Re: Pointers on security sought for CGI
Mary Anderson wrote: Hi, I am writing my first Perl CGI program. I get logins through one CGI script. When the user has loggin I use a(href-myurl$login=myloginpasswor=mypassword to get to my input screen. Logins are checked by doing a trial connection to the database. I plan to run in taint mode. I will be checking each field for obvious signs of corruption before entering it in the database. So the user enters data which is checked for corruption before it is put in the database. I am running ActivePerl under WindowsXP and using IIS as a webserver. Are there things I should be doing, besides not running on Windows and IIS, to make my application more secure? I am careful to timestamp every row in every table in case some malicious nonsense is done and I have to clean up the mess. Thanks Mary Anderson To answer your security question; Firstly, you don't want to use a URL-encoding mechanism to transfer your passwords from one page to another. You should use cookies and even then you want to encrypt them with: $encryptedText = crypt($salt,$clearText); Where $salt can be any 2byte string. Secondly, you should look into SSL for each page that uses authentication and use secure cookies. Thirdly, you should download a decent webserver from the net, I suggest Apache. IIS is full of security holes* and vulnerabilities*. If you are processing credit cards, paypal or anything that someone would not want written on a postcard and sent across the world, you really should look into a better webserver. * Have a look at this: http://www.grc.com/pw/FBIAnnouncement.htm and this: http://www.grc.com/pw/patchwork.htm Charlie Somerville -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Execute an external script
Well, it returns null because when you try to escape in that string, that's perls escape that your using, not XP's excape. A way around this might be (i dunno, never tried this before): system(cd C:/Program Files/GNU/Octave/2.1.50/); $result= `bin -q my_script.m`; If that doesn't work then setup windows to have files with .m on the end be run by 'C:\Program Files\GNU\Octave\2.1.50\bin'. Here is how: Goto 'My Computer' Click 'Tools' Click 'Folder options' A dialog shoudl come up, click the 'File types' tab. When the list of registered file extensions finishes loading, click 'New' Type 'm' in the box then hit 'enter' The new file extension should be at the top of the list selected, if it isn't, just select it. Click 'advanced' a dialog shoudl open. in the first box type 'Octave script' click 'new' type 'open' in the first box of the new dialog in the second dialog, type (yes type the double-quotes, but not thhe signle ones) ' C:\Program Files\GNU\Octave\2.1.50\bin -q %1 ' click 'ok' click 'ok' again click 'ok' again again! Done. Pinchy Charlie PS: Reckon this is pretty good for a 9 year old? P Libardi [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi! I've written a perl cgi script to create a web page. Now what I'd like to do is to execute an Octave script from the Perl one and get its output inside my perl script. I'm working on a Windows XP machine. I tried $result = `C:/Program\ Files/GNU\ Octave\ 2.1.50/bin -q my_script.m`; but $result is still null. The octave script runs correctly if I use it in the Gnu Octave shell. Any help would be really appreciated. Paolo __ Tiscali ADSL SENZA CANONE: Attivazione GRATIS, contributo adesione GRATIS, modem GRATIS, 50 ore di navigazione GRATIS. ABBONARTI TI COSTA SOLO UN CLICK! http://point.tiscali.it/adsl/index.shtml -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Include Files in Perl?
just use this code: ===START CODE=== $filename=my_file; #Set the filename open(A,$filename) || die Waaah! The open didn't work: $!; #Open the file in $filename or do what MSWindows always does @a=A; #Put the filehandle A in the array @a; print Content-Type: text/html\nPragma: No-cache\n\n; #Take away the 'Pragma: No-cache' bit if u want the browser to cache it print @a; #Spits it out close A; #Close the filehandle (not always neccesary) END CODE Seldan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello. I have been writing and maintaining a web-based intranet application for some time, primarily written in PHP with the backend written in POSIX shell. The pages access a postgreSQL database and I use a bit of JavaScript to make things look nice. In effect, it is a typical DB driven app. to help out with system administration, etc. Lately, I've been teaching myself Perl and have decided to convert some of this to that language to assist in learning. So far, it has worked out nicely and I've begun to access modules like Write::Excel, CGI.pm, Pg.pm, etc. However, I am trying to keep this site as modular and easy to maintain as possible and cannot seem to find the right equivalent for a basic PHP include or require function. I use several variables that stay the same throughout the scripts, and would like to host them in a separate file. Sifting through ideas on this I've come across: SSI, Embperl, Mason, and possibly creating modules to handle this. All seem like a bit of work, which isn't a problem, I just want to make sure that I'm not missing a simple, obvious way to make this happen! Any thoughts or suggestions are welcome. Thanks. Tom -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Determining different computers with the same IP
Your best shot would be to send a temporary cookie and then in each cgi script, call it and tada, there u have it. Octavian Rasnita [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I heard that it is possible to differentiate 2 computers of 2 different web page visitors that have the same IP address. I know that each computer is sending some information in %ENV variable, but is there any other method to differentiate them? The information from %ENV can be changed so I cannot rely on it. Thank you very much! Teddy, teddy.fcc.ro [EMAIL PROTECTED] --- Xnet scaneaza automat toate mesajele impotriva virusilor folosind RAV AntiVirus. Xnet automatically scans all messages for viruses using RAV AntiVirus. Nota: RAV AntiVirus poate sa nu detecteze toti virusii noi sau toate variantele lor. Va rugam sa luati in considerare ca exista un risc de fiecare data cand deschideti fisiere atasate si ca MobiFon nu este responsabila pentru nici un prejudiciu cauzat de virusi. Disclaimer: RAV AntiVirus may not be able to detect all new viruses and variants. Please be aware that there is a risk involved whenever opening e-mail attachments to your computer and that MobiFon is not responsible for any damages caused by viruses. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Win to Unix ftp'ing
Yeah, tried doing that, except all it did was endlessly loop it self. (Oh and Perl_guru has changed to Charlie Somerville) Dan Anderson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Check to make sure that the script does not have control-M's at the end of every line. That will prevent it from executing. FWIW, Windows file formats end all lines with a new line and a control M. What text editor did you use to edit your script? It is possible that it is ending all lines in your script with a control M and you do not even know it. You might try using a text editor like Emacs which was originally available on a Unix (or Unix like) environment, as it may be able to edit a file without adding the ^Ms at the end of the line. You could also run a Perl script on your script replacing \r with . -Dan -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Free hosting for CGI?
