All customer Perl scripts that are called directly as CGI scripts must be placed in the customer's cgi-bin directory. This directory is above the public_html directory.
Permissions
CGI scripts should generally be given permissions 755, that is:
User: Read, Write, Execute
Group: Read, Execute
Other/World: Read, ExecuteDirectory Listing: -rwxr-xr-x
Files that are to be modified by the script, that also need to be viewable by people on the web should be 644, that is:
User: Read, Write
Group: Read
Other/World: ReadDirectory Listing: -rw-r--r--
Files that only the script should be able to read/write should be 600, that is:
User: Read, Write
Group: None
Other/World: NoneDirectory Listing: -rw-------
Prerequisites
All Perl scripts on Vicnet need to begin with the line:
#!/usr/bin/perlIf you are having problems, or wish to check security in a script, you can try using:
#!/usr/bin/perl -wTThis turns on most useful warnings and "taint checking" which examines how data that comes from outside a script is handled. This and other security tips are discussed in the documentation mentionned in the intro above.
If you are writing a Perl script that sends email, you must include the following headers in your code:
X-Script-URL
X-Referring-URL
Errors
Vicnet customers do not have access to the server error log and therefore will generally just see an "Error 500" if a Perl script doesn't work properly. The following code snippet placed in a Perl program at the top (beneath the #! line) will cause detailed errors to be sent to the web browser viewing the page.
BEGIN {
print "Content-type: text/html\n\n";
use CGI::Carp qw(carpout);
$|="1";
carpout("STDOUT");
}
This is useful for debugging, but should be taken out once the problems are solved as if the script should contain any sensitive information, and the line which contains sensitive information causes an error, it will be printed to the remote browser. If calling several scripts from within another script, only the parent script needs the above line.
Security
Due to the highly powerful nature of Perl, security is of particular concern. For this reason all customer scripts/macros/programs etc. on Vicnet are subject to approval by our technical department. Customers do not have to submit a script for checking but should be aware that should a script be found that contains security or performance compromising code, it will be disabled and/or removed without prior notice.
Vicnet has a team of developers who can provide custom Perl development however this incurs a fee. For professional site development queries, please contact us.