into code inside a perl file I would like to keep them as html files for dreamweaver modifications on the file. Long explanation short: not always it will be us as programmers who will modify the layout (beyond css).
I know shtml files mean extra work on the server, but if a problem occurs, would the source code ever be compromised? showed to the user?
Msg#: 4102762 posted 4:05 pm on Mar 24, 2010 (gmt 0)
Thanks phranque, I'm not sure I understand this is related to my question. Even so I read the info and it is useful for me in other ways.
What I meant is if at any time server side includes fail just like php files on certain situations (not regarding a bad config). Using SSI would help me a lot to preserve the original html files with their sections being editable in Dreamweaver while the scripts are only scripts.
My solution to this today is to keep the html files as they are and create perl files who would only read and print those html files. Why? I want to avoid copying the text and creating the perl file itself with the html inside. Keeping separate files sure means x2 files but I can (or anybody) can edit the html file and then upload it back to the server.
As for security, I found on the links you provide me something very useful that goes kinda like this: "you can run perl scripts outside the server cgi-bin but in case of failure the source code might be revealed... so, store the perl files ONLY inside the cgi-bin". That's what I always do and will keep doing, this solves my question in many ways.
So at the end I will avoid SSI, will keep using perl inside the cgi-bin and will add mod rewrite to the formula to have site.com/page.htm instead of the long url.