Re: Two dimensional associative arrays?
--On Wednesday, September 17, 2003 7:52 PM -0700 Airman <[EMAIL PROTECTED]>
wrote:
Is there any special way to do row/col (two dimensional) based associative
arrays?
Something like:
$array{1.1}="line one column one";
$array{1.2}="line one column two";
Close. You need a hash of (references to) hashes:
my %HoH;
$HoH{1}{2} = "line one column two";
$HoH{1}{1} = "line one column one";
See 'perldoc perldsc' for more examples, look for "HASH OF HASHES". If you
want multidimensional arrays, see 'perldoc perlol'.
It will definitely help to understand references: 'perldoc perlref'.
"help" is a bit of an understatement. To build and use your own data
structures (or objects) effectively, you HAVE to understand references.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Two dimensional associative arrays?
Is there any special way to do row/col (two dimensional) based associative
arrays?
Something like:
$array{1.1}="line one column one";
$array{1.2}="line one column two";
or
@names(Bob,John,Jeff);
@info=(Age,Zip,Phone);
$data{Bob.Age}=23;
foreach $entry (@names) {
print "$data{$entry.Age}\n";
}
I guess in perl code maybe this would work???
But how would I assign one dimension of the two dimensional array to a new
one dimensional only array and still keep the assosiation of @info with one
assignment?
Example:
%bobsdata=$data{???}; # All bob's data
print $bobsdata{Age}; # Bob's age?
I know the below would work but looking for one assigment or the correct way
to do two dimensional assosiated arrays:
foreach $entry (@info) {
$bobsdata{$entry}=$data{Bob.$entry};
}
Thanks,
Glen
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with CPAN
Edit CPAN configuration. (do not forget to back up) For example: edit file: /usr/lib/perl5/5.6.0/CPAN/Config.pm and change the statement: 'urllist' => [q[bla .. bla.. bla..]]
Re: How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)
I think you're complicating an already quite simple thing. 1. Most major databases support permissions. Use these liberally to seperate those who only need access to the database to view contents on a single table and those who should be able to alter one table or one database and ONLY that table/database. Fixes: People from looking at, or modifying things which are not theirs. 2. Throw scripts with passwords in them (i.e. $password = 'foo') into a directory which has the following properties: a. it is readable only by the owner of the script, directory, and the scripting language. b. it is not writable by anybody but the owner. c. it has an .htaccess file or is dissallowed access without a password using an Apache directive in the main Apache config file. Fixes: Several things: i. Random users on the server who have shell access can't just: $ less ./script Nor can they: $ cd ./directory Unless they *have a reason* to. ii. Even users who have access to the cgi-bin directory don't necessarily have access to the directory to the script's directory. So they can just tell the program to execute the file but not read it. (Note: I think clever users could figure out a way to read in the script. Perhaps you could make the script executable only, or nested -- i.e.: #! /usr/bin/perl `./protected_dir/script` ) 3. Tell the database to only accept connections from localhost (or 127.0.0.1 -- or the domain names you need to access it) Fixes: Let them get the password. If they're not on the right IP address (which they obviously won't be if they don't have access in the first place). To prove the point to you try accessing the mySQL database on mathjunkies.com with username: perlbeginner password: beginner and database: perlbeginner . It won't work. Why? Because mathjunkies.com (my server) only accepts connections from localhost. 4. Run the database on a port or socket other then it's default. Fixes: Any script kiddies port scanning your server won't be able to readily identify the port on your server's function. (Of course any bonafide hackers could probably figure out its function by watching the traffic into and out of the port, or something similarly clever -- but that's a different issue) 5. Encrypt database transmissions -- mySQL, and Postgresql, (and probably Oracle and some others) allow you to use SSL certificates to keep your transmissions private. Use them if you plan on accessing the database from anywhere other then localhost. Fixes: Anybody sniffing your packets will get garbage. All of this stuff is fairly basic and outlined in the various manuals of the respective programs I have mentioned. It won't make you impenetrable -- but it will go a long way towards making your box secure. -Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
help on installing GD and libpng
I want to install GD, and libpng is pre-requisite. I did install zlib. In installing libpng, I copied the scripts/makefile.gcc following INSTALL instruction. Problem is that when I do 'make', it tells me that "make: Nothing to be done for `all'." Wonder anyone else encountered such problem and how to get out from here? I am on UNIX Solaris 8. yi __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache 1.3 config problem
- Original Message - From: "Devin B. Hedge" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 17, 2003 2:32 PM Subject: Apache 1.3 config problem > Greetings all! > > I am having a problem with my Apache config in order to run perl scripts > (*.pl) outside of the cgi-bin directory in a vHost arrangement. I have root > on the box. Perl is corrrectly cofigured and working on the box. I have > several Perl sistes running scripts out of cgi-bin. Here is my vHost file: > > > ServerAdmin [EMAIL PROTECTED] > DocumentRoot /home/devin-com/public_html/ > ServerName devin-com.devinhedge.net > # > # DirectoryIndex index.pl index.html > # > # > SetHandler perl-script > PerlHandler Apache::Registry > PerlSendHeader On > Options +ExecCGI > > HostnameLookups On > ErrorLog /home/devin-com/logs/error_log > CustomLog /home/devin-com/logs/access_log common > > Are you trying to run mod_perl or do you mean to run CGI scripts using perl? If the latter, you're confusing directives. If the former, you have other problems. I will assume you mean to run CGI scripts using perl. To enable a directory to run CGI scripts using Perl under Apache 1.3.x you can do this (I'm taking the liberty to change "Location" tags to "Directory" tags for simplicity (Location tags use a regex whereas Directory tags use file system directories, which is probably what you meant): DocumentRoot /home/devin-com/public_html/ ServerName devin-com.devinhedge.net Port80 ScriptAlias/perl/ /path/to/perl # I'm guessing it is really here: #ScriptAlias/perl/ /home/devin-com/perl # this is probably what you meant, right? AllowOverride none Options -Indexes FollowSymLinks +ExecCGI order allow,deny allow from all # likely "/home/devin-com/perl" AllowOverride none Options -Indexes +IncludesNOEXEC +ExecCGI Order allow,deny Allow from all My guess is you're just trying to get your scripts to work and aren't looking for the most optimal implementation at this time. The above should get you working (but I haven't tested it). BTW, using a ScriptAlias directory implies that every resource reachable in that ScriptAlias is a script to be executed. You don't have to use any extension with this setup. (Or, for fun, use arbitrary ones, like ".php" or ".jsp" or ".aspx" or ".cobol" or ".logo" or ".abacus"... impress your boss with your multi-vendor implementations :) If you just want to run *.pl files as perl files, whereever they are encountered, add this line instead of your Location section: AddHandler cgi-script .pl Then be sure to have a valid reference to perl on your system in the sha-bang line of your scripts. (#!/usr/bin/perl -w) If this doesn't make sense, explain your file layout (filesystem directories as such) and how you want your site to appear to web users (URLs). HTH. Robert Taylor -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Split based on length
> for(split(/(..)/, $string)) { print "*$_" if $_; }
Gorgeous :o)
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Apache 1.3 config problem
Greetings all! I am having a problem with my Apache config in order to run perl scripts (*.pl) outside of the cgi-bin directory in a vHost arrangement. I have root on the box. Perl is corrrectly cofigured and working on the box. I have several Perl sistes running scripts out of cgi-bin. Here is my vHost file: ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/devin-com/public_html/ ServerName devin-com.devinhedge.net # # DirectoryIndex index.pl index.html # # SetHandler perl-script PerlHandler Apache::Registry PerlSendHeader On Options +ExecCGI HostnameLookups On ErrorLog /home/devin-com/logs/error_log CustomLog /home/devin-com/logs/access_log common I recieve the following error when I try apachectl configtest: # apachectl configtest Checking configuration sanity for Apache 1.3: Syntax error on line 10 of /etc/httpd/conf/vhosts/bizeserv.conf: Invalid command 'PerlHandler', perhaps mis-spelled or defined by a module not included in the server configuration [ FAILED ] Checking configuration sanity for Apache 1.3/mod_perl (running in proxied mode): [ OK ] I am running: Mandrake Linux 9.1 (kernel 2.4.12) Apache 1.3.27 Perl 5.8.0 Cheers, Devin. --- forti et fideli nihil difficile --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: perl @ mysql
"Wiggins D'Anconia" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
>
> On Wed, 17 Sep 2003 12:49:28 -0400, Dan Anderson <[EMAIL PROTECTED]>
wrote:
>
> > Do you mean that you set a debug bool at the beginning of the file and
> > if (main::$debug) { spit_out_error(); } or you just don't output errors
> > at all? Doesn't that make debugging much harder?
