Re: Running perl script outside cgi-bin

This is all a webserver configuration issue. Nothing except the webserver configuration dictates that the file events.pl must reside in your document root, or that a file events.pl must exist at all for an URL /events.pl to be served. Talk to your webserver administrator about what possibilities you have to set up a "ScriptAlias" or some "alias".

Without looking at what your script does, it's hard to say whether it is safer or less safe to move it out of cgi-bin/. Most likely, it won't make much difference, security-wise.

Comment on Re: Running perl script outside cgi-bin Select or Download Code

Replies are listed 'Best First'.
Re^2: Running perl script outside cgi-bin by tangent (Parson) on Feb 07, 2012 at 23:14 UTC
Hi Corion - it did occur to me after I posted that this wasn't really a Perl question so thanks for your answer. I went on over to Apache and it would seem I could do everything I want and more using ScriptAlias and other directives. Only thing I would have to put them in .htaccess files which has performance issues (hopefully a concern some day). But that got me thinking, why not just create symbolic link to my script. That works nicely. Must learn more Unix.	[reply]
Re^3: Running perl script outside cgi-bin by Anonymous Monk on Feb 08, 2012 at 09:18 UTC
The only security problem really is: if the web server ever is misconfigured (to not execute scripts), people hitting the web server are shown your code. Since events.pl is in cgi-bin (not public_html, i.e. outside the document root), a misconfigured server would likely refuse to serve it. This is very much an issue in PHP, too, but nobody pays attention to it. You can mitigate this by putting the important parts of your code in libraries outside the document root. (I did gain access to one web site's code once because the administrator apparently had reinstalled the OS, set the web server running with the default configuration, and restored the old content before fixing the configuration.)	[reply]
Re^4: Running perl script outside cgi-bin by tangent (Parson) on Feb 08, 2012 at 13:44 UTC
Seeing my code would probably add an extra layer of security :-) There is only a few lines in the script to load up the necessary modules which reside outside the web root.	[reply]