IMHO, anything you don't want everyone to see- should not physically reside in webshare- period.
On one hand this is a general rule for me- on the other- it sounds like you're doing some fun stuff. It seems your admin will either be an editor of the content- or your html files are HTML::Template files, that are prefed by admin app- very witty..
So, these *are* or are not "static web pages" or are they templates that are fed by admin??
(Still, I say nothing in webshare that you don't want everyone to see..
For example with shared hosting, or whenever you're at the mercy of root..
What if they disable some apache directives that now make your .htaccess files worthless? Then your content is free for the viewing.
Yes, this is a wild and whacky rare possibility.
What if cgi stopped working?
Is your content unprotected?
If your cgi serves content not normally accessible via http, then if things break, nothing is lost. )
That junk said..
It seems like your ap is *not* using authentication? Is that correct? I mean, authentication *inside itself* ...
Maybe you're not familiar with CGI::Application::Plugin::Authentication, it took me a little while to figure out how to use it, it was frustrating at first- but it sets some sort of a standard for doing authen. You can use .htpassw files even if you want, i think...
The idea is that every runmode (run, state, screen) of your cgi app requires a check. And if you don't store files in webshare, you don't have to worry about the rest.
In reply to Re^2: CGI::Application::Authentication and Static Pages
by leocharre
in thread CGI::Application::Authentication and Static Pages
by digger
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |