SSI calls
Hello World Is the line print DATAFILE (The file was recorded at !--#config timefmt=%d%b%y at %r--); a valid cgi line? All I want to do is record the time a cgi script is called that writes other form data to a file but the server objects to this line. The rest of the form goes into DATAFILE OK. Is it because of the use of double quotes twice by any chance??? cheers JimmyG -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSI calls
Try escaping the double quotes with a backslash print DATAFILE (The file was recorded at !--#config timefmt=\%d%b%y at %r\--); Jimmy George [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello World Is the line print DATAFILE (The file was recorded at !--#config timefmt=%d%b%y at %r--); a valid cgi line? All I want to do is record the time a cgi script is called that writes other form data to a file but the server objects to this line. The rest of the form goes into DATAFILE OK. Is it because of the use of double quotes twice by any chance??? cheers JimmyG -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: encryption
On Fri, 30 Aug 2002 at 10:32, Jimmy George opined: JG:Is there any way of encrypting a credit card number etc. so that it can JG:not be seen when being transmitted from desktop to server? The user JG:needs to see what they type to make sure it is correct - so how do we JG:get cgi to encrypt that at the user end before transmission. JG: JG:I have read some books about it but all we appear to be able to do is to JG:encrypt the received raw number before storing it so that the file it is JG:kept in cannot be opened and read. Is that the limit right now? JG: JG:Any ideas or places to look? you could use FreezeThaw and store all the info associated with the credit card (number, exp date, address, name, etc) as a string. http://search.cpan.org/author/ILYAZ/FreezeThaw-0.43/FreezeThaw.pm or, you can use one of the Crypt:: modules. http://search.cpan.org/search?mode=allquery=encrypt -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application Design for User Authentication
I don't believe these considerations represent actual risks of using web-server based authentication (.htaccess files). - Once a user is authenticated, the script can still tell who they are, and assume roles based on that information. - There are many scripts out there that can manage NCSA/Apache style BasicAuth (.htaccess/.htpasswd) files via a web page, with varying levels of access control. I use .htaccess files to link the web server up with MySQL/Postgresql or LDAP databases, instead of having the passwords in a text file. Then I'll have a web-based (or command-line based, or Windows desktop based) program that allows users to change their own information in the database. - .htaccess files, in a basic configuration (i.e. text-file passwords) are really no less secure than the text of your Perl script. The common misconfigurations of the web server that cause .htaccess files to be readable also make the perl scripts in the same directory readable. If you use a databasized .htaccess, then passwords aren't kept in any file accessible by the web server. On 30 Aug 2002, Gfoo wrote: you have ruled out using .htaccess for some reason? ciao drieux --- I don't want to use .htaccess, because: - there are scripts that their actions depend on the role of the user that executes them. For example there is a script all users can execute it, but its output is different for every user/user_id. - I want the users to be able to change their profile info and passwords from around the world, without having to log-in on a server to do that. - I also want to have a (web) administration console that can be used to manage users accounts that can be used by users without knowledge of how apache and .htaccess files work. - I think .htaccess files are a bit more open to be retrieved by individuals trying to break the system. Gfoo -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: encryption
On Fri, 30 Aug 2002 10:32:27 +1000, [EMAIL PROTECTED] (Jimmy George) wrote: Is there any way of encrypting a credit card number etc. so that it can not be seen when being transmitted from desktop to server? The user needs to see what they type to make sure it is correct - so how do we get cgi to encrypt that at the user end before transmission. You don't use cgi to encrypt data on the user side. If you are accepting credit card data, you need to be using the SSL protocol (https instead of http), which sends everything encrypted. The user can enter cc data in the browser, then send to a https address. None of the cc data will be visible in the transmission. If you notice, most online stores will switch from http to https when you check out. Some just run https all the time. There is a developer who is trying a method of Login Authentication with MD5 over http for people who don't have a secure server, it's called Javascript-LoginMD5. It works like this: When you first go to the cgi-script, it sends out a md5 key, which is used by some javascript in the browser to hide the password. It times out after a time delay, like 30 seconds. BUT this is totally inadequate for credit card data. If you try something like that for credit cards, you could be held liable for negligence with the data. If you are running your own server, you need to get a server-certificate from someplace like Verisign.Then you can start running a secure server with https on port 443. You can make your own self-certified certificate, but it is not trusted, because no external authority like Verisign has endorsed you as being trustworthy. What is to stop people from setting up phony stores with a self-certified certificates, just to collect credit card numbers? The Verisign people, and their competitors, investigate your legitimacy, then they give you a signed certificate to use in your web server. If you are running on a server from someone else, look at their help section for secure server or ask the administrator. I have read some books about it but all we appear to be able to do is to encrypt the received raw number before storing it so that the file it is kept in cannot be opened and read. Is that the limit right now? That is the way it is, your cgi program can only do encryptions on the data it has on the server. The encryption during transmission is handled by the protocol used either http on port 80, or https on port 443. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Redirect and cookies
On Fri, 30 Aug 2002 11:01:08 +0200, [EMAIL PROTECTED] (Alex Agerholm) wrote: Hi all, I have a problem with redirect. I have made a login system and when the user has logged in correctly I set a cookie and redirects the user to the first page. But on all pages (including the first one) I make a check to see if the user is logged in based on the cookie. When I redirect from the login page to the first page I therefore need to give the cookie along like: redirect( -uri=xxx.cgi, -cookie=$cookie); BUT IT DOES NOT WORK - my xxx.cgi script does not get the cookie. What can I do to fix this ? Have you checked that the cookie is actually being set in the browser? Then what code are you using to retreive the cookie? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Error: requires explicit package name
Hello:)
i am working on a script and have come across a problem. if i call a variable from the
preceeding
form, it works correctly, BUT, if i declare a variable within the script, then try to
use it as
the To: fiels in an e-mail, it tells me that
Global symbol $auto requires explicit package name
i have been looking through my perl and cgi books to try to figure out what this
means, but am
totally at a loss.
i have declared it two different ways, and both ways it comes back with the same error:
if ($Country eq Argentina)
{my $auto = $q-param( '[EMAIL PROTECTED]' );
}
and
if ($Country eq Argentina)
{$auto = $q-param( '[EMAIL PROTECTED]' );
}
i figure i am probably missing one little thing, but i can't figure out what it is.
Anyone got any
ideas? This is the last part of my script that i need to get working, as it will be a
huge
if/elsif statement that i will end up putting into a module.
thanks:)
thia
__
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error: requires explicit package name
on Fri, 30 Aug 2002 13:58:47 GMT, [EMAIL PROTECTED] (T) wrote:
Global symbol $auto requires explicit package name
[...]
if ($Country eq Argentina)
{my $auto = $q-param( '[EMAIL PROTECTED]' );
}
and
if ($Country eq Argentina)
{$auto = $q-param( '[EMAIL PROTECTED]' );
}
A lexical my declaration is only visible in the enclosing block.
You should write:
my $auto;
if ($Country eq Argentina) {
$auto = $q-param( '[EMAIL PROTECTED]' );
}
See M-J. Dominus' Coping with Scoping article for an excellent
introduction to scoping at
http://perl.plover.com/FAQs/Namespaces.html
--
felix
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
sorting arrays of arrays
Hello pplz, I have this tiny project goin', where I scan a html-file, get all entries from out of the table and and every single tr - table row - into an array... well, I do have two problems: 1. how do I assign new dynamic arrays, like @a25 if there is 25 rows? or lets say there is 78 rows, then I don't really want to type my @a00 = (); through my @a77 = (); using the strict module... is there a way of solving that problem? 2. I would like to sort the array of arrays by specifying a certain element of an array inside the big array. Lets say array00 in the big surrounding array consists of (McNew, Matthew, [EMAIL PROTECTED]) and array01 (Clarich, Paul, [EMAIL PROTECTED]) I'd like to reorder the arrays 00 and 01 so that if I sort by the last name array00[0] and array01[0], that array01 is infront of array00... I believe you guys get the picture... TIA -- mfg Alex mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error: requires explicit package name
Felix
Thanks! That was just what i needed:)
thia
--- Felix Geerinckx [EMAIL PROTECTED] wrote:
on Fri, 30 Aug 2002 13:58:47 GMT, [EMAIL PROTECTED] (T) wrote:
Global symbol $auto requires explicit package name
[...]
if ($Country eq Argentina)
{my $auto = $q-param( '[EMAIL PROTECTED]' );
}
and
if ($Country eq Argentina)
{$auto = $q-param( '[EMAIL PROTECTED]' );
}
A lexical my declaration is only visible in the enclosing block.
