p3rl has asked for the wisdom of the Perl Monks concerning the following question:

I have lately been concerned with security on my site, As i had read earlier about the attack on CPAN i decided to ask if anyone knows how i can protect my site from attackers that have already attacked. Basically i own a site that sells CGI scripts, some of my scripts have been stolen by some hackers by not accessing member directories but by 'ripping' my demo scripts. Is there a way that i can prevent this and still have the functionability of my scripts?

Replies are listed 'Best First'.
Re: Perl Security
by mugwumpjism (Hermit) on Jun 14, 2001 at 12:30 UTC

    Your question is not clear. What do you mean by 'ripping'? Can you, or anyone else, actually demonstrate this 'ripping'? If it is due to a security vulnerability in your web server that involves a non-trivial exploit, have you contacted the vendor for support?

    Normally, you stop users from reading the text of your CGI scripts by using a stable web server, and configuring it not to allow cgi scripts without the execute bit set to be sent as source. Assuming that the CGI scripts work at all, then this should be the default configuration.

    Of course, there is nothing to stop someone with no respect for copyright laws from asking someone that has already bought one or more of your scripts for a copy. If that person also has no respect for copyright laws, then they will likely give that person a copy of the script anyway.

    Perhaps you should be selling support contracts on your scripts, and allowing people to pay for you to make extensions on the code.

[reply]
Re: Perl Security
by p3rl (Novice) on Jun 16, 2001 at 09:28 UTC
    Well what they (hackers) were doing were exploiting my server to display the actual source code of my commercial demo scripts. It was all an error in the server, thank you very much anyway. Regards Ilija Bozinovski
[reply]

Back to Seekers of Perl Wisdom