[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ next ]


Webapps Policy Manual
Chapter 4 - Specific requirements for programming languages


4.1 General


4.1.1 Includable files for web applications

The web application policy divides includable files into two distinct categories: application-specific and site-wide. The former includes files not intended for use outside of the particular application in question, and the latter addresses files intended for more general use.

As previously mentioned, application-specific include files should exist in a unique subdirectory of /usr/share/PACKAGE. This subdirectory should exist outside of any web-accessible directory, as many security-related problems in poorly written web applications are the direct result of not doing so.

When applicable, site-wide include files should adhere to the rules and conventions of the respective language policy documents. Otherwise, a directory location similar to the application-specific includes path can be used. The files should be provided in a package separate from any web application or otherwise unneeded dependencies, to allow for re-use and eliminate multiple copies of the code in different packages.


4.2 PHP

Issues specific to the PHP programming language are covered in the PHP Policy Document


4.3 Perl

Issues specific to the Perl programming language are covered in the Perl Policy Document


[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ next ]


Webapps Policy Manual

Revision: DRAFT-1.10

Alexis Sukrieh
Pascal Hakim
Neil McGovern
Sean Finney
Joey Schulze