secure cgi

toniax has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: secure cgi by ww (Archbishop) on Dec 02, 2010 at 04:07 UTC
That would depend on your server's config; your script's location; the security of whatever admin capability is public-facing; and the phase of the moon... or the first three digits of tomorrow's winning lottery number. The first three are serious; the latter two are just to suggest (if the first three failed to make the point) that your question is so broad; so without definition; that a serious answer is nearly impossible. And when you've provided enough specificity to make a real answer possible, you might want to ask yourself if what's in or done by your script that justifies your paranoia. The answers to that may suggest ways to avoid/work-around whatever issues exist.	[reply]
Re: secure cgi by Anonymous Monk on Dec 02, 2010 at 09:02 UTC
The only way that can happen is if you misconfigure your webserver to serve your cgi programs as plain text or create a soft/hard link to your cgi-bin and expose it to the internet, so it gets served as plain text `cd public_html ln -s cgi-bin stealmysourcecode http://example.com/cgi-bin/foo.cgi UHOH!! http://example.com/stealmysourcecode/foo.cgi` [download] or if there is a bug in your webserver (apache/iis...) or a bug in your foo.cgi, like `seek DATA,0,0; print "Content-type:text/plain\n\n", "here is my sourcecode, steal secrets\n", <DATA>;` [download]	[reply] [d/l] [select]
A reply falls below the community's threshold of quality. You may see it by logging in.


go ahead... be a heretic
	PerlMonks