Fellow Monasterians

I've been asking around for the best way to set up a new site securely and gotten lots of conflicting advice (and lots of interpretations of "securely"). Even though I risk flogging a dead horse, I have to ask here at PM's before making any final decisions.

I originally thought that CGIwrap was the way to go, but I'm having problems getting it to work with CGI::Application's instance scripts, e.g., 

use lib "../cgi-bin/cgiwrap/username/";
use warnings;
use strict;
use CGI::Carp qw(fatalsToBrowser);
use DSAdmin;

[download]

which finds my module, but won't open a .config file (contains database log-on username and password) in my home directory that is set to 700 (which it is supposed to be able to do as a cgiwrapped script).

Some have suggested placing my Perl in a directory in my home directory, but I end up with the same inability to read that .config file because of permissions.

The other reason I'm considering the home directory route is that I have read cgiwrap slows down my script and that there are still potential security issues.

Note: Right now we are on a shared Unix server (at Pair), but will move to a dedicated server when in production. Home directory is set to 711.

So, questions for web-developing monks:

  1. Where do you place your Perl modules/scripts?
  2. Where do you place your database log-on info and is it encrypted?
  3. What is considered "best practice" if that can even be answered?

Any other light you can shed on this would be appreciated. Thanks in advance.

Update: fixed title


—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

In reply to Structuring a Web site and security issues by bradcathey

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.