Re: How can a sub return true or value?

[Steven Brooks]

On Sunday 14 April 2002 00:40, you wrote:
 I use   for true and  for false. Is there a more standard (or
 readable) values for true and false?

 Thanks in advance.


You could use 0 as false and 1 (or another non-zero value) as true.


Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Security advice: SHA vs crypt for authenticator

[Steven Brooks]

On Wednesday 16 January 2002 11:45 am, [EMAIL PROTECTED] wrote:
 Hello,
 I'm using a nice little GDBM file for authentication. It just stores users
 and passwords as SHA1 hashes. When I need to authenticate someone (fewer
 than 15 lines in the dbm file) I just tie it and compare the SHA'd user
 input against the hex value in the dbm file. (The file is not publicly
 readable.)

 It has been suggested, however, that this is not adequately secure and that
 the passwords would be better stored crypted or some such. I don't really
 see the difference between a SHA password and a crypted password in this
 context. Wouldn't they be equally difficult to crack?

 Oh, I should add that the authenticator runs as part of a server daemon on
 a remote system, and so authentication is performed as the same user each
 time.

 Just wanted to collect some opinions before I go further. (I'm perfectly
 willing to accept the possibility I'm wrong--if I weren't I wouldn't
 ask--so fire away.)

 Thanks,
 John

Do you mean hash the password then encrypt the file that lists the hashes, or 
keep the passwords plaintext and encrypt the file?

A few concerns I can see would be if the hashes where plaintext and the file 
was encrypted would be if you broke that, then you'd have all the passwords.  
Also if someone had an account, they'd know their own username/password and 
may help with a known clear-text attack.

If the passwords where hashed, then stored in a plaintext file (like the 
passwd file on Unix/Linux systems), then that would leave them more open to 
dictionary attacks.  But you said it wasn't world-readable, so I guess that 
would make it more like shadow passwords, but still, if someone got the file, 
they could use a dictionary attack (like the crack program).

If you hashed the passwords then encrypted the file, it would make it more 
difficult to crack, but then you'd have to decrypt the entire file everytime 
you wanted to check a password (probably more pain than it's worth, 
especially if it really starts slowing down authentication).

There are tons of different options, but limiting it to these options, I'd 
probably suggest that you hash the passwords, then limit who has access to 
the file.

There's tons of webpages on encryption and subjects like this.  I'd check 
them out too.  (can't think of any of the top of my head).


Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: What are the uses of the =~ operator?

[Steven Brooks]

On Wednesday 16 January 2002 03:56 pm, rabs wrote:
 I am new to regualr expressions and becoming  accqainted with the =~
 operator. It appears to me that the =~ allows me to match a pattern in a
 REGEX against a variable. As such it  replaces the $_ varible.

 $name =~ /[rabs]/;

 mtaches with a string containing   any of the following characters   r a b
 s

 is this correct? I am quite confused

The following text is from the perlop man-page (perldoc perlop)  -- Steven

Binary =~ binds a scalar expression to a pattern match.
   Certain operations search or modify the string $_ by
   default.  This operator makes that kind of operation work
   on some other string.  The right argument is a search pat­
   tern, substitution, or transliteration.  The left argument
   is what is supposed to be searched, substituted, or
   transliterated instead of the default $_.  When used in
   scalar context, the return value generally indicates the
   success of the operation.  Behavior in list context
   depends on the particular operator.  See the Regexp Quote-
   Like Operators entry elsewhere in this document for
   details.

   If the right argument is an expression rather than a
   search pattern, substitution, or transliteration, it is
   interpreted as a search pattern at run time.  This can be
   less efficient than an explicit search, because the pat­
   tern must be compiled every time the expression is evalu­
   ated.

   Binary !~ is just like =~ except the return value is
   negated in the logical sense.

