From what my host has listed under my package, the site is hosted on a Linux machine, so (unless I'm mistkane) it shouldn't be an IIS or ActiveState problem, since I thought that ActiveState was strictly a windows version of perl, and IIS was a windows based server application.

The script has been running fine for probably a year now... if not longer. Nobody else has reported this problem, and I can't find any errors in the code nor can I seem to reproduce the error (then again, I don't have VB installed... so that may be why).

I'm assuming my only solution would be to setup a library below the web route, and then use a subroutine in the library to generate the connection to the database for each script? I just don't want to potentially leave my username & PW to my db out in the open (obviously).

Any suggestions?

Thx guys!

Stenyj

Is the server running front page extensions? If it is, someone would need a username and password to get to it. Other than that, I can think of no reason the server would serve up the source of the script (unless it's a configuration issue.)

I'm assuming my only solution would be to setup a library below the web route...

Yes, you should store your id & password outside of the web root.

He allegedly chose to debug, and my script was displayed in an editor.

If what appeared was the source to your CGI, then yes, you have a security problem, and probably a very unusual one.

If instead what appeared was HTML, then what's happening is very normal. IE by default will ignore Javascript errors in pages. But with the right switches thrown on the client side, or the right Microsoft development tools installed (including the generic stuff underneath VB), the default changes to note that there's an error on the page, giving the user the option of opening the (HTML) page in one of the Microsoft development tools. This isn't a security problem, but you should locate and fix the Javascript error.

(I'm assuming--and perhaps it's not a safe assumption--that you're able to see your page in a browser without apparent error.)

There are several possibilities. Which one is the case will depend on many variables -- including how well-informed the user is, what sort of code you write, and how secure you are that your configuration is correct.

The first possibility is that the user was incorrect, and the code in question was not perl at all, but javascript, and the debugger was Microsoft Visual InterDev, or Microsoft Visual Script Editor, not Visual Basic. (It's possible that VS 2003 has unified them, but last I looked, they were sepperate tools.)

The second possibility is that you're writing an ASP-based (or similar -- I forget what the look-alike Apache-based framework is called, or even if there is one) page, and somehow your script got through to the browser, and was interpreted as incorrect javascript (see above).

The third is that he's just rattling your chain.

The fourth is that you aren't using a CGI-ish script at all, but rather are using a local script, and somehow, interdev, or even VB, managed to notice that it died, and debug it.

Note that all of the above cases contain at least one miscommunication, so you may be best getting him to repeat it with you there, or at least take a screenshot.

Yeah, I'm waiting to hear back from him for a screenshot. I'm starting to think it was something other then my code, but waiting for confirmation first.

Thx for the feedback guys!

That being said, if you're using perl, your users will most likely be able to "pull up the script". There are very few ways you can prevent this.