> >
Use some type of carp equivalent to do error handling. That way you can
implement different debugging levels and even call stack dumps by simple
use() statements. I recommend Carp::Clan:
http://search.cpan.org/author/STBEY/Carp-Clan-5.1/Clan.pod
>
> Sort of, in general I was talking more about catching and handling the
error rather than printing or not printing it, meaning that rather than
letting DBI do the error handling for me, I would rather catch the error
myself and then throw the exception myself depending on what I am doing.
Then in my exception I attach the message from DBI (when I want to, which
for me is always, but your method would work as well to turn it on and off)
using something like $dbh->errstr or $DBI::errstr or $sth->errstr depending
on where the error occurred. That way I get the messages to help with
debugging, but have complete control over what the "handling an exception"
really does.
>
RTFM for the HandleError property of DBI objects:
http://search.cpan.org/author/TIMB/DBI-1.38/DBI.pm#DBI_Utility_Functions
Scroll down to $h->{HandleError}...
You can set it to a code ref that is called when a DBI exception is thrown.
Read the docs very carefully, you can design arbitrarily complex error
handling for the DBI:
sub DBIErrorHandler {
my($description, $error) = @_;
BaseModule::Debug::log(4, "DBI error: $description");
return( 1 );
}
my($dbh) = DBI->connect( ... );
$dbh->{HandleError} = \&BaseModule::Config::DBIErrorHandler;
It is really slick. For instance, you can chain arbitrary error handlers, or
depending on whether your error handler returns true or false, you can
control the builtin DBI handlers.
The DBI has one of the better error handling mechanisms found on the CPAN.
It should probably be filtered out and made into its own distro.
Todd W.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with CPAN
"John Birkhead" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > I'm a perl newbie and I'm having problems getting CPAN connecting > and downloading on SuSE 8.2. I start with 'perl -MCPAN -e shell' but the > urlist is undefined. The default of 'ftp.perl.org' doesn't work. > > If I 'o conf urlist push ftp://cpan.nas.nasa.gov/pub/perl/CPAN' (or other > mirror sites I've tried) when I download this url appears to be ignored and > the downloads are attempted from the default. > > It also appears that when I exit and restart CPAN it has forgotten the url I > added. > Sounds like maybe your CPAN configuration is blown? after invoking the cpan shell, run: cpan> o conf init to reinitialialize you cpan configuration. This is the same series of steps you went through to initialize CPAN.pm. You will be given a list of mirrors and so fourth. Todd W. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: portable directory tree searching
John W. Krahn wrote: > > Michael Weber wrote: > > > > Been to CPAN enough that I'm seeing crosseyed. > > > > What I want to do is to write a program that will return a list of > > files named *.edi which are found in /*/files_in > > directory and then process each file one at a time. > > > > Now for the kicker. It needs to run now on a Win32 platform, and > > in a few months on a Linux platform with as few changes as possible. > > > > In a linux shell script, it would look something like this: > > > > for file in $base_dir/*/files_in/*.edi > > do > > > > done > > > > Am I looking for a module to return file names when it is a coding issue? > > I don't know if this will work on Windows but on Linux you can use glob > to do this. > > my @files = glob "$base_dir/*/files_in/*.edi"; Yes John, that's also fine under Windows. /R -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conceptual -- Spam stopper script
> Perhaps one day the SMTP protocol will be rewritten to perform checks > on the sender, perhaps one day . You know it is interesting to think about what would be more efficient (resource wise): current SMTP or SMTP with back checking. Because you would use resources by checking addresses (and spammers could create valid e-mail addresses) but spam might be squelched because it was harder to spam. -Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conceptual -- Spam stopper script
zsdc wrote: Hanson, Rob wrote: You will probably run into a few issues. First you need to fetch the MX record for the domain before you can even connect. After that you could use the SMTP verify user command to see if the user exists, ...or just use Email::Valid module. Sorry, I meant Mail::CheckUser module. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: or operator
Nigel Peck - MIS Web Design wrote: Sorry for the delay in responding. The Perl 6 format is what I was thinking, just have to wait for that :) For more info about Perl 6 syntax, see http://dev.perl.org/ Quantum::Superpositions sounds pretty cool. It's very cool. Every scalar can be in superposition of many states, with two simple "any" and "all" operators. For example this code: #!/usr/bin/perl -w use Quantum::Superpositions; $x = all(1..3); $y = all(10,100); $z = $x * $y; $str = "ABC$z"; print $str; prints: all(ABC10,ABC20,ABC30,ABC100,ABC200,ABC300) See perldoc Quantum::Superpositions for better examples. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cross-site scripting (was Re: )
Chuck Fox wrote: Sometimes "dumb users" can be quite creative: http://www.patrick.fm/boobies/boobies.php?text=VeriSign%3E";>I Love VeriSign [...] > No matter how foolproof you make, the fools keep getting smarter. > > Chuck That's not entirely true. As this examples shows, VeriSign programmers made a very stupid mistake causing the cross-site scripting vulnerability. They assumed they know how the input looks like, so there's no need to properly quote it before printing. Making their website show nudity may be funny but reading their users' cookies and personal login information might be much less funny. It could be easily avoided. If anything an attacker has to do in order to break their security is to fool any one of their users to click a link *.verisign.com/x=%20%22%27%3E... (or even automatically redirect anyone to such a link) then it is a very serious and easily expliotable vulnerability. Considering VeriSign's gigantic user base and the rank of information they manage (not to mention it's a website to which they will point any non-existing DNS records very soon) it's absolutely terrifying. I would immediately fire anyone responsible for this flaw without asking any question. The bottom line is: you can write a foolproof CGI script. It's not even very hard. Use CGI.pm with $CGI::POST_MAX (and $CGI::DISABLE_UPLOADS when appropriate) to get the input. Use CGI::Untaint to validate it. Use DBI placeholders and html-escape any printed data coming from user. Use the taint mode. Don't give up just because fools keep getting smarter. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conceptual -- Spam stopper script
