allyc has asked for the wisdom of the Perl Monks concerning the following question:

Monks,

Could any one give me some pointers on the following problem. We currently have a small suite of Perl Web Applications that we use. Because there are many actions that are common to all of the applications, we have created a common file called common.pl. This file contains functions that the other applications can call.

At the moment we are loading the common file using a require command and it all seems to work fine. I know its not the best way of constructing this, but I have not got the time to convert it to a module at the moment.

Is it possible for this common file to work out if it is been called from one of the applications using the require, or if some one has accessed it directly from the Web Server?

I want to be able to make it output a warning to users who try and access it directly. Ideally I would like to move it into a directory not accessible by the web server, but I am not going to be able to move it at this point.

Any ideas would be greatly received.

Many Thanks,

Alistair

Replies are listed 'Best First'.
•Re: Called by Require or Not
by merlyn (Sage) on Aug 06, 2004 at 16:09 UTC
    In addition to the answers you'll get regarding caller, also consider that with the right .htaccess directives, you can also make a URL illegal to fetch, returning a 404 or 403 error. For example: 
    <Files *.pl>
order allow,deny
deny from all
</Files>

    [download]
    in an .htaccess file denies all access to .pl files. (I'm doing this from memory, but the syntax is at least similar to that.) </code>

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

[reply]
[d/l]
Re: Called by Require or Not (robust)
by tye (Sage) on Aug 06, 2004 at 16:52 UTC

    I've seen too many web sites get confused configurations such that (at least for a while) they are shipping out their CGI source code instead of running their CGIs.

    I usually protect against this by having the CGI (or mod_perl or whatever similar technology) scripts mostly just require other files that do the real work. And I place these other files outside of the web root directory.

    I would move your common.pl so it is outside of the web root (that shouldn't be much work). It is more robust security to only place under the web root those things that you want accessible via the web.

    - tye        

[reply]
Re: Called by Require or Not
by Fletch (Bishop) on Aug 06, 2004 at 16:01 UTC

    perldoc -f caller

[reply]
[d/l]

Back to Seekers of Perl Wisdom