> -----Original Message-----
> From: Charles K. Clarkson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 09, 2004 9:19 PM
> To: 'Catriona Pure Scents'; [EMAIL PROTECTED]
> Subject: RE: help with adjusting log file data?
>
>
> From: Catriona Pure Scents <mailto:[EMAIL PROTECTED]> wrote:
>
> : Hi Charles,
> :
> : thanks immensely. As you can probably tell I am one of those
> : people who pulled some scripts off the net to get me going,
> : and insists on making alterations.
>
> There is nothing wrong with that. Many people run very
> successful sites using that plan. CREOnline.com is easily
> the most visited RE site on line and they use an old Matt's
> Script called WWW Board. It's old, its clunky, and hundreds
> of posters a day don't seem to mind.
>
>
> : Yes the script I am attempting to alter in this instance I
> : located back in 1998. I have made heaps of other
> : alterations so it wouldn't be simple to go get the latest
> : version. :-((
>
> I got that impression, but I am obligated to point out
> the merits of warnings and strictures. I think others on this
> list would be disappointed if I didn't at least nudge you a
> little.
>
>
> : By warnings I am presuming that you mean "use strict" etc...
> : I have been asking on this list if someone can refer me to
> : sites that have details on how to convert my current scripts
> : and update them, it seems so totally different the way that
> : scripts are written with the warnings. any good books or
> : sites that you can recommend?
>
> There's a book about this mentioned a few months ago on a
> perl beginner list, but I can't find the post. Perhaps
> someone else remembers the post or the book. I seem to recall
> something about creating subs for each global variable.
>
> You may be looking at diminishing returns. Many slower
> sites are less likely to be affected by security problems.
> Hackers seem to like bigger fish. Putting a lot of effort
> into converting an old script might not be worth your time.
> Unless you think the experience will help in the long run.
>
>
> : I looked through the perl docs about that and couldn't find
> : anything. I haven't looked through about perl join though.
>
> It sounds like you need to learn more of the basics before
> you start converting a large script. If you have the time, try
> to solve some of the problems asked on these perl beginner
> lists and compare your answers with those given by the more
> experienced contributors.
>
>
> : I need to set up my old pc for that. The site I have is run
> : on Unix so I have a friend who is setting up the old pc for
> : unix, perl php etc so that I can just go ballistic and test
> : everything offline, make mistakes, try things, but at the
> : moment I don't have that luxury while they have my old pc.
>
> I do something similar, but with Apache on Windows XP.
>
>
> : Theoretically if the site stats can tell where someone came
> : from...then http_ referer would be env_var. So why wouldn't
> : it work throughout the site itself?
>
> I'm not sure I understand your question. What do you mean
> by "work throughout the site itself"?
>
> HTH,
>
> Charles K. Clarkson
> --
> Mobile Homes Specialist
> 254 968-8328
>
>
Howdy Guys -
Don't mean to butt in, but there are definite problems when relying on
HTTP_REFERER for anything except an informational item. I learned this the
hard way while writing a shopping cart script. I wanted to track users
through the site using HTTP_REFERER so that I would not have to rely on
cookies or javascripting. I discovered a couple things. Most notably, if
the user is behind a firewall, chances are HTTP_REFERER will not show up in
%ENV. If the browser does not supply that information, and it is a browser
specific thing, then HTTP_REFERER will not be in the %ENV hash. It won't
even be an empty value. Please do not rely on HTTP_REFERER for any kind of
functionality in your code. It is certain to fail at some point.
As for hackers and your site, they are a rabid pack of cannibals who don't
care what they use to get what they want. I have a site that gets less than
5 hits a day. I use it mostly for development. I thought I was safe. Yet,
some cretin began using a form of mine for his spamming campaign. Don't
feel safe because you are obscure. In fact, to quote an anonymous person,
"Security through obscurity is not secure at all." This applies to
scripting techniques as well.
By the way, this is a very simple version of getting/printing %ENV
variables -
#!/usr/bin/perl
use strict;
use CGI;
my $q = new CGI;
print $q->header;
for my $key(sort keys %ENV){print qq[<b>$key is </b>$ENV{$key}<br />];}
HTH -
Peace in Christ -
Ron Goral
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
