When you're accessing a script through the web the server's webserver handles the POST and GET requests to the script... if everything's set up properly the script will execute and the webserver will forward the script's output to the client's browser. In this situation $sreaon
will not be exposed to the web client so long as the script itself does not output it; the server leaves everything to the CGI, and it's up to the CGI to determine what gets output or not.
However, the kicker here is "everything properly set up." If the webserver doesn't recognize your script as a CGI (i.e., if the permissions are set incorrectly) then a POST or GET request for your script will output the source of your script to the browser instead of the executed script's output. In addition, if there's some other CGI on your server that allows webusers to view scripts without executing them you could be exposed that way, too. (There used to be, for example, a script installed in old Apache distributions that could be abused to "echo" arbitrary sourcecode to a browser window.)
And of course your source could be read using methods other than the web server. If the server handles other services (FTP, Telnet, SSH, etc.) someone could potentially access your source and secret variable that way, too. It gets very complicated very quickly... how much effort you go to to protect your information depends on your paranoia level and the value of your data.
Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
Want more info? How to link or
or How to display code and escape characters
are good places to start.