Even if we presume that you have insufficient control over the web server configuration to ensure that CGI scripts will be executed instead of sending the source code...

...and even if we accept that you have to use CGI instead of a more modern web application architecture...

...and even if we ignore the fact that good encryption and payment processing systems remain secure even when the algorithms are fully public...

...this still isn't a problem if you're using good software development practices.

Good development practice calls for putting potentially-reusable code into modules, not the main program source file. So you're running something as a CGI script and the web server sends the source instead of running it, but the source of myapp.cgi consists of: 

#!/usr/bin/perl
use MyApp::Main;
MyApp::Main->run();

[download]
So the bad guys saw that? Whoopty-freaking-do. The only thing it tells them is that your knowledge of CGI application development isn't stuck in 1997.

Good web application deployment practice also says that MyApp/Main.pm (i.e., the source of your MyApp::Main module) must not be placed under your web root (or any other web-shared directory), which ensures that there is no URL which maps to that file, thus making it impossible for a web user to access the source code of the module(s) used by your program. (Barring a serious exploit of the web server itself, of course.)

In reply to Re: hide perl script by dsheroh
in thread hide perl script by harangzsolt33

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.