Re: [Catalyst] A Perl Message Queue?
On Aug 23, 2007, at 10:39 AM, tprinty wrote: Have you looked at memcache? http://www.danga.com/memcached/ Memcached is nice for caching, and OK for temporary session data, but last time I looked at it I couldn't see any good way to use it for queuing. Is there a trick I missed? Cheers, Steve On Thu, 2007-08-23 at 15:43 +0200, Jesper Krogh wrote: Hi. This is quite off-topic related to Catalyst but my googling didn't reveal anything. Has anyone seen stuff like a Messages Queue (I dont have other words for it) But a more generic implementation of a thing where you can put in messages and pick them out in some other part of the program. It would be nice when you have stuff that takes longer that people usually can wait for. Jesper ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/ catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
On Aug 16, 2007, at 10:13 AM, Bill Moseley wrote: I'm looking for ideas on how to implement a way to detect and block dictionary attacks. This is not a question of how to implement strong passwords, but rather the act of limiting logins when too many failed passwords have been attempted in some period of time. I also want to do this regardless if the login name is valid or not. So, an attack on a invalid login name will fail after so many attempts in a time period just the same as one on a valid login. The plan is to just report Exceeded Login attempts -- contact support or wait X minutes kind of thing to the user when they exceed the failed consecutive attempt count. The plan is to use memcached for a counter per (failed) login. The cache entry's expires time will be set the first time the cache is populated. This gives an attacker a way to flood the cache, of course, and thus a way to prematurely expire cache entries. Also considered issuing a redirect to a simple server that will delay the number of failed attempts seconds before redirecting back to the login page. Any smart attacker would get clued about this an not follow that redirect. Fun anyways, though. ;) Anyone doing something like this already? Suggestions? Caveats? One approach I've seen for this doesn't block access once there's been more than a certain number of failed logins. Instead, it has two thresholds. After a very few (2 or 3) failed login attempts it requires the user also enter a captcha when trying to login. That blocks automated guesses very quickly, but doesn't cause legitimate users with poor memories to contact support. (I'm assuming they have a higher threshold of failed attempts after which they lock the account.) Cheers, Steve ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] {OT] protecting against attacks with multilingual input
On Dec 5, 2006, at 5:28 AM, Daniel McBrearty wrote: If you're talking about sql injection then presumably you could do this exactly the same as you would any other input field - use sql placeholders in a prepared query rather than blindly pasting untrusted input as sql. This is what I'm talking about. I don't know this technique - I thought the only approach was to filter input. I'm using DBIx, AFAIK it does use placeholders ... ? If so, I can just take input, do some basic sanity filtering, and store? Yes. It's something you should trust your ORM to get right, rather than doing things at the application level. Some databases don't really support placeholders, though, so the DBD drivers fake up support instead. I'm not sure whether I'd trust that quite as much, so it depends on the database you're using. Postgresql or Mysql should be fine, I've no idea about others. There can be a lot of other pain with dealing with i18n user data in the database, but sql injection problems shouldn't be one of them (well, they might be occasionally, but at the sort of level it's hard for anyone other than the DB and ORM developers to deal with). Cheers, Steve ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] IDE/editor
On Nov 14, 2006, at 8:25 AM, [EMAIL PROTECTED] wrote: I hesitate to ask this question because it seems to often result in some juvenille flame war. Everyone is different, with different needs and preferences. That's why we have choices. It's Perl after all, right? [grin] With that out of the way, what IDE or editor works well for you? My default has been VIM since I'm really comfortable in it and can edit text really fast with it. However, as a very visual person, I find it cumbersome when having to flip back and forth between all of the files. This is especially true since I'm new to Catalyst and don't have everything solidified in my head. As a side note, I work on OS X, so any references to Windows-only programs won't really be useful but may be for others who come accross this thread. I'm mostly just interested in what has worked for you (and will take everything with that grain of salt), not what is crappy about other programs. I mostly use Emacs (X11 build, rather than Aqua build) but kinda like TextMate too. Cheers, Steve ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how to get started?
On Aug 21, 2006, at 8:54 AM, Matt S Trout wrote: Steve Atkins wrote: Task::Catalyst is completely broken. Contact Sebastian Riedel ([EMAIL PROTECTED]), he retained maintainership after leaving the project so there's nothing we can do about it. I'm not asking for it to be fixed (or volunteering to), rather warning the original poster that it doesn't work, despite dev.catalystframework.org suggesting using it to install catalyst with. Have you tried cat-install? I don't see an error report e-mail from you, so I presume if you did it worked perfectly :P No. I really don't like using anything other than cpan to install perl modules if I can possibly avoid it. I'm close to making an exception for catalyst, though, so I may give cat-install a try. (IIRC it's basically a wrapper script around CPAN ?) Cheers, Steve ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