Hanson, Rob wrote: You will probably run into a few issues. First you need to fetch the MX record for the domain before you can even connect. After that you could use the SMTP verify user command to see if the user exists, ...or just use Email::Valid module. but I think you might find that many SMTP servers will not give you a reliable answer. I think AOL, for example, will always tell you that the user exists (I may be wrong though). Basicaly you cannot know for sure if any given email address is valid. You'd have to send an actual email, wait some time for bounces, and even then you wouldn't be sure. This is why websites requiring email address often send password in email during the registration (which is completely insecure but makes sure the email is valid). I think you might be better off with Spam Assassin, or using an ISP that uses it. I agree. On the other hand, it can't hurt to try doing it yourself. If we don't count the DOSing and lots of false positives then of course it can't hurt. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conceptual -- Spam stopper script
Thanks Guys... Perhaps one day the SMTP protocol will be rewritten to perform checks on the sender, perhaps one day . Thanks for all your thoughts.. Jerry On Wednesday, Sep 17, 2003, at 11:58 Europe/Brussels, zsdc wrote: Hanson, Rob wrote: You will probably run into a few issues. First you need to fetch the MX record for the domain before you can even connect. After that you could use the SMTP verify user command to see if the user exists, ...or just use Email::Valid module. but I think you might find that many SMTP servers will not give you a reliable answer. I think AOL, for example, will always tell you that the user exists (I may be wrong though). Basicaly you cannot know for sure if any given email address is valid. You'd have to send an actual email, wait some time for bounces, and even then you wouldn't be sure. This is why websites requiring email address often send password in email during the registration (which is completely insecure but makes sure the email is valid). I think you might be better off with Spam Assassin, or using an ISP that uses it. I agree. On the other hand, it can't hurt to try doing it yourself. If we don't count the DOSing and lots of false positives then of course it can't hurt. -- ZSDC Perl and Systems Security Consulting -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: perl @ mysql
On Wed, 17 Sep 2003 12:49:28 -0400, Dan Anderson <[EMAIL PROTECTED]> wrote:
> Do you mean that you set a debug bool at the beginning of the file and
> if (main::$debug) { spit_out_error(); } or you just don't output errors
> at all? Doesn't that make debugging much harder?
>
Sort of, in general I was talking more about catching and handling the error rather
than printing or not printing it, meaning that rather than letting DBI do the error
handling for me, I would rather catch the error myself and then throw the exception
myself depending on what I am doing. Then in my exception I attach the message from
DBI (when I want to, which for me is always, but your method would work as well to
turn it on and off) using something like $dbh->errstr or $DBI::errstr or $sth->errstr
depending on where the error occurred. That way I get the messages to help with
debugging, but have complete control over what the "handling an exception" really does.
http://danconia.org
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Split based on length
> Hi,
Howdy
> you can use split for this sort of thing. For example:
>
> my $string = "hello there";
>
> # add an extra '.' for every character you want
> my @pairs = split(/(..)/, $string);
>
> The only thing you want to be careful about is empty
> quotes/nothing (e.g. ''). For example, if we wanted to print
> the character pairs:
>
> foreach(@pairs)
> {
> # we'll skip on the empty elements
> if($_ eq '')
> {
> next;
> }
>
> # print each pair, preceded by a *
> # you could push onto another array instead
> print "*$_";
> }
>
> Can't think of anything more code efficient at the moment but
> I hope this helps.
How about this instead of a zillion lines?
for(split(/(..)/, $string)) { print "*$_" if $_; }
Although wouldn't that mean every second pair of characters would be missing?
But as for efficiency or just plain, one line sexxyness that look swell to me!
HTH
Dmuey
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: perl @ mysql
Do you mean that you set a debug bool at the beginning of the file and
if (main::$debug) { spit_out_error(); } or you just don't output errors
at all? Doesn't that make debugging much harder?
-Dan
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: portable directory tree searching
Michael Weber wrote: > > Been to CPAN enough that I'm seeing crosseyed. > > What I want to do is to write a program that will return a list of > files named *.edi which are found in /*/files_in > directory and then process each file one at a time. > > Now for the kicker. It needs to run now on a Win32 platform, and > in a few months on a Linux platform with as few changes as possible. > > In a linux shell script, it would look something like this: > > for file in $base_dir/*/files_in/*.edi > do > > done > > Am I looking for a module to return file names when it is a coding issue? I don't know if this will work on Windows but on Linux you can use glob to do this. my @files = glob "$base_dir/*/files_in/*.edi"; John -- use Perl; program fulfillment -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Split based on length
Nyimi Jose wrote:
>
> Do you see any pitfall if i remove the 'm' on the regexp
> And use $string =~ /.{1,$len}/g; instead ?
>
> I have tried without the 'm', it works as well :-)
If you use // to delimit the regular expression then the 'm' is not
required. In other words, m// and // are exactly the same.
John
--
use Perl;
program
fulfillment
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Split based on length
On Sep 17, Jeff 'japhy' Pinyan said:
>On Sep 17, NYIMI Jose (BMB) said:
>
>>Let say the known length is 2.
>>If the string is 'abcd', my array should be ('ab', 'dc')
>>And if my string is 'abcdef', my array should be ('ab', 'dc', 'ef').
>
>I'd just use:
>
> @groups = $string =~ /../g; # use ... for three, or .{3}, etc.
>
>You don't need capturing parens in this case.
Although it should probably be /../gs, since . doesn't match newlines by
default. And following the lead of other regex solutions, you could use
the .{1,$x} approach.
@groups = $string =~ /.{1,$x}/gs;
--
Jeff "japhy" Pinyan [EMAIL PROTECTED] http://www.pobox.com/~japhy/
RPI Acacia brother #734 http://www.perlmonks.org/ http://www.cpan.org/
what does y/// stand for? why, yansliterate of course.
