Fw: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more.
Oops, Now it should be attached... :-) Slava - Original Message - From: "Slava Bizyayev" <[EMAIL PROTECTED]> To: "Per Einar Ellefsen" <[EMAIL PROTECTED]> Cc: "mod_perl Mailing List" <[EMAIL PROTECTED]> Sent: Tuesday, October 29, 2002 11:49 PM Subject: Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more. > Hi Per, > > Web Content Compression FAQ is attached in POD format. Please, let me know > if you find something formatted inappropriately. > > Thanks, > Slava > > > - Original Message - > From: "Per Einar Ellefsen" <[EMAIL PROTECTED]> > To: "Slava Bizyayev" <[EMAIL PROTECTED]> > Cc: "mod_perl Mailing List" <[EMAIL PROTECTED]> > Sent: Monday, October 28, 2002 1:56 AM > Subject: Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site > scripting and more. > > > > At 04:23 28.10.2002, Slava Bizyayev wrote: > > >Hi Ged, > > >I would be happy to reformat that FAQ to any required format if somebody > is > > >interested in it... > > > > Hello Slava, > > > > We talked about it some time ago: It would be very interesting to add that > > FAQ to the mod_perl website. Just convert it to POD and send it to me. > > > > > > -- > > Per Einar Ellefsen > > [EMAIL PROTECTED] > > > > > > > FAQ.pod Description: Binary data
Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more.
Hi Per, Web Content Compression FAQ is attached in POD format. Please, let me know if you find something formatted inappropriately. Thanks, Slava - Original Message - From: "Per Einar Ellefsen" <[EMAIL PROTECTED]> To: "Slava Bizyayev" <[EMAIL PROTECTED]> Cc: "mod_perl Mailing List" <[EMAIL PROTECTED]> Sent: Monday, October 28, 2002 1:56 AM Subject: Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more. > At 04:23 28.10.2002, Slava Bizyayev wrote: > >Hi Ged, > >I would be happy to reformat that FAQ to any required format if somebody is > >interested in it... > > Hello Slava, > > We talked about it some time ago: It would be very interesting to add that > FAQ to the mod_perl website. Just convert it to POD and send it to me. > > > -- > Per Einar Ellefsen > [EMAIL PROTECTED] > > >
Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more.
At 04:23 28.10.2002, Slava Bizyayev wrote: Hi Ged, I would be happy to reformat that FAQ to any required format if somebody is interested in it... Hello Slava, We talked about it some time ago: It would be very interesting to add that FAQ to the mod_perl website. Just convert it to POD and send it to me. -- Per Einar Ellefsen [EMAIL PROTECTED]
Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more.
Hi Ged, I would be happy to reformat that FAQ to any required format if somebody is interested in it... Thanks, Slava - Original Message - From: "Ged Haywood" <[EMAIL PROTECTED]> To: "Slava Bizyayev" <[EMAIL PROTECTED]> Cc: "mod_perl Mailing List" <[EMAIL PROTECTED]> Sent: Sunday, October 27, 2002 1:11 PM Subject: Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more. > Hi there, > > On Sun, 27 Oct 2002, Slava Bizyayev wrote: > > > Let me introduce to you (and to the list ;) my Content Compression > > FAQ (attached in M$ WORD format). > > Thanks, but if you're going to publish things for this List > I think most people will want POD or plain text. Definitely > not M$ Word format. > > 73, > Ged. > >
Re: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more.
Hi Richard, Let me introduce to you (and to the list ;) my Content Compression FAQ (attached in M$ WORD format). It answers some of your questions... Slava - Original Message - From: "Richard Clarke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 27, 2002 7:21 AM Subject: Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more. > List, > Before I embark on a day exploring the pros and cons of today's > cleaning/compression tools, I wondered if any of you could give me some > feedback about your own experiences within the context of medium/large scale > web sites/applications (E-Toys etc). > > Is it too presumtious to expect that many users now have high speed > connections and tools that clean and/or compress html are of a small benefit > anymore? That is not to mention the proliferation of "pretty" websites with > 90% graphics. > > Given that gzip style compressions work very well with plain text due to > whitespace characters etc, is the combination of modules like Apach::Clean, > Apache::Compress (and Apache::Filter) an overkill. Is there really much > benefit in using Apache::Clean AND Apache::Compress (Or similar compatible > modules/technologies) with consideration of performance trade offs arising > from using these modules. > > Is there any advantage to using modules like HTML::Tree or HTML::Parser to > remove information (i.e. removing autoexecuting javascript tags and any > other CSS issues) from user submitted information. Will a well designed set > of regular expressions perform this sanitisation more efficiently? Not > forgetting that not all user input arrives via a form. e.g. web mail (Though > we can thank Anomy/Spamassassin/ClamAV/MIMEDefang and others for helping out > here). > > I realise this post doesn't relate directly to mod_perl per se, however > mod_perl does a great deal to encourage a high ratio of coupling to cohesion > in the way we build our applications/sites. At the same time however we > can't deny the fact that the faster we can serve our webpages the happier > our users will be. > > I have been following the discussion on the list for a few months and though > threads have cropped up addressing some of these issues I haven't really > seen anyone advocate a specific stance on the situation. Perhaps someone who > has faced these decisions many times can offer some insight? I'm curious as > to whether a lot of technologies are used outside of developement. Has much > changed in the past year to make any of the above discussions especially > different? > > Just please point me to online references if this has been discussed to > death. > > Richard. > > Web Content Compression FAQ-rev7.doc Description: MS-Word document
Apache::Clean, Apache::Compress, mod_gzip/deflate, cross site scripting and more.
List, Before I embark on a day exploring the pros and cons of today's cleaning/compression tools, I wondered if any of you could give me some feedback about your own experiences within the context of medium/large scale web sites/applications (E-Toys etc). Is it too presumtious to expect that many users now have high speed connections and tools that clean and/or compress html are of a small benefit anymore? That is not to mention the proliferation of "pretty" websites with 90% graphics. Given that gzip style compressions work very well with plain text due to whitespace characters etc, is the combination of modules like Apach::Clean, Apache::Compress (and Apache::Filter) an overkill. Is there really much benefit in using Apache::Clean AND Apache::Compress (Or similar compatible modules/technologies) with consideration of performance trade offs arising from using these modules. Is there any advantage to using modules like HTML::Tree or HTML::Parser to remove information (i.e. removing autoexecuting javascript tags and any other CSS issues) from user submitted information. Will a well designed set of regular expressions perform this sanitisation more efficiently? Not forgetting that not all user input arrives via a form. e.g. web mail (Though we can thank Anomy/Spamassassin/ClamAV/MIMEDefang and others for helping out here). I realise this post doesn't relate directly to mod_perl per se, however mod_perl does a great deal to encourage a high ratio of coupling to cohesion in the way we build our applications/sites. At the same time however we can't deny the fact that the faster we can serve our webpages the happier our users will be. I have been following the discussion on the list for a few months and though threads have cropped up addressing some of these issues I haven't really seen anyone advocate a specific stance on the situation. Perhaps someone who has faced these decisions many times can offer some insight? I'm curious as to whether a lot of technologies are used outside of developement. Has much changed in the past year to make any of the above discussions especially different? Just please point me to online references if this has been discussed to death. Richard.
