The chmod above answer does secure the files, but that's probably not what you really want. Unless you really want to have .pl files in your work area that no one can access or execute...



I'm guessing that you expect the .pl script to actually be executable by the web server as a cgi script? If so, it must be executable and readable by the server. Securing the file will just make it unusable in this case. In theory if the server is configured correctly, it will never serve the source code of the .pl file but always execute. This can sometimes fail resulting in the source code being delivered to the end-user's browser. This would reveal the private info you mentioned.



A better solution is to not keep sensitive data in the perl script. Always have the perl script open, read and close a file elsewhere on the web server's filesystem. This "elsewhere" should be in an area that the web server is prohibited from serving, but that a cgi script can read. In this scenario, if the code were ever delivered as text, the end-user could deduce where you keep the sensitive data. However would not be able to access this data with just web requests.

Change the mode of the file like so:



chmod 600 filename.pl



Now only the owner can read, write the file.



The chmod commands can be a bit confusing. But it is easy, if you remember the following:



read access: 4 points

write access: 2 points

execute access: 1 point



First place number: owner

Second place number: group

Third place number: anyone



ex: chmod 777 filename

(Extreamly unsecure: anyone can read, write and execute the file)



ex: chmod 644 filename

(Standard: owner can read,write, anyone can read)



That's it!

I've never done anything like that with Yahoo. Just a random attempt here -- what happens when you begin the file name with a dot?