[ I'm looking for programming work. If you like my work, let me know. ]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: perl @ mysql
On Wed, 17 Sep 2003 09:48:31 +0200, peter grotz <[EMAIL PROTECTED]> wrote: > Hi, > > I wanna use a mysql-database for our systemuser-management. > Adding and showing a list of users is no problem but now my question: > > How can I handle the appearing mysql-errorcode instead of the > "die"-statement when I´m selecting or deleting a nonexisting entry in my > database? > You may want to have a look at the documentation for 'RaiseError' and 'PrintError' in the error handling section of the DBI docs: http://search.cpan.org/author/TIMB/DBI-1.38/DBI.pm#PrintError In general, for a web app (which you didn't indicate you had) I prefer not raising an error (default) and switching 'PrintError' off. Then performing my own error handling with 'errstr' attribute. Otherwise I would probably let RaiseError handle them and catch the exception (if I needed to) with an 'eval if ($@)' construct. http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problems with CPAN
On Wed, 17 Sep 2003 08:16:22 -0700, John Birkhead <[EMAIL PROTECTED]> wrote: > Hi, > I tried this (unshift) and I still get the problem - see the > cut/paste below. However, commiting changes works well. > > > ibm600x:~ # perl -MCPAN -e shell > > cpan shell -- CPAN exploration and modules installation (v1.61) > ReadLine support enabled > > cpan> > cpan> > cpan> o conf urlist > urlist > ftp://cpan.nas.nasa.gov/pub/perl/CPAN > Type 'o conf' to view configuration edit options > > > cpan> install Net::IMAP > CPAN: Storable loaded ok > Going to read /root/.cpan/Metadata > Warning: Found only 0 objects in /root/.cpan/Metadata > CPAN: LWP::UserAgent loaded ok > Fetching with LWP: > ftp://ftp.perl.org/authors/01mailrc.txt.gz > LWP failed with code[404] message[Can't chdir to authors] > Fetching with Net::FTP: > ftp://ftp.perl.org/authors/01mailrc.txt.gz > Couldn't cwd authors at /usr/lib/perl5/5.8.0/CPAN.pm line 2182. Naturally what's weird is that a) CPAN isn't finding your list of configured sites, and b) the apparently hardcoded default is incorrect. Afraid I don't have many ideas about the first other than trying to remove the MyConfig.pm and re-configuring CPAN (not that I think this will help much). As for the second, that seems like a corrupted CPAN.pm to me, since I have the following hardcoded on both a 5.8.0 RH9 box and a 5.6.1 Solaris 8 box: $CPAN::Defaultsite ||= "ftp://ftp.perl.org/pub/CPAN";; But your CPAN seems to be trying to hit the site without the 'pub/CPAN' which is why you are getting the not found errors. You might try hacking the CPAN you have installed to see what the 'Defaultsite' is set to, and/or downloading and reinstalling CPAN itself. http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: perl @ mysql
> Hi,
Howdy
>
> I wanna use a mysql-database for our systemuser-management.
> Adding and showing a list of users is no problem but now my question:
>
> How can I handle the appearing mysql-errorcode instead of the
> "die"-statement when I´m selecting or deleting a nonexisting
Assuming I understand your question right...
You have something like this right?
$dbh->function() or die "Boo hoo for me $DBI::errstr"; ?
How about:
my $myerr;
$dbh->function(...) or $myerr .= "Boo hoo for me $DBI::errstr\n";
$dbh->function2(..) or $myerr .= "Boo hoo for me again $DBI::errstr\n";
if(!$myerr) { print "Yee haw it seems to have worked!"; }
else { print "Can\'t you do anythign right?\n $myerr"; }
No die or exit, just go with the flow and mod_perl safe (IE no exit calls) to!
HTH
Dmuey
> entry in my
> database?
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Split based on length
Do you see any pitfall if i remove the 'm' on the regexp
And use $string =~ /.{1,$len}/g; instead ?
I have tried without the 'm', it works as well :-)
Thanks to all of you by the way...
José.
-Original Message-
From: Rob Dixon [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2003 5:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Split based on length
Nyimi Jose wrote:
>
> I have a string which i know, it is a concatenation of "fixed length
> of substring". I would like to split it based on this known length and
> get as result An array containing each substring.
>
> Let say the known length is 2. If the string is 'abcd', my array
> should be ('ab', 'dc') And if my string is 'abcdef', my array should
> be ('ab', 'dc', 'ef').
>
> I was thinking about unpack function but how to make it dynamic?
>
> I mean writing :
> my @items = unpack('A2 A2', $str);
> Will work for $str='abdc';
> Not for $str='abcdef';
>
> Any ideas ?
Hi Nyimi.
The subroutine 'split_len' below will do what you want.
HTH,
Rob
use strict;
use warnings;
my $string = join '', 'A' .. 'Z';
print map "$_\n", split_len(7, $string);
sub split_len {
my ($len, $string) = @_;
$string =~ m/.{1,$len}/g;
}
OUTPUT
ABCDEFG
HIJKLMN
OPQRSTU
VWXYZ
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
DISCLAIMER
"This e-mail and any attachment thereto may contain information which is confidential
and/or protected by intellectual property rights and are intended for the sole use of
the recipient(s) named above.
Any use of the information contained herein (including, but not limited to, total or
partial reproduction, communication or distribution in any form) by other persons than
the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either by
telephone or by e-mail and delete the material from any computer".
Thank you for your cooperation.
For further information about Proximus mobile phone services please see our website at
http://www.proximus.be or refer to any Proximus agent.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: portable directory tree searching
On Wed, 17 Sep 2003 10:38:08 -0500, "Michael Weber" <[EMAIL PROTECTED]> wrote: > Been to CPAN enough that I'm seeing crosseyed. > > What I want to do is to write a program that will return a list of files named *.edi > which are found in /*/files_in directory and then process each > file one at a time. > > Now for the kicker. It needs to run now on a Win32 platform, and in a few months on > a Linux platform with as few changes as possible. > > In a linux shell script, it would look something like this: > > for file in $base_dir/*/files_in/*.edi > do > > done > > Am I looking for a module to return file names when it is a coding issue? > Have you checked out File::Find? Should be standard with "newer" Perl's. Should do exactly what you are asking... http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
portable directory tree searching
Been to CPAN enough that I'm seeing crosseyed. What I want to do is to write a program that will return a list of files named *.edi which are found in /*/files_in directory and then process each file one at a time. Now for the kicker. It needs to run now on a Win32 platform, and in a few months on a Linux platform with as few changes as possible. In a linux shell script, it would look something like this: for file in $base_dir/*/files_in/*.edi do done Am I looking for a module to return file names when it is a coding issue? Thanx! -Michael -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to "bless" while "strict"?
On Tuesday, September 16, 2003, at 09:26 PM, sfryer wrote: So ... what is the correct "strict" way to "bless $talking, Horse"? bless $talking, "Horse"; George -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to "bless" while "strict"?
On Sep 16, sfryer said: >use strict; >bless $talking, Horse; # <<<< this is the source of the problem Quote 'Horse'. -- Jeff "japhy" Pinyan [EMAIL PROTECTED] http://www.pobox.com/~japhy/ RPI Acacia brother #734 http://www.perlmonks.org/ http://www.cpan.org/ what does y/// stand for? why, yansliterate of course. [ I'm looking for programming work. If you like my work, let me know. ] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Split based on length
Nyimi Jose wrote:
>
> I have a string which i know, it is a concatenation of "fixed
> length of substring". I would like to split it based on this
> known length and get as result An array containing each
> substring.
>
> Let say the known length is 2. If the string is 'abcd', my array
> should be ('ab', 'dc') And if my string is 'abcdef', my array
> should be ('ab', 'dc', 'ef').
>
> I was thinking about unpack function but how to make it dynamic?
>
> I mean writing :
> my @items = unpack('A2 A2', $str);
> Will work for $str='abdc';
> Not for $str='abcdef';
>
> Any ideas ?
Hi Nyimi.
The subroutine 'split_len' below will do what you want.
HTH,
Rob
use strict;
use warnings;
my $string = join '', 'A' .. 'Z';
print map "$_\n", split_len(7, $string);
sub split_len {
my ($len, $string) = @_;
$string =~ m/.{1,$len}/g;
}
OUTPUT
ABCDEFG
HIJKLMN
OPQRSTU
VWXYZ
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Split based on length
On Sep 17, NYIMI Jose (BMB) said:
>Let say the known length is 2.
>If the string is 'abcd', my array should be ('ab', 'dc')
>And if my string is 'abcdef', my array should be ('ab', 'dc', 'ef').
I'd just use:
@groups = $string =~ /../g; # use ... for three, or .{3}, etc.
You don't need capturing parens in this case.
--
Jeff "japhy" Pinyan [EMAIL PROTECTED] http://www.pobox.com/~japhy/
RPI Acacia brother #734 http://www.perlmonks.org/ http://www.cpan.org/
what does y/// stand for? why, yansliterate of course.
[ I'm looking for programming work. If you like my work, let me know. ]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
perl(this) and perl(the)
Are these part of CPAN modules or built into Perl itself? I'm trying to install Mysql and it's complaining that perl(this) and perl(the) are missing. I couldn't find anything on Google. Cheers -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
perl @ mysql
Hi, I wanna use a mysql-database for our systemuser-management. Adding and showing a list of users is no problem but now my question: How can I handle the appearing mysql-errorcode instead of the "die"-statement when I´m selecting or deleting a nonexisting entry in my database? Thanks in advance! -Peter -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with DynaLoader.pm
Fischer Ulrich wrote: > Hi > > I'm new on this List, and perhaps it is the wrong place. > > Here is my problem: > > I upgraded my SuSE Linux from version 7.3 (perl 5.6..) to 8.2. (perl > 5.8.0). > > Now I get the following error: > > Can't load '/sw/bin/dislin/perl/Dislin.so' for module Dislin: > /sw/bin/dislin/perl/Dislin.so: undefined symbol: PL_stack_max at > /usr/lib/perl5/5.8.0/i586-linux-thread-multi/DynaLoader.pm line 229. > at /sw/prog/wberi/fehlzusgraph.pl line 2 > > I think the problem is the DynaLoader. Has somebody an idea? > > Thanks > > Ulrich > > -- > Ulrich G. Fischer > Dipl. Natw. ETH > Center Aerodynamics > > Ruag Aerospace Tel. +41 41 268 23 53 > Technologies/Projects Division Fax. +41 41 268 38 97 > P.O. Box 301[EMAIL PROTECTED] > CH-6032 Emmen [EMAIL PROTECTED] > Switzerland www.ruag.com The pre-compiled Perl module of DISLIN is compatible to Perl version 5.6 but not to Perl version 5.8. You can either recompile the module or you can download and install the RedHat 9 distribution of DISLIN that contains a pre-compiled module file for Perl 5.8. The RedHat 9 distribution of DISLIN is compatible to SuSE 8.1/8.2. If you want to recompile the DISLIN Perl module by yourself, you can copy the tar.gz file in the directory $DISLIN/perl to a temporary directory, unzip and untar it, and recompile the module via Perl Makefile.PL and make. It is described in the README.PERL file. Regards, --- Helmut Michels Max-Planck-Institut fuer Aeronomie Phone: +49 5556 979-334 Max-Planck-Str. 2 Fax : +49 5556 979-240 D-37191 Katlenburg-Lindau Mail : [EMAIL PROTECTED] DISLIN Home Page: http://www.dislin.de -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)
Hello, Many thanks to R. Joseph Newton, Motherofperls, essential quint and Chuck Fox for answering my questions, however it is still not what I was asking about. My previous posts were long and maybe unclear so I'll try to get straight to the point this time, adding more details at the bottom of my post. It is actually an extremely common situation: There is a CGI script written in Perl. It is a frontend to an SQL database. The script has to connect to the database so it has to send a password. I need that password to be secure. I am not interested in security through obscurity. There are other websites on the web server and other users on the system. My solution was using SUID wrappers giving my script an EUID of a system user having only one purpose: being the only member of the only group having read privilage to a file storing the database password. The disadvantage of this solution is the large number of system users and groups (few for every website/database) and corresponding database accounts (with the minimum set of privileges each). I am quite new to Perl and particularly new to database programming, so I'd like to ask how all of you Perl gurus are solving that common problem of database password security. Is there any better solution than mine? This problem is simple and common, but if there is any better place to ask this questions, I'd be grateful for pointing me there. I have tried my best to find any related informations on the Web and Usenet archives, only to fail miserably. I will not believe that any sane person has passwords harcoded into the script itself on any production system, like it is suggested in every example of using DBI (which, as I assume, is done only for the sake of the examples simplicity). For more datails of my original questions and reasoning see: Date: Sat, 13 Sep 2003 05:09:58 -0500 (EST) Message-Id: <[EMAIL PROTECTED]> http://www.mail-archive.com/beginners%40perl.org/msg46845.html Date: Sat, 13 Sep 2003 21:25:55 -0500 (EST) Message-Id: <[EMAIL PROTECTED]> http://www.mail-archive.com/beginners%40perl.org/msg46856.html I was trying to be very clear this time, moving the most important informations to the top of my message, so everyone could know what I mean before getting lost in the details of my own reasoning. And now some details: Joseph, I was asking about database password, not password database, but speaking about the latter, I would never use a self-made custom hashing algorithm you suggested, nor would I buy any third-party RSA encryption application for that matter.[1] Also, this is not true that the hashing algorithm is any more secure as a compiled object.[2] Quint, I was not wondering whether to use RDBMS or flat files, but there are ways to make working with flat files equally convenient.[3] Of course I use HTTPS for client connections, so the users' passwords are safe in transit.[1] I use CPAN modules for everything I can and I make sure my own scripts themselves are written with security in mind.[4] Quint, you say that the argument againts flat files is that they have to be writable by the httpd process EUID, but then you propose embedding the RDBMS password in the script or module instead (readable by the server process), which essentially makes the whole database world-writable (as anyone with read access to the script or module, like everyone exploiting any other CGI script on the system, can gain full access to the database), which is absolutely unacceptable for any multiuser system connected to the Internet. Chuck, your solutions of storing the password in another database,[5] or moving the password outside the script[6] don't solve the problem, but only move it to someplace else, where it is still unsolved, not improving the security at all. Zedgar. Footnotes: [1] About the security of users' passwords: See Digest::* modules on CPAN for hashing digests. I use Data::Password::BasicCheck, Data::Password and Crypt::Cracklib (in that order) with good dictionaries to make sure the user's new password itself is secure enough (to users having problems with hard-to-guess passwords I recommend Password Safe, either the original Bruce Schneier's Counterpane Labs version, or the new one available on SourceForge). The password is stored in the database as a SHA-512 digest of the password salted with other data, as well as a large random number also stored in the database (Crypt::Random). [2] Having the hashing algorithm compiled to a native binary object improves performance, but not security (for an example see Digest::Perl::MD5 and Digest::MD5). [3] See DBD::CSV and DBD::AnyData modules for DBI interface to flat files with simple SQL queries (processed by SQL::Statement). It's great for quick prototyping, but quickly gets slow for larger files. What I personally prefer for prototyping and for any situation when there's no access to SQL database on the server, is DBD::SQLite. It's a DBI Drive
Looking for a good OpenSSL/Perl library
Does anyone know where I can find a good implementation of OpenSSL library on Perl. I tried Massimmilio Pala's OpenCA::OpenSSL and ran into some issues there. Specifically, I am not able to generate a request. Whatever DN string I pass does not seem to be acceptable to the underlying OpenSSL library. I went through the source and could not figure out where the problem lies. I searched CPAN and openssl sites and they do not seem to have a better implementation of OpenSSL. Anyone know where I can find a more complete implementation of OpenSSL in Perl? Thanks in Advance Rajesh
how to "bless" while "strict"?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm working through perlboot right now and have run up against a minor
challenge. Unlike the tutorial itself, I'm using "strict" since this
is the environment I wish to code in on a day to day basis. Following
is example code and the error message it generates.
