Pls help me 2 troubleshoot
Dear List, I'm quite a beginner to Perl (it's going to be almost 2 mths).I've written the following codes and I can't seem to get the correct output where user's can choose their search engine for search. Pls correct me since I'm really lost. Secondly, I want to use the HTML::TreeBuilder to read the search results and pick up the lines with the search terms. How should I go abt it? Care to share some info. Should I put the search results from e.g till into HTML::TreeBuilder and do a match to pick the lines? Any suggestions/comments to this? Thanks in advance. Hope to hear a.s.a.p Rgds, webexample.pl -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pls help me 2 troubleshoot
When you write $searchengine = $q-> param("$se{searchengine}"); %se = { "av" => "AltaVista", "yh" => "Yahoo", "gg" => "Google"}; ... why do you define %se after you have used it, instead of before? Why do you redefine it on every call to the subroutine? Why do you call for $se{searchengine}, when you have only defined $se{av}, $se{yh} and $se{gg}? Why do you call the subroutine only once? - Roger - - Original Message - From: "Sunthari" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, September 19, 2001 10:41 AM Subject: Pls help me 2 troubleshoot > Dear List, > > I'm quite a beginner to Perl (it's going to be almost > 2 mths).I've written the following codes and I can't > seem to get the correct output where user's can choose > their search engine for search. Pls correct me since > I'm really lost. > > Secondly, I want to use the HTML::TreeBuilder to read > the search results and pick up the lines with the > search terms. How should I go abt it? Care to share > some info. > > Should I put the search results from e.g till > into HTML::TreeBuilder and do a match to pick > the lines? Any suggestions/comments to this? > > Thanks in advance. Hope to hear a.s.a.p > > Rgds, > > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pls help me 2 troubleshoot
> When you write > > > $searchengine = $q-> > param("$se{searchengine}"); > %se = { "av" => "AltaVista", > "yh" => "Yahoo", > "gg" => "Google"}; > > > ... why do you define %se after you have used it, > instead of before? Why do > you redefine it on every call to the subroutine? Why Meaning I should define it before going to the subroutine itself ? I really dunno this. > do you call for > $se{searchengine}, when you have only defined > $se{av}, $se{yh} and $se{gg}? > Why do you call the subroutine only once? Well, I'm calling $se{searchengine} where 'searchengine' is the input taken from the user in webpage. User choose the search engine from the dropdown list.Options are Yahoo with value 'yh', AltaVista 'av' and Google 'gg'. > Why do you call the subroutine only once? Do I have to call it many times in a loop. Once user goes back to search, it a brand new search, right? Correct me if I 'm wrong but basically I want to read the input from the dropdown list and process the search. Thank again for your attention.Pls correct me. Rgds, > - Roger - > > - Original Message - > From: "Sunthari" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, September 19, 2001 10:41 AM > Subject: Pls help me 2 troubleshoot > > > > Dear List, > > > > I'm quite a beginner to Perl (it's going to be > almost > > 2 mths).I've written the following codes and I > can't > > seem to get the correct output where user's can > choose > > their search engine for search. Pls correct me > since > > I'm really lost. > > > > Secondly, I want to use the HTML::TreeBuilder to > read > > the search results and pick up the lines with the > > search terms. How should I go abt it? Care to > share > > some info. > > > > Should I put the search results from e.g > till > > into HTML::TreeBuilder and do a match to > pick > > the lines? Any suggestions/comments to this? > > > > Thanks in advance. Hope to hear a.s.a.p > > > > Rgds, > > > > > > > > > > > > > > > > -- > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pls help me 2 troubleshoot
Assuming the web page returns 'av', 'yh' or 'gg' as values for searchengine, you probably want to write %se = { "av" => "AltaVista", "yh" => "Yahoo", "gg" => "Google"}; $searchengine = $q-> param('searchengine'); $search = new WWW::Search ($se{$searchengine }); I can't see any need for subroutines. You will need to introduce a lot of checking on error conditions, and you should probably introduce your variables with 'my' - thus: my %se = { "av" => "AltaVista", "yh" => "Yahoo", "gg" => "Google"}; my $searchengine = $q-> param('searchengine'); my $search = new WWW::Search ($se{$searchengine }); Regards - Roger - - Original Message - From: "Sunthari" <[EMAIL PROTECTED]> To: "Roger C Haslock" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, September 19, 2001 3:17 PM Subject: Re: Pls help me 2 troubleshoot > > When you write > > > > > > $searchengine = $q-> > > param("$se{searchengine}"); > > %se = { "av" => "AltaVista", > > "yh" => "Yahoo", > > "gg" => "Google"}; > > > > > > ... why do you define %se after you have used it, > > instead of before? Why do > > you redefine it on every call to the subroutine? Why > Meaning I should define it before going to the > subroutine itself ? I really dunno this. > > > do you call for > > $se{searchengine}, when you have only defined > > $se{av}, $se{yh} and $se{gg}? > > Why do you call the subroutine only once? > > Well, I'm calling $se{searchengine} where > 'searchengine' is the input taken from the user in > webpage. User choose the search engine from the > dropdown list.Options are Yahoo with value 'yh', > AltaVista 'av' and Google 'gg'. > > > Why do you call the subroutine only once? > Do I have to call it many times in a loop. Once user > goes back to search, it a brand new search, right? > > Correct me if I 'm wrong but basically I want to read > the input from the dropdown list and process the > search. > > Thank again for your attention.Pls correct me. > > Rgds, > > - Roger - > > > > - Original Message - > > From: "Sunthari" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Wednesday, September 19, 2001 10:41 AM > > Subject: Pls help me 2 troubleshoot > > > > > > > Dear List, > > > > > > I'm quite a beginner to Perl (it's going to be > > almost > > > 2 mths).I've written the following codes and I > > can't > > > seem to get the correct output where user's can > > choose > > > their search engine for search. Pls correct me > > since > > > I'm really lost. > > > > > > Secondly, I want to use the HTML::TreeBuilder to > > read > > > the search results and pick up the lines with the > > > search terms. How should I go abt it? Care to > > share > > > some info. > > > > > > Should I put the search results from e.g > > till > > > into HTML::TreeBuilder and do a match to > > pick > > > the lines? Any suggestions/comments to this? > > > > > > Thanks in advance. Hope to hear a.s.a.p > > > > > > Rgds, > > > > > > > > > > > > > > > > > > > -- -- > > > > > > > > > -- > > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > -- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security Suggestions Please!
