No replies to this topic

[pngreen]

Hi,

I have been developing a system that incorporates both php and perl for a web payment system. I am running php5/apache2/ubuntu server. My apache configuration runs as www-data:www-data and all files in /var/www are owned by www-data and are chmod 0755 at this time.

This is my current directory structure for public www, there are just two scripts.
/var/www/index.php
/var/www/scripts/
/var/www/scripts/execute.pl

index.php is the main page of my site where user supplied data is entered (email address, name, etc.) and saved as $variables in the script. index.php then forwards selected variables to scripts/execute.pl where more validation checks occur and the rest of the sequence will happen. The issue I am having is that I would like to secure scripts/execute.pl so that nobody can view/download/use this file, but is still executable by the php script with the user supplied data. I have tried many combination of permissions without any success. Any help on this matter would be greatly appreciated.