in reply to Re^2: Running perl script outside cgi-bin
in thread Running perl script outside cgi-bin

The only security problem really is: if the web server ever is misconfigured (to not execute scripts), people hitting the web server are shown your code. Since events.pl is in cgi-bin (not public_html, i.e. outside the document root), a misconfigured server would likely refuse to serve it. This is very much an issue in PHP, too, but nobody pays attention to it.

You can mitigate this by putting the important parts of your code in libraries outside the document root.

(I did gain access to one web site's code once because the administrator apparently had reinstalled the OS, set the web server running with the default configuration, and restored the old content before fixing the configuration.)

  • Comment on Re^3: Running perl script outside cgi-bin

Replies are listed 'Best First'.
Re^4: Running perl script outside cgi-bin
by tangent (Parson) on Feb 08, 2012 at 13:44 UTC
    Seeing my code would probably add an extra layer of security :-)

    There is only a few lines in the script to load up the necessary modules which reside outside the web root.

[reply]

In Section Seekers of Perl Wisdom