Hi webmasters, I’ve been searching on the web about security on source code on perl scripts and shtml files (server side includes). How safe is the code? I don’t want people looking into my code.
My concern comes from this: On php the file itself “.php” has the source code, is the script AND the html, BUT when occasionally when certain types of server overloads occur the server WONT exec the script but instead will let you download the file. This means that at certain point the users might be able to download a php file as it is, (with the code) instead of the parsed html output.
I’ve only seen this problem happening with php files (or the internal server error message). As for the same overload I’ve never seen a perl script behaving the same except for the “internal server error” or “some out of memory error”. I’m pretty confident on perl script (.pl - .cgi).
On a related note, do shtml files get the same problem as php files? I’m planning to implement pages with conditions where depending on a parameter some html will be shown and the other part will not be shown. This can be made via shtml files, my concern is if at some point there is any situation where the server will let the user download the file (something I don’t want to). There are other ways to solve what I’m planning to do, is just that at this point it is better to hold on a xx.com/script.shtml than xx.com/cgi-bin/script.pl as url.
thanks in advance