Tripod supports CGI, only prob is that they don't have the cgi module [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Perl BG Group-(PBG) all people in Bulgarian Perl Forum-(BPF) is needed for free hosting on Linux or Unix server to put professional perl cgi script in /cgi-bin directory for open source project. We want to provide How-to documentation whit SQL-connecting shareware pipes for all Linux users. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Just wondering
I know that this isn't a really appropiate place to post with this question but I don't know anywhere else to post (im a newbie to usenet) Anyway, here's the question: Is anyone here using like a DOS interface to read/post this newsgroup? Thanks for your time Charlie -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Calling JavaScript from Perl
Not neccisarily, javascript can be a server side for example in ASP you can set the %@ Language=% bit to %@ Language=javascript % Wiggins D Anconia [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, Does anyone know is it possible to call javascript from perl? Can javascript be included in the same page? Can anyone provide an example of this? Thanks in advance, Mark. How do you mean call javascript from Perl? In general Javascript is a client side language that executes within a browser (client). Perl on the other hand is traditionally a server side language, executed on the server (conveniently). So CGI is *usually* used to send some HTML like stuff to the client, what that stuff is really doesn't matter, as long as the client can understand what the heck to do with it. So if you are asking whether a Perl based CGI script can send Javascript down that particular pipe then sure, if you want Javascript to use the values and methods of Perl, etc. then you will have to work out how to convert those into Javascript and then use them as if they are not linked. Having said that, this is the general case, clients and Javascript can be more powerful than they are often given credit for so more extreme tasks can be accomplished, but with complexity comes learning curve... http://danconia.org -- Boycott the Sugar Bowl! You couldn't pay me to watch that game. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Bad referrer!
Some computers have special security settings to hide the refferer, you need
to find a way to disable the security setting.
Sara [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
There was a script which people were using remotely, so I have to add this
simple subroutine
to check referrers. Currently, the site is getting approx. 20,000 hits per
day.
NO one, not even a single person claimed that they have experienced any
problem after
implementing this change, except for the owner of the site. I am webmaster
for the site.
And now she is pushing to undo this change immediately because she is
constantly
getting error(bad_referrer) and unable to use this script and we both
know
she is the only one
experiencing this problem.
Is there something wrong below? If yes, then why others are not getting
any
bad referrer error.
If no, what could be the possible reasons that owner is the only person
getting bad referrer error?
TIA,
Sara.
@referers = ('http://www.foo.com', 'http://foo.com');
sub check_url {
local($check_referer) = 0;
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|$referer|i) {
$check_referer = 1;
last;
}
}
}
if ($check_referer != 1) { error('bad_referer') }
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Re: Help with PPM install
Shouldn't you bbe posting to perl.scripts? i mean, cross posting is rude so don't do it "Ash Singh" [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... I am trying to install Text-CSV from my dos prompt. I downloaded the ppd from activestate perl. I get this error, what shall I do. C:\Perl\ppds\cpanppm install Text-CSV.ppd Error: No valid repositories: Error: 501 Can't locate object method "new" via package "LWP::Protocol::http" Error: 501 Can't locate object method "new" via package "LWP::Protocol::http" DevelopereMessageX.comTel: +27 (0)11 789 1808Fax: +27 (0)11 326 0152Cell: +27 (0)72 203 5989Email:[EMAIL PROTECTED] image001.gifimage002.gif
Re: free site hosting that supports CGI
Yeah, tripod lets you, only prob is they don't have the CGI module but you
can work around that with $ENV{'QUERY_STRING'}
[EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Old
Does anybody knows where I can find free site hosting that supports
CGI?
JP, from Brazil.
New
you must search meny time in this place: http://www.clickherefree.com/
I am not shuare: Me be must pay 2 $ on mount. If you have made cgi
hosting.
success ):
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response
Getting a users IP addy
I'm trying to get a users IP address but when i test it, it always returns 192.0.0.0 which is not my IP. I can't tell you which %ENV key i'm using as i forgot. Please help me. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: php testing in my pc
POST TO THE DAMN PHP NEWSGROUP NOT THIS ONE! Daniel Hurtado Brenner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi friends: I use activeperl for for run and testing my cgi script in my PC. It's fine. Well... if i want to run and testing my PHP script and my Msql in my PC... what can i use? Thanks Daniel, from Peru -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
Re: Re:Hit counter
You don't need to get that from a database! All you havve to do is put a lock on a file read the file, increment it write the file and take the lock off, easy! Parvez Mohamed [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Plaese use http://www.scriptarchive.com/readme/counter.html#counter in responce to: I want to write a CGI in perl that when called, grabs a number from a MySQL db or a file, increments it, writes the number back out, and then returns a GIF with that number. I want to have 10 separate GIFs, each one containing an image (that I have created to match the site design) of a number, 0-9. I need to be able to piece together any number of these GIFs from left to right into one large (relatively) GIF. I know how to do everything but actually create the GIF. Can anyone point me in the right direction? - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] http://learn.perl.org/ http://learn.perl.org/first-response
