SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2008
    Location
    Guatemala
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Source code security and server overloads

    Hi webmasters, I've been searching on the web about security on source code on perl scripts and shtml files (server side includes). How safe is the code? I don't want people looking into my code.

    My concern comes from this: On php the file itself ".php" has the source code, is the script AND the html, BUT when occasionally when certain types of server overloads occur the server WONT exec the script but instead will let you download the file. This means that at certain point the users might be able to download a php file as it is, (with the code) instead of the parsed html output.

    I've only seen this problem happening with php files (or the internal server error message). As for the same overload I've never seen a perl script behaving the same except for the "internal server error" or "some out of memory error". I'm pretty confident on perl script (.pl - .cgi).

    On a related note, do shtml files get the same problem as php files? I'm planning to implement pages with conditions where depending on a parameter some html will be shown and the other part will not be shown. This can be made via shtml files, my concern is if at some point there is any situation where the server will let the user download the file (something I don't want to). There are other ways to solve what I'm planning to do, is just that at this point it is better to hold on a xx.com/script.shtml than xx.com/cgi-bin/script.pl as url.

    thanks in advance
    Guatemala Travel Guides
    The future was written in the past. Read, learn, travel
    Ciudades Mayas

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    On a properly configured server, this should never, ever happen, no matter the file extension. It doesn't matter if the server is overloaded to the point that most requests aren't even getting responses, the behavior doesn't change, the server doesn't start sending out code.

  3. #3
    SitePoint Enthusiast
    Join Date
    Apr 2008
    Location
    Guatemala
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Dan
    Guatemala Travel Guides
    The future was written in the past. Read, learn, travel
    Ciudades Mayas

  4. #4
    om nom nom nom Stomme poes's Avatar
    Join Date
    Aug 2007
    Location
    Netherlands
    Posts
    10,269
    Mentioned
    50 Post(s)
    Tagged
    2 Thread(s)
    Also
    There are other ways to solve what I'm planning to do, is just that at this point it is better to hold on a xx.com/script.shtml than xx.com/cgi-bin/script.pl as url.
    Since your server should be able to rewrite urls, this should also never be an issue. Lots of sites are running on Perl and you do not see the cgi folder or somescript.pl (example: booking.com, amazon.com, bbc.co.uk, I happen to know are running Perl. But you never learn that via the URL)

  5. #5
    SitePoint Enthusiast
    Join Date
    Apr 2008
    Location
    Guatemala
    Posts
    47
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Stomme poes View Post
    Also


    Since your server should be able to rewrite urls, this should also never be an issue. Lots of sites are running on Perl and you do not see the cgi folder or somescript.pl (example: booking.com, amazon.com, bbc.co.uk, I happen to know are running Perl. But you never learn that via the URL)
    thanks I have considered that as an alternative (url rewriting). The reason I'm considering shtml is I can mod any of the many html pages on dreamweaver at any time instead of having html and then converting to "html inside-perl".

    I code by hand, I use DW at the minimum, is just that for this project it seems the best option to have the html editable. Thanks
    Guatemala Travel Guides
    The future was written in the past. Read, learn, travel
    Ciudades Mayas


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •