Perl: the Markov chain saw PerlMonks

### Re: Perl Obsfucate Or Encrypter

by Itatsumaki (Friar)
 on May 29, 2003 at 19:28 UTC ( #261660=note: print w/replies, xml ) Need Help??

in reply to Perl Obsfucate Or Encrypter

This is probably a bad approach, but I can't personally see why so maybe wiser monks can inform?

What if... the CGI is just a wrapper program? It takes the parameters, passes them along to another PERL script which does the real processing and returns a nice long HTML string. The CGI program receives the string, prints it back to the browser and... presto! Code is hidden! There will be a cost in maintenance complexity and in performance. But, aside from those issues are there any hidden "gotcha" issues that make that approach unwise?

-Tats

Replies are listed 'Best First'.
Re: Re: Perl Obsfucate Or Encrypter
by Mr. Muskrat (Canon) on May 29, 2003 at 19:40 UTC
Read How can I hide the source for my Perl program?. If someone can read the source of your CGI script, they can read the source of the script that the CGI calls (meaning they have access to the system via a means other than the web browser).

The FAQ you listed didn't seem to say anything about that, did I miss it?

Either way, can't you get around that by calling the script via backticks () or through a system call? If you call a C program via system or backticks does that reveal the object-code to the calling script too?

-Tats

You missed the section that contains this key line: (That doesn't mean that a CGI script's source is readable by people on the web, though, only by people with access to the filesystem)

But you are missing the point too. The source of a CGI script can only be viewed by people with sufficient access to the file system. They have to have shell or local access to view the source code. (Unless you have hosed your web server configuration!) So there is no point in running a script through another script before sending the output to the browser.

Create A New User
Node Status?
node history
Node Type: note [id://261660]
help
Chatterbox?
 [Corion]: thezip: If you want to confuse your users, use system(1, "that\\command" );, which will make Perl launch it in the background [Corion]: That will keep the console window open even though the user can't type into it anymore [thezip]: So I have a script that generates a log file. After script completion, I want tohave VIM open this logfile. [thezip]: i don't get the command line "back" until I close VIM. No what I want to happen... [thezip]: I currently don't have access to CYGWIN, else I'd just do a tail -f on the logfile. [Corion]: thezip: If you want to open vim and can live with opening a second console window, use start "The results" vim.exe c:\path\to\logfile .log [thezip]: Ooops... I lied. I guess Cygwin is back. I'll just do a tail -f instead. Better. Sorry for the noise.

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (12)
As of 2017-03-27 18:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
Voting Booth?
Should Pluto Get Its Planethood Back?

Results (321 votes). Check out past polls.