Thanks for your thoughts, adrianh! Some responses...

For example the compromised script could spin off another process that sits their doing a dictionary attack on your database
That's true, although they could just as well do a dictionary attack on the main site.
badly set permissions could allow the script to rewrite itself, etc.
Which is why I don't intend to set the permissions badly. :)
In some ways a mod_perl server would be more secure. Set it up to only service a single request per-process. You still save on startup time, forks are cheap (definately cheaper than starting up a separate CGI process and loading all the modules needed), and a compromised service would have to restart Apache to affect future requests.
I already have Apache configured to process only one request in each child. As far as speed, it's not an issue; the site will be getting at most dozens of hits a day and will run on modern hardware.

Attacks are possible with a mod_perl script that aren't possible with CGI, since it has access to the listening socket, the scoreboard, and other internal Apache data structures. For example, this bit of mod_perl will intercept some future requests, but isn't possible under CGI: 

# FD #16 is the listening socket on my Apache
# You can use lsof on an Apache child to find yours.
open(LISTEN,"+<&=16")
  or die "Couldn't open LISTEN socket: $!\n";
while(1)
{
  accept(ACCEPT,LISTEN)
    or next;
  print ACCEPT  <<EOF;
HTTP/1.0 200 OK
Content-Type: text/html
Content-Length: 10
 
Snarfed!
EOF
;
}

[download]
These are the sorts of attacks I think CGI will protect against.
I'd have my W3 server talking to a separate applications server on another box using a very thin application specific protocol that only supplied just enough functionality for the W3 application to do what it needs to do. You hide most database-specific exploits away on the other box, and have something that you can apply fine grained security controls too.
Ah, that's a great idea! Thanks!

In reply to Re^6: Secure way to pass database connection info from mod_perl handler to CGI script by sgifford
in thread Secure way to pass database connection info from mod_perl handler to CGI script by sgifford

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.