> perl -w
use strict;
my $name= "Mr. Ed";
my $talking = \$name;
bless $talking, Horse; # <<<< this is the source of the problem
print Horse->speak,
$talking->name, " says ", $talking->sound, "\n";
{ package Animal;
sub speak {
my $class = shift;
print "a $class goes ", $class->sound, "!\n"
}
}
{ package Horse;
use base qw(Animal);
sub sound { "neigh" }
sub name {
my $self = shift;
$$self;
}
}
^D
Bareword "Horse" not allowed while "strict subs" in use at - line 5.
Execution of - aborted due to compilation errors.
>
So ... what is the correct "strict" way to "bless $talking, Horse"?
- --
=
Shaun Fryer
=
http://sourcery.ca/
ph: 905-529-0591
=
Science is like sex: occasionally something useful
comes out of it, but that's not why we do it.
- -: Richard Feynmann
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (OpenBSD)
Comment: public key http://sourcery.ca/sfryer_gpg.txt
iD8DBQE/Z7hUvN1tsN5oC50RAt+SAJ9A6Td2fiRCQVYGWtb2OKTMdNm/BACfUd6f
Kl6pA+Z9ayRSN0wk4CAJYCs=
=j7Hs
-END PGP SIGNATURE-
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problems with CPAN
Hi, I tried this (unshift) and I still get the problem - see the cut/paste below. However, commiting changes works well. ibm600x:~ # perl -MCPAN -e shell cpan shell -- CPAN exploration and modules installation (v1.61) ReadLine support enabled cpan> cpan> cpan> o conf urlist urlist ftp://cpan.nas.nasa.gov/pub/perl/CPAN Type 'o conf' to view configuration edit options cpan> install Net::IMAP CPAN: Storable loaded ok Going to read /root/.cpan/Metadata Warning: Found only 0 objects in /root/.cpan/Metadata CPAN: LWP::UserAgent loaded ok Fetching with LWP: ftp://ftp.perl.org/authors/01mailrc.txt.gz LWP failed with code[404] message[Can't chdir to authors] Fetching with Net::FTP: ftp://ftp.perl.org/authors/01mailrc.txt.gz Couldn't cwd authors at /usr/lib/perl5/5.8.0/CPAN.pm line 2182. Trying with "/usr/bin/wget -O -" to get ftp://ftp.perl.org/authors/01mailrc.txt.gz --08:12:44-- ftp://ftp.perl.org/authors/01mailrc.txt.gz => `-' Resolving ftp.perl.org... failed: Name or service not known. System call "/usr/bin/wget -O - "ftp://ftp.perl.org/authors/01mailrc.txt.gz"; > /root/.cpan/sources/authors/01mailrc.txt" returned status 1 (wstat 256) Warning: expected file [/root/.cpan/sources/authors/01mailrc.txt.gz] doesn't exist Issuing "/usr/bin/ftp -n" ftp: Name or service not known Not connected. Local directory now /root/.cpan/sources/authors Not connected. Not connected. Not connected. Not connected. Bad luck... Still failed! Can't access URL ftp://ftp.perl.org/authors/01mailrc.txt.gz. Please check, if the URLs I found in your configuration file (ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 'o conf urllist push ftp://myurl/' Could not fetch authors/01mailrc.txt.gz Fetching with LWP: ftp://ftp.perl.org/modules/02packages.details.txt.gz LWP failed with code[500] message[LWP::Protocol::MyFTP: Bad hostname 'ftp.perl.org'] Fetching with Net::FTP: ftp://ftp.perl.org/modules/02packages.details.txt.gz Trying with "/usr/bin/wget -O -" to get ftp://ftp.perl.org/modules/02packages.details.txt.gz --08:12:52-- ftp://ftp.perl.org/modules/02packages.details.txt.gz => `-' Resolving ftp.perl.org... failed: Name or service not known. System call "/usr/bin/wget -O - "ftp://ftp.perl.org/modules/02packages.details.txt.gz"; > /root/.cpan/sources/modules/02packages.details.txt" returned status 1 (wstat 256) Warning: expected file [/root/.cpan/sources/modules/02packages.details.txt.gz] doesn't exist Issuing "/usr/bin/ftp -n" ftp: Name or service not known Not connected. Local directory now /root/.cpan/sources/modules Not connected. Not connected. Not connected. Not connected. Bad luck... Still failed! Can't access URL ftp://ftp.perl.org/modules/02packages.details.txt.gz. Please check, if the URLs I found in your configuration file (ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 'o conf urllist push ftp://myurl/' Could not fetch modules/02packages.details.txt.gz Fetching with LWP: ftp://ftp.perl.org/modules/03modlist.data.gz LWP failed with code[500] message[LWP::Protocol::MyFTP: Bad hostname 'ftp.perl.org'] Fetching with Net::FTP: ftp://ftp.perl.org/modules/03modlist.data.gz Trying with "/usr/bin/wget -O -" to get ftp://ftp.perl.org/modules/03modlist.data.gz --08:12:56-- ftp://ftp.perl.org/modules/03modlist.data.gz => `-' Resolving ftp.perl.org... failed: Name or service not known. System call "/usr/bin/wget -O - "ftp://ftp.perl.org/modules/03modlist.data.gz"; > /root/.cpan/sources/modules/03modlist.data" returned status 1 (wstat 256) Warning: expected file [/root/.cpan/sources/modules/03modlist.data.gz] doesn't exist Issuing "/usr/bin/ftp -n" ftp: Name or service not known Not connected. Local directory now /root/.cpan/sources/modules Not connected. Not connected. Not connected. Not connected. Bad luck... Still failed! Can't access URL ftp://ftp.perl.org/modules/03modlist.data.gz. Please check, if the URLs I found in your configuration file (ftp://ftp.perl.org/) are valid. The urllist can be edited. E.g. with 'o conf urllist push ftp://myurl/' Could not fetch modules/03modlist.data.gz Going to write /root/.cpan/Metadata Warning: Cannot install Net::IMAP, don't know what it is. Try the command i /Net::IMAP/ to find objects with matching identifiers. If you have further suggestions I would appreciate it... Thanks, John -Original Message- From: Wiggins d'Anconia [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 8:08 AM To: John Birkhead; '[EMAIL PROTECTED]' Subject: RE: Problems with CPAN On Wed, 17 Sep 2003 07:27:46 -0700, John Birkhead <[EMAIL PROTECTED]> wrote: > Hi, > I'm a perl newbie and I'm having problems getting CPAN connecting > and downloading on SuSE 8.2. I start with 'perl -MCPAN -e shell' but the > urlist is undefined. The default of 'ftp.perl.org' doesn't work. > > If I 'o conf u
Re: How to secure database password? (was Re: Perl/DBI newbie: password storage / security question)
