On Sun, 18 Dec 2005 18:16:20 -0500, Jeff MacDonald wrote: Hi Jeff,
> /usr/www/www.mysite.com/www - this dir holds my cgi's my images, my > html /usr/www/www.mysite.com/etc/ - this holds my templates, my > modules etc. Exactly, even though there are so many ways of doing this. Brad, The rules I use are: o If the web server's config gets stuffed up, and client sees (Perl) code rather than runs it, then they should only be allowed to see the absolute minimum. So, a CGI script like: #!/usr/bin/perl use lib '/home/ron/lib'; use strict; use warnings; use CGI::Application::Demo; #- delete @ENV{'BASH_ENV', 'CDPATH', 'ENV', 'IFS', 'PATH', 'SHELL'}; # For security. CGI::Application::Demo -> new() -> run(); gives away as little as possible. Anything the program needs to make visible to the client, eg: -- Instance scripts -- HTML templates -- Images -- Javascript -- CSS is in client-visible directories. o All else is in dirs which the web server is not allowed to deliver to the client, eg: -- Perl modules -- Config files But I see Jeff puts his templates in the latter category :-). YMMV. -- Ron Savage [EMAIL PROTECTED] http://savage.net.au/index.html --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/ http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2 To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]