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Help with clearing an array

[Steven Brooks]

On Monday 14 January 2002 04:54 pm, you wrote:
 Can I use this :-
 @my_arry = undef;

No, because it doesn't clear the array.  Read the following quote:

Small quote from Learning Perl page 53 - under the section Using
Scalar-Producing Expressions in a List Context
begin quote
Going this direction is straightforward: if an expression doesn't normally
have a list value, the scalar value is automatically promoted to make a
one-element list:

@fred = 6 * 7; # gets the one-element list (42)
@barney = hello . ' ' . world;

Well, there's one possible catch:

@wilma = undef; # OOPS! Gets the one-element list (undef)
# which is not the same as this:
@betty = ();# A correct way to empty an array

Since undef is a scalar value, assigning undef to an array doesn't clear the
array.  The better way to do this is to assign an empty list
end quote


Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re:How to know if a symlink exists

[Steven Brooks]

On Monday 14 January 2002 02:07 am, you wrote:
 Hi, I wanted to do this:
 ln -s X Y but unless it don't already exists?
 How can I do this in Perl?
 Thanks

Using the normal file testing in Perl I think this'd work:

if (-l $filename) {
# do stuff here
}

that's a dash then the letter L in lowercase.  However this won't tell you 
if there's already a normal file with that name.  You may also want to add a 
test using -e to make sure a file with that name doesn't exist.

Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re:How to know if a symlink exists

[Steven Brooks]

On Monday 14 January 2002 02:25 am, I wrote:
 On Monday 14 January 2002 02:07 am, you wrote:
  Hi, I wanted to do this:
  ln -s X Y but unless it don't already exists?
  How can I do this in Perl?
  Thanks

 Using the normal file testing in Perl I think this'd work:

 if (-l $filename) {
   # do stuff here
 }

 that's a dash then the letter L in lowercase.  However this won't tell
 you if there's already a normal file with that name.  You may also want to
 add a test using -e to make sure a file with that name doesn't exist.

 Steven

So to answer your question

my $filename = Y;
unless (-l $filename or -e $filename) {
symlink X, Y
or warn Couldn't create symbolic link Y to X: $!;
}

NOTE: it's not necessary to make $filename = Y.  I only though it'd be 
easier to see what I was doing than (-l Y or -e Y)

Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: All files in a directory tree

[Steven Brooks]

On Monday 14 January 2002 02:42 am, you wrote:
 L.S.,
 I'm looking for a simple way to get all files in a directory and all it's
 subdirectories on Win32.
 For instance, the directory structure looks like this:

   c:\temp\
   file01.txt
   file02.txt
   c:\temp\subdir01
   subdirfile01.txt
   c:\temp\subdir01\subdir02\
   subdirfile02.txt

 Now, I want to get a list looking something like this:

 c:\temp\file01.txt
 c:\temp\file02.txt
 c:\temp\subdir01\subdirfile01.txt
 c:\temp\subdir01\subdir02\subdirfile02.txt

 How can I do this? I know I can get listings with glob, DIRHANDLE, etc, but
 I can't find anything which traverses all file in the underlying subdirs
 also.
 BTW, it has to work on Win32.
 Thanks in advance.

 Harmen Groenwold
 [EMAIL PROTECTED]

The File::Find module will do recursive directory listings.  As to how, I 
don't know.  Haven't used it yet.  Check perldoc File::Find


Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: 2 simple questions...

[Steven Brooks]

On Monday 14 January 2002 08:58 pm, Chris Anderson wrote:
 I need to be able to do a wget (But not with a system() command if
 possible)
 I need to get the current directory. In Linux I type pwd and it shows it
 to me, or
 I can use the $PWD variable. But if I :
 print The current path is: $PWD;
 it is blank.
 How can I get the current path variable?

 TIA!


In Linux (and probably any other *nix), use $ENV{PWD}

Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Adding quotes to a string variable

[Steven Brooks]

On Monday 07 January 2002 03:16 am, you wrote:
 You have two options:

 Option one: Put the string between single quotes $a = 'Test Test Test';

 Option two:  $a = q(Test Test Test);

 Regards
 Robert Graham

Well, there are other options.  Not that they are better, but they are
options.  Both require escaping the characters.

$a = \Test Test Test\;
$a = qq{\Test Test Test\};


Steven

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]