Putting database userIDs and passwords in a separate module is an excellent idea. I recently did an on-line survey for a client in a sub-directory under my main domain. After about 5000 people had been through the survey, it finally occurred to me to check that no one could get the file listing of the directory (and therefore all of the CGIs) by chopping off 'survey.cgi' from the URL.
Yep, they sure could -- there was no index.html. But (!) because the userID and passwords were in a module in a different directory, there was no major security breach. I quickly added an index.html that does an immediate re-direct: another solution would have been to change the permissions on the directory (execute only) but the re-direct was the solution that I was able to implement the fastest.
Embarrassed? Oh yeah. Very. That's why I'm posting anonymously.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.