in reply to Script security

For the download thing:
What type of file was it? Is it a file that should be dowloadable, or must it be protected? Was the file located at the server? Is it possible you hit enter while you where searching through the url's you visited before?

For the security:
Not only the permissions should be set, also you webserver must be configured right. If your webserver is configured to send .cgi files as text/plain, everybody can read you source code. If you don't want that, you should set your webserver's configuration so that .cgi files get executed.

Next, if you are on a public server, your password will probably not be secure. You can hide the password in a file in an obscurely named directory, but still you need to put that location in your script. If your scripts runs setuid to your userid, there's no problem, just put the password in some file and make sure the permissions are set so nobody but you can read it.

---
Berik

In Section Seekers of Perl Wisdom