is it ok to have a web app install alongside http accessible instead of cgi-bin?

leocharre has asked for the wisdom of the Perl Monks concerning the following question:

I am developing this web app in perl, multiple cgis, some conf files.. temp files, etc. Right now it is more or less being expected to set up alongside http accesible dir, so.. if a user has /srv/whatever/username/public_html , the app would reside in /srv/whatever/username/app - that is, all sennsitive data about the applciation resides there.
Mow most cgis reside in the webshare- but they contain nothing that would make them dangerous if read as text. They contain no passwords, absolute paths to anything, etc. I should still move them out of http accessible, right?

Should I put all the cgis to reside under /srv/whatever/username/cgi-bin and thus accessible via https://site.com/cgi-bin/app ?
should i place all config files for this app also somewhere in the cgi-bin/app/conf_files, for example?
Are people generally expecting to install a web app under cgi-bin, and thus asking them to create a dir alongside their http accesible root- would that be too much for them? To ask?

Comment on is it ok to have a web app install alongside http accessible instead of cgi-bin?

Replies are listed 'Best First'.
Re: is it ok to have a web app install alongside http accessible instead of cgi-bin? by ioannis (Abbot) on May 22, 2006 at 19:44 UTC
These issues are covered in the main Apache docs. See security_tips.	[reply]
Re^2: is it ok to have a web app install alongside http accessible instead of cgi-bin? by leocharre (Priest) on May 22, 2006 at 20:36 UTC
I am not ignorant of the apache documentation, I would honestly like some opinions about this. The docs don't realyl address my concerns here- and I would like the thoughts of real world developers/webmonkeys like myself. For example, if you are a sys admin or a web devel, and you had to install an app, would you expect it to go in sgi, what if it were to be in its own dir alongside http doc root? would it p155 u off? I don't know exactly. Please suggest.	[reply]
Re^3: is it ok to have a web app install alongside http accessible instead of cgi-bin? by ioannis (Abbot) on May 22, 2006 at 22:54 UTC
It is easier to monitor an app when it resides in its own directory; it is easier to insert simple handles, and it is easier to extract info from log files (and also easier to write such info in separate file with env=xxx conditions). As for security, it easier to check and monitor access permitions. (As per Apache security_tips docs, placing an app inside server configuration directories is the least desirable option.)	[reply]
Re: is it ok to have a web app install alongside http accessible instead of cgi-bin? by strat (Canon) on May 23, 2006 at 07:39 UTC
I'd prefer the cgi-bin - way of life because many persons just have webspace where they can't change the apache configuration; so I'd use /htdocs/myapp/ for the static files and /cgi-bin/myapp/ for the scripts. Best regards, perl -e "s>>F>e=>y)\martinF)stronat)=>print,print v8.8.8.32.11.32"	[reply]