Zedgar, You are chasing the yourself into circles. Security is dictated by circumstances and resources available. In our case, we had plenty of both and developed for our needs the "best" solution. Insofar as the storing of the password for the login that is used to get the password, we took the approach of encrypting the passwords prior to inserting them in our password server and using the guest login to get the passwords (no password on guest). So a user could login to our password server as guest and get the passwords for a server, however the data is encrypted and would require our decryption module to make sense of it. Again, the point is that, "secure" has to be defined for your particular circumstances. If it makes more sense for you to use the OS to protect passwords, then that is your "best" solution. Good Luck, Chuck [EMAIL PROTECTED] wrote: Hello, Many thanks to R. Joseph Newton, Motherofperls, essential quint and Chuck Fox for answering my questions, however it is still not what I was asking about. My previous posts were long and maybe unclear so I'll try to get straight to the point this time, adding more details at the bottom of my post. It is actually an extremely common situation: There is a CGI script written in Perl. It is a frontend to an SQL database. The script has to connect to the database so it has to send a password. I need that password to be secure. I am not interested in security through obscurity. There are other websites on the web server and other users on the system. My solution was using SUID wrappers giving my script an EUID of a system user having only one purpose: being the only member of the only group having read privilage to a file storing the database password. The disadvantage of this solution is the large number of system users and groups (few for every website/database) and corresponding database accounts (with the minimum set of privileges each). I am quite new to Perl and particularly new to database programming, so I'd like to ask how all of you Perl gurus are solving that common problem of database password security. Is there any better solution than mine? This problem is simple and common, but if there is any better place to ask this questions, I'd be grateful for pointing me there. I have tried my best to find any related informations on the Web and Usenet archives, only to fail miserably. I will not believe that any sane person has passwords harcoded into the script itself on any production system, like it is suggested in every example of using DBI (which, as I assume, is done only for the sake of the examples simplicity). For more datails of my original questions and reasoning see: Date: Sat, 13 Sep 2003 05:09:58 -0500 (EST) Message-Id: <[EMAIL PROTECTED]> http://www.mail-archive.com/beginners%40perl.org/msg46845.html Date: Sat, 13 Sep 2003 21:25:55 -0500 (EST) Message-Id: <[EMAIL PROTECTED]> http://www.mail-archive.com/beginners%40perl.org/msg46856.html I was trying to be very clear this time, moving the most important informations to the top of my message, so everyone could know what I mean before getting lost in the details of my own reasoning. And now some details: Joseph, I was asking about database password, not password database, but speaking about the latter, I would never use a self-made custom hashing algorithm you suggested, nor would I buy any third-party RSA encryption application for that matter.[1] Also, this is not true that the hashing algorithm is any more secure as a compiled object.[2] Quint, I was not wondering whether to use RDBMS or flat files, but there are ways to make working with flat files equally convenient.[3] Of course I use HTTPS for client connections, so the users' passwords are safe in transit.[1] I use CPAN modules for everything I can and I make sure my own scripts themselves are written with security in mind.[4] Quint, you say that the argument againts flat files is that they have to be writable by the httpd process EUID, but then you propose embedding the RDBMS password in the script or module instead (readable by the server process), which essentially makes the whole database world-writable (as anyone with read access to the script or module, like everyone exploiting any other CGI script on the system, can gain full access to the database), which is absolutely unacceptable for any multiuser system connected to the Internet. Chuck, your solutions of storing the password in another database,[5] or moving the password outside the script[6] don't solve the problem, but only move it to someplace else, where it is still unsolved, not improving the security at all. Zedgar. Footnotes: [1] About the security of users' passwords: See Digest::* modules on CPAN for hashing digests. I use Data::Password::BasicCheck, Data::Password and Crypt::Cracklib (in that order) with good dictionaries to make sure the user's new password itself is secure enough (to users having problems with hard-to-guess
RE: Problems with CPAN
On Wed, 17 Sep 2003 07:27:46 -0700, John Birkhead <[EMAIL PROTECTED]> wrote: > Hi, > I'm a perl newbie and I'm having problems getting CPAN connecting > and downloading on SuSE 8.2. I start with 'perl -MCPAN -e shell' but the > urlist is undefined. The default of 'ftp.perl.org' doesn't work. > > If I 'o conf urlist push ftp://cpan.nas.nasa.gov/pub/perl/CPAN' (or other > mirror sites I've tried) when I download this url appears to be ignored and > the downloads are attempted from the default. > Don't know for sure but you may want to 'unshift' rather than push the URL, though it should fall through if the first fails. > It also appears that when I exit and restart CPAN it has forgotten the url I > added. > You have to 'commit' the changes made with 'o conf' directives for them to be saved. 'o conf commit' should do the trick. > Does anyone have any guidance??? > > HTH, http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Split based on length
NYIMI Jose (BMB) <[EMAIL PROTECTED]> wrote:
:
: I mean writing :
: my @items = unpack('A2 A2', $str);
: Will work for $str='abdc';
: Not for $str='abcdef';
:
: Any ideas ?
use POSIX 'ceil';
my $size = 4;
my @items = unpack "A$size" x ceil( (length $string) / $size ), $string;
OR:
use Data::Dumper;
use POSIX 'ceil';
print Dumper fixed_split( 6, '12345678' );
sub fixed_split {
return [ unpack "A$_[0]" x ceil( ( length $_[1] ) / $_[0] ), $_[1] ];
}
HTH,
Charles K. Clarkson
--
Head Bottle Washer,
Clarkson Energy Homes, Inc.
