I am developing this web app in perl, multiple cgis, some conf files.. temp files, etc. Right now it is more or less being expected to set up alongside http accesible dir, so.. if a user has /srv/whatever/username/public_html , the app would reside in /srv/whatever/username/app - that is, all sennsitive data about the applciation resides there.
Mow most cgis reside in the webshare- but they contain nothing that would make them dangerous if read as text. They contain no passwords, absolute paths to anything, etc. I should still move them out of http accessible, right?
- Should I put all the cgis to reside under /srv/whatever/username/cgi-bin and thus accessible via https://site.com/cgi-bin/app ?
- should i place all config files for this app also somewhere in the cgi-bin/app/conf_files, for example?
- Are people generally expecting to install a web app under cgi-bin, and thus asking them to create a dir alongside their http accesible root- would that be too much for them? To ask?