You should write:
my $auto;
if ($Country eq Argentina) {
$auto = $q-param( '[EMAIL PROTECTED]' );
}
See M-J. Dominus' Coping with Scoping article for an excellent
introduction to scoping at
http://perl.plover.com/FAQs/Namespaces.html
--
felix
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Redirect and cookies
-Original Message- From: Alex Agerholm [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 5:01 AM To: [EMAIL PROTECTED] Subject: Redirect and cookies Hi all, I have a problem with redirect. I have made a login system and when the user has logged in correctly I set a cookie and redirects the user to the first page. But on all pages (including the first one) I make a check to see if the user is logged in based on the cookie. When I redirect from the login page to the first page I therefore need to give the cookie along like: redirect( -uri=xxx.cgi, -cookie=$cookie); BUT IT DOES NOT WORK - my xxx.cgi script does not get the cookie. What can I do to fix this ? Try using a full URL, e.g. -url = http://myserver/cgi-bin/xxx.cgi The relative URL may be triggering an internal redirect, which would not pass the cookie. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
database connection problem
Hello everyone I am doing the following - 1 #!/usr/bin/perl 2 3 use strict; 4 use CGI qw(:standard); 5 use CGI::Carp qw(fatalsToBrowser); 6 use DBI; 7 8 print header; 9 print start_html(); 10 $s = 'aman'; 12 my $dth = DBI-connect(DBI:mysql:db_name,user,pass); 26 my $sth_check = dth-prepare(SELECT * FROM mytab WHERE s='$s'); 28 sth_check-execute; 41 $dth-disconnect; 137 print end_html; --- I am getting the following output. What could be wrong ??? -- Content-type: text/html Software error: Can't locate object method prepare via package dth (perhaps you forgot to load dth?) at /home/somesite/cgi-bin/script line 26. For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this error message and the time and date of the error.
RE: database connection problem
Try adding the hostname of the MySQL to your connect string. my $dth = DBI-connect(DBI:mysql:database=db_name;host=hostname,user,pass); Greg -Original Message- From: aman cgiperl [mailto:[EMAIL PROTECTED]] Sent: Friday, August 30, 2002 10:46 AM To: [EMAIL PROTECTED] Subject: database connection problem Hello everyone I am doing the following - 1 #!/usr/bin/perl 2 3 use strict; 4 use CGI qw(:standard); 5 use CGI::Carp qw(fatalsToBrowser); 6 use DBI; 7 8 print header; 9 print start_html(); 10 $s = 'aman'; 12 my $dth = DBI-connect(DBI:mysql:db_name,user,pass); 26 my $sth_check = dth-prepare(SELECT * FROM mytab WHERE s='$s'); 28 sth_check-execute; 41 $dth-disconnect; 137 print end_html; --- I am getting the following output. What could be wrong ??? -- Content-type: text/html Software error: Can't locate object method prepare via package dth (perhaps you forgot to load dth?) at /home/somesite/cgi-bin/script line 26. For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this error message and the time and date of the error. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
database execute status
Hi All Is there a way to check the status of $sth-execute; to check if it successfully executed. Also if I pass on a query to a mysql database using perl's DBI, and suppose it runs into error, how can I capture that error. Thank you Aman
Re: encryption
zentara wrote: On Fri, 30 Aug 2002 10:32:27 +1000, [EMAIL PROTECTED] (Jimmy George) wrote: Is there any way of encrypting a credit card number etc. so that it can not be seen when being transmitted from desktop to server? The user needs to see what they type to make sure it is correct - so how do we get cgi to encrypt that at the user end before transmission. snip You can make your own self-certified certificate, but it is not trusted, because no external authority like Verisign has endorsed you as being trustworthy. What is to stop people from setting up phony stores with a self-certified certificates, just to collect credit card numbers? The Verisign people, and their competitors, investigate your legitimacy, then they give you a signed certificate to use in your web server. snip obligatory microsoft bash With the exception of micro$oft internet explorer which still doesn't handle this correctly, which is what all the news has been about lately. /obligatory microsoft bash use Mozilla; (Had to get that out of my system, carry on) http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
update.cgi
Hello Steve I have lousy success with the $q cgi system as well. I will watch the replies for all the good ideas. Good luck mate JimmyG -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: database execute status
From perldoc DBI $rc = $h-err; $str = $h-errstr; $rv = $h-state; You should look at the docs for DBI, error handling is described in detail. That should get you started http://danconia.org aman cgiperl wrote: Hi All Is there a way to check the status of $sth-execute; to check if it successfully executed. Also if I pass on a query to a mysql database using perl's DBI, and suppose it runs into error, how can I capture that error. Thank you Aman -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