Mobile Home Specialists
254 968-8328
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Split based on length
Hi,
you can use split for this sort of thing. For example:
my $string = "hello there";
# add an extra '.' for every character you want
my @pairs = split(/(..)/, $string);
The only thing you want to be careful about is empty quotes/nothing (e.g. ''). For
example, if we wanted to print the character pairs:
foreach(@pairs)
{
# we'll skip on the empty elements
if($_ eq '')
{
next;
}
# print each pair, preceded by a *
# you could push onto another array instead
print "*$_";
}
Can't think of anything more code efficient at the moment but I hope this helps.
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Problems with CPAN
Hi, I'm a perl newbie and I'm having problems getting CPAN connecting and downloading on SuSE 8.2. I start with 'perl -MCPAN -e shell' but the urlist is undefined. The default of 'ftp.perl.org' doesn't work. If I 'o conf urlist push ftp://cpan.nas.nasa.gov/pub/perl/CPAN' (or other mirror sites I've tried) when I download this url appears to be ignored and the downloads are attempted from the default. It also appears that when I exit and restart CPAN it has forgotten the url I added. Does anyone have any guidance??? Thanks, John -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Split based on length
Hello,
I have a string which i know, it is a concatenation of "fixed length of substring".
I would like to split it based on this known length and get as result
An array containing each substring.
Let say the known length is 2.
If the string is 'abcd', my array should be ('ab', 'dc')
And if my string is 'abcdef', my array should be ('ab', 'dc', 'ef').
I was thinking about unpack function but how to make it dynamic ?
I mean writing :
my @items = unpack('A2 A2', $str);
Will work for $str='abdc';
Not for $str='abcdef';
Any ideas ?
Thanks,
José.
DISCLAIMER
"This e-mail and any attachment thereto may contain information which is confidential
and/or protected by intellectual property rights and are intended for the sole use of
the recipient(s) named above.
Any use of the information contained herein (including, but not limited to, total or
partial reproduction, communication or distribution in any form) by other persons than
the designated recipient(s) is prohibited.
If you have received this e-mail in error, please notify the sender either by
telephone or by e-mail and delete the material from any computer".
Thank you for your cooperation.
For further information about Proximus mobile phone services please see our website at
http://www.proximus.be or refer to any Proximus agent.
Re: Any Suggestions for Programmer Needing To Know Perl by Tomorrow?
Dan Anderson wrote: > My local pointy haired boss decided I should learn Perl over the weekend The whole language, and all its subtleties, or some functional subset. > > -- specifically to interact with databases and use in CGI programming. What is your first Perl task. Focus on the task itself, work out the logic, and write what code you can to express that logic. Then let us know about where you are getting stuck. The more specific you can be about the immediate needs, the better you can focus your efforts in learning the language. Joseph -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to secure database password? (was Re: Perl/DBI newbie: password stora...
The only solutions I've discovered is:
( for less secure tables)
1. Crypt the password
2. Put it into directory not in the public domain
3. Set the permissions set only for your scripts.
( for more secure tables)
1. I would gather sensitive info last if possible.
2. Do not put the password on the server.
3. It would have to gathered with a form and you have to have ssl. Then
track the password and page state with javascript. Always use post in your
forms method attribute. Any links on your page should have a target attribut of
_blank so as not to lose tracking or display the password in the address bar.
If you find any other solutions please let me know.
Here is some javascript that I use for maintaining state in my scripts.
Alter the script to your own variables where applicable.
*** Maintaining page state
**
function setpage(){
// append the links with thier email
//document.write(document.links.length+" links ");
var sep = "&";
for(var i=0;i
Re: OT: Conceptual -- Spam stopper script
From: Jerry Rocteur <[EMAIL PROTECTED]> > I've been analyzing my SPAM by replying to it lately and find that > MOST email addresses where the SPAM originates do not exist.. Nothing > new here.. > > What I'd like to do is to write a script that accesses my pop mail, > gets the From: address, verifies it and if it is a valid address, > accepts the mail, otherwise, removes it.. > > Is this feasible or plain wishful thinking ??? > > I've written perl scripts to handle sending mail and to access pop > mail but I'm not sure of being able to do the above ??? While it is kinda possible, it's not worth the hassle. And it would be pretty slow. You'd better install some spam filtering/tagging tool. I use PopFile plus rules in my Pegasus Mail and after a little trainig (of the PopFile, not myself ;-) this works very well. http://popfile.sourceforge.net/ Jenda = [EMAIL PROTECTED] === http://Jenda.Krynicky.cz = When it comes to wine, women and song, wizards are allowed to get drunk and croon as much as they like. -- Terry Pratchett in Sourcery -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Conceptual -- Spam stopper script
You could try SpamAssassin (www.spamassassin.org). Quite effective rule based blocking. A lot (if not most) Spam emails come from real email addresses, they just don't belong to the guy that sent the email. For the Spammers that use their own email addresses (be it Yahoo or Hotmail etc.), if you reply they'll know your email address is 'real' and you'll receive 10X more, so be careful. SMTP has a command called 'RCPT TO: [EMAIL PROTECTED]', this will return 250 if the email address exists on that server (see http://cr.yp.to/smtp.html). You can send real-time SMTP commands using the Net::Cmd module. There is one great big downside to this though (I think) the Qmail SMTP server will return '250' to every email address also some legitimate newsletters don't use 'real' email addresses either. Good luck! -Original Message- From: Jerry Rocteur [mailto:[EMAIL PROTECTED] Sent: 16 September 2003 22:33 To: [EMAIL PROTECTED] Subject: OT: Conceptual -- Spam stopper script Hi, I've been analyzing my SPAM by replying to it lately and find that MOST email addresses where the SPAM originates do not exist.. Nothing new here.. What I'd like to do is to write a script that accesses my pop mail, gets the From: address, verifies it and if it is a valid address, accepts the mail, otherwise, removes it.. Is this feasible or plain wishful thinking ??? I've written perl scripts to handle sending mail and to access pop mail but I'm not sure of being able to do the above ??? I realize this is a bit OFF topic but SPAM is getting to me ;-(( Thanks for your thoughts, Jerry Rocteur. Italy did it first... http://www.rocteur.cc/geeklog/public_html/ article.php?story=20030914164349518 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problems with opening a word doc on similar systems
I am facing a very strange problem while i try opening a word document through my perl program. So far, i use the system() function. system(1, $winword_pathm $word_document); That works well on a win98 system, but it doesn't on another win98 system. Those machines have Office 97. What is the real problem because it drives me mad. Have you ever face such a annoying problem? Please help!!! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
