Everytime I create a new script I try to put a lot of thought into its security and all the steps I should take to make it secure. However, I would like to know if hackers are able to download my whole website, and if so do they download all of my perl scripts including text files (storing valuable information). If only text files were impossible to download under any circumstances, then my scripts would be 100% hacker proof. Any ideas?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How insecure really is Perl?
- Thread starter xmassey
- Start date
Hi
I think this question is more about how secure is your web server.
The web server is the one which should never send out the source of a CGI script. If the web server sends the script source, the CGI script itself in that moment is not running, so it has nothing to do.
And this stands not only for any scripting language, but for any binary CGI applications too.
Anyway, you should never put sensitive data inside the HTTP document root directory, neither in CGI scripts or any file.
Feherke.
I think this question is more about how secure is your web server.
The web server is the one which should never send out the source of a CGI script. If the web server sends the script source, the CGI script itself in that moment is not running, so it has nothing to do.
And this stands not only for any scripting language, but for any binary CGI applications too.
Anyway, you should never put sensitive data inside the HTTP document root directory, neither in CGI scripts or any file.
Feherke.
MrCBofBCinTX
Technical User
make sure your script permissions are set to 711, NOT 755 like mosts say. (-rwx--x--x instead of -rwxr-xr-x )
Only a few configurations need 755. NEVER use 777!!
This will prevent downloading your scripts. It is also best that the scripts owner not be the same as the webserver.
If you are on shared hosting then another user can almost certainly download your script with a perl script, if he is on the same server. Once again 711 permissions prevents this in most cases If this is your server alone change umask to 037. That gives default permissions of 740 or -rw-r----- It can be a hassle to have to fix problems with chmod loosen permissions but thats far easier than having to remember to secure files with CHMOD when created (esp with automated stuff)
Also read up on directory permisions which are harder to understand. some may be changed, perhaps, to add security
Only a few configurations need 755. NEVER use 777!!
This will prevent downloading your scripts. It is also best that the scripts owner not be the same as the webserver.
If you are on shared hosting then another user can almost certainly download your script with a perl script, if he is on the same server. Once again 711 permissions prevents this in most cases If this is your server alone change umask to 037. That gives default permissions of 740 or -rw-r----- It can be a hassle to have to fix problems with chmod loosen permissions but thats far easier than having to remember to secure files with CHMOD when created (esp with automated stuff)
Also read up on directory permisions which are harder to understand. some may be changed, perhaps, to add security
- Status
Similar threads