If you want your usernames and passwords to look something like this. ªaRtW¢³†Ê¬Ì~“µv$¾ïà then store passwords in a mysql blob field with the encrypt() function and a "key". I learned this technique from a very excellent tutorial by Aaron Weiss at the following URL: www.wdvl.com/Authoring/Languages/Perl/PerlfortheWeb/personalization2.html If you don't feel like reading through it, I included some of my sample code below to get you started. Other articles in that same series also include usage of MD5 for creating checksums. etc. Ibrahim Dawud --- my ($uname,$pw1) = @_; my $key1 = 'some_key'; my $key2 = 'some_other_key'; # Reverse password my @char = split (//,$pw1); @char = reverse @char; my $pwR = join "", @char; my $pwjoin = $pwR . $key2; my $qry = qq ( INSERT INTO users_table VALUES (encode('$uname','$key1'), encode('$pw1','$pwjoin') )); my $sth = $dbh->do($qry) or bail_out("Unable to perform DO query"); --- and then to decode my ($uname,$pw) = @_; my $key1 = 'some_key'; my $key2 = 'some_other_key'; my @char = split (//,$pw); @char = reverse @char; my $pwR = join "", @char; my $pwJ = $pwR . $key2; $qry = qq( SELECT decode(login,'$key1'), decode(pwd,'$pwJ') FROM users_table WHERE decode(login,'$key1')='$uname' AND decode(pwd,'$pwJ')='$pw'); more code here. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
setuid question: "insecure dependency"?
Hi all -- I'm trying to write a setuid script to change passwords on a machine via the web. I am not trying to change the local passwords (i.e. *not* modifying /etc/password), but I do need the script to be run as root so it can call another password-changing utility which is doing the actual work. When run from the command line as root, the script works fine. However, when run as myself (after setting the script to be setuid root) I get the following error generated from the script's system call: "Insecure dependency in system while running setuid at ./chpass_web.pl line 159." Perl is installed on this system to use suid emulation, so it's calling the 'suidperl' binary. The problem originates from the following line of code: system "/bin/echo $new_password1 | /usr/local/sbin/saslpasswd -p $in_username"; The documentation I've seen implies that variables can't be passed directly into the shell, as they are above, but I couldn't reword the system call in any way that still enabled it to work. Can anyone help with this? Or lead me to any pointers on suidperl? I've already read the perlsec manpage, and searched through the mailing list archives... Thanks! Andria -- -- Andria Thomas [EMAIL PROTECTED] System Administrator -- Tovaris, Inc. (434) 245-5309 x 105 -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setuid question: "insecure dependency"?
The problem isn't setuid Perl it's that suid forces taintmode on. Read all available docs on taintmode. In particular start with Lincoln Stein's Web security FAQ at the www.w3c.org website... and re-read perldoc perlsec as you've stated you've done, but this time pay attention to the taintmode stuff. Lincoln Stein also has a good article on calling setuid stuff like changing passwords from a Web App in one of the past Perl Journal issues, but I can't recall which one at the moment. It was quite a good article though as it went through the pros and cons of several different ways of doing it. Later, Gunther At 05:14 PM 9/19/2001 -0400, Andria Thomas wrote: >Hi all -- > >I'm trying to write a setuid script to change passwords on a machine via >the web. I am not trying to change the local passwords (i.e. *not* >modifying /etc/password), but I do need the script to be run as root so >it can call another password-changing utility which is doing the actual >work. > >When run from the command line as root, the script works fine. However, >when run as myself (after setting the script to be setuid root) I get >the following error generated from the script's system call: > >"Insecure dependency in system while running setuid at ./chpass_web.pl >line 159." > >Perl is installed on this system to use suid emulation, so it's calling >the 'suidperl' binary. The problem originates from the following line >of code: > >system "/bin/echo $new_password1 | /usr/local/sbin/saslpasswd -p >$in_username"; > >The documentation I've seen implies that variables can't be passed >directly into the shell, as they are above, but I couldn't reword the >system call in any way that still enabled it to work. > >Can anyone help with this? Or lead me to any pointers on suidperl? >I've already read the perlsec manpage, and searched through the mailing >list archives... > >Thanks! >Andria > >-- >-- >Andria Thomas [EMAIL PROTECTED] >System Administrator -- Tovaris, Inc. >(434) 245-5309 x 105 > > >-- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] __ Gunther Birznieks ([EMAIL PROTECTED]) eXtropia - The Open Web Technology Company http://www.eXtropia.com/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Volunteer Project
Is anyone interested in doing a volunteer project for www.selfhelpmagazine.com with me? This is a project that involves a SQL database which I have zero experience with but have bought the Programming the Perl DBI book. --- - Teresa Raymond - - [EMAIL PROTECTED] - - http://www.mariposanet.com - --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]