On Sun, 18 Dec 2005 18:16:20 -0500, Jeff MacDonald wrote:
Hi Jeff,
> /usr/www/www.mysite.com/www - this dir holds my cgi's my images, my
> html /usr/www/www.mysite.com/etc/ - this holds my templates, my
> modules etc.
Exactly, even though there are so many ways of doing this.
Brad,
The rules I use are:
o If the web server's config gets stuffed up, and client sees (Perl) code rather
than runs it, then they should only be allowed to see the absolute minimum.
So, a CGI script like:
#!/usr/bin/perl
use lib '/home/ron/lib';
use strict;
use warnings;
use CGI::Application::Demo;
#-
delete @ENV{'BASH_ENV', 'CDPATH', 'ENV', 'IFS', 'PATH', 'SHELL'}; # For
security.
CGI::Application::Demo -> new() -> run();
gives away as little as possible.
Anything the program needs to make visible to the client, eg:
-- Instance scripts
-- HTML templates
-- Images
-- Javascript
-- CSS
is in client-visible directories.
o All else is in dirs which the web server is not allowed to deliver to the
client, eg:
-- Perl modules
-- Config files
But I see Jeff puts his templates in the latter category :-). YMMV.
--
Ron Savage
[EMAIL PROTECTED]
http://savage.net.au/index.html
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/cgiapp@lists.erlbaum.net/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
