Re: [Catalyst] Issue with Plugin::Session

[Wade Stuart]

On Wed, Jan 5, 2011 at 11:07 AM, jeff robinson
 wrote:
>
> Hi
> Having a prblem with Safari and IE browsers and the Session plugin.
> The app works fine with Firefox, but session data is being reset
> between requests with these other browsers.
>
> Example:
>
>  DB<1> x $c->session
> 0  HASH(0xac06a3c)
>   '__address' => '10.87.199.12'
>   '__created' => 1294242706
>   '__updated' => 1294242706
>   '__user_agent' => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X
> 10_4_11; en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/4.1.3
> Safari/533.19.4'
>
> After a single request using Safari, its now:
>  DB<2> x $c->session
> 0  HASH(0xad41888)
>   '__address' => '10.87.199.12'
>   '__created' => 1294242721
>   '__updated' => 1294242721
>   '__user_agent' => 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X
> 10_4_11; en) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/4.1.3
> Safari/533.19.4'
>

Does the second and third request keep the same cookie on safari?  can
you see the cookie set properly on safari's cookie browser?

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst::Response callbacks? Need to reap auto-generated files on disk after they are served.

[Wade Stuart]

On Thu, Sep 2, 2010 at 3:21 PM, Tommy Butler  wrote:

>  Hello all :D
>
> In looking at the documents for Catalyst::Response I've recently
> re-discovered some great little ways that Catalyst provides for you to
> stream out big files.  Awesome.
>
> Now I'd like to take *a bit futher* though.  Presently, in the process of
> serving one kind of request, my cat app creates a large file and then
> streams it back out to the browser.  Ideally I'd like to clean up this file
> after it gets cooked up and streamed out.  I'd like to utilize some kind of
> callback so that after the file has been completely consumed by the remote
> client, I can go ahead and safely remove it from server-side disk.
>
> Without such a fix, I'm going to have to start running cron jobs on the
> temp directory and just deleting output files older than a certain arbitrary
> expiration age.  While doing so is easy enough, I'd rather go on with
> Catalyst managing its own content as it has done for me up to this point.
>
> What are your thoughts?  Has anyone done something like this who would be
> willing to share their solution, or are there others among us who would be
> so kind as to share some ideas of their own?
>
>
Tommy,

 A little feedback from my personal experience.  I have tried this many
times before and never had this work as a long term solution.  There are a
few big areas of gotchas that always seem to pop up:

The data build is cpu,disk,network,database intensive and
get multiple requests for the same build -- on a lightly loaded app this may
seem very unlikely,  but as user base grows and the app becomes utilized
many times this turns into the case.  Really depends on the content (unique
keyed delivery based on an order may not be an issue,  a directory zip up
from a file service may be).

The user's browser times out,  they download the file and forget or lose it,
 and for whatever reason they come back to get it (instantly with a new
request or in a few minutes).

The connection fails and the cleanup never is executed (or the app crashes
or restarts while builds/requests are in cycle).

All of these require a more robust cache, and post cleanup system then just
the after request hook.  conceptually when you look at it this way you will
still be stuck with a cron type service (maybe in addition to what you talk
to above) without real data to act against besides TTL on the create/modify
date


Kindest,
-Wade




> Thanks,
> --
> Tommy
>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Alternatives to Catalyst ?

[Wade Stuart]

(Replying in general, to the sense of this email which others have related
too)

>
> Dermot, to my reading at least, has been clear twice now that he was
> asking specifically about how to retrieve parameters -- presumably not
> coming to a web framework list for an unsolicited computer science
> lecture on encapsulation...
>
> I think it behooves us as a community to afford posters when they
> clearly articulate a question and context, as Dermot has*, not to
> treat them as complete noobs. It'd be a shame if folks became
> reluctant to ask 'simple' questions for fear of half a dozen catalyst
> old-skoolers delivering a sermon.
>
>
Sorry,  it is akin to someone driving up to you while you are in a gas
station in a unleaded ford asking very nicely "Do you know where the diesel
pumps are"?  The question is literate and well formed but in context implies
lack of understanding.  I would choose to answer,  "You know, are not
driving a diesel and putting unleaded in that car will break it -- the pumps
are over there".  If you want unadulterated bits in response to questions go
read the source,  if you ask here there are many people that actually read
the questions and respond with holistic information that may not be the
exact output you are looking for.

Second and more important,  the responses are offered for free -- complaints
are considered a cost.

Kindest,
-Wade
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Outcome of the "Security issue with hashed passwords in C:P:A:Password"?

[Wade Stuart]

On Sun, Apr 11, 2010 at 1:08 PM, Evan Carroll  wrote:

> On Sun, Apr 11, 2010 at 12:31 AM, Andrew Rodland
>  wrote:
> > Please, make some more public insults.
>
>
>
snip.

Guys,  just fix or don't fix the broken or not broken problem and stop the
crappy-crap-crap line noise.  IMHO,  with 19 years of experiance under my
belt, "hashed passowrds" use a plaintext random salt pre or post concat
(usually pre, so it is an easy and cheap index) with hash as a standard and
has been well before sha or md5 (think lessons learned before crypt).  In my
mind,  if that is not the default behavior anytime you expose the word
"hashed" along with "password" there had better be a very loud callout in
docs.

I don't know what the fix is -- it seems like doc or code would work.

-Wade





> With love,
>
> --
> Evan Carroll
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Which C::View::PDF should I use?

[Wade Stuart]

On Mar 25, 2010, at 12:01 PM, Aristotle Pagaltzis 
wrote:

> * Wade Stuart  [2010-03-22 22:35]:
>> On Tue, Mar 16, 2010 at 2:53 PM, Aristotle Pagaltzis > >wrote:
>>> * Adam Sjøgren  [2010-03-16 18:15]:
>>>> An alternative could perhaps be CutyCapt:
>>>>
>>>> * http://cutycapt.sourceforge.net/
>>>
>>> It requires an X11 server, so it isn’t.
>>>
>> Xvfb has been the solution to this forever.
>
> And how is Xvfb (which is an X11 server) a solution the problem
> of requiring an X11 server?

It is a virtual frame buffer that allows x11 requiring apps to run
without a full display/head.  What besides that is your issue around
the  x11 requirement on servers?


>
> Regards,
> --
> Aristotle Pagaltzis // <http://plasmasturm.org/>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Slow Makefile.PL

[Wade Stuart]

On Tue, Mar 23, 2010 at 3:37 AM, Ovid wrote:

> - Original Message 
> > From: Ovid 
>
>
> > Yeah, I'm
> > using FileVault.  I've had a couple of issues with it already. I think
> it's
> > time for me to rethink things.
>
>
> I've moved my project outside of the FileVault protected directory and the
> Makefile.PL is almost twice as fast now.
>
>
Beyond filevalt, macbook(pro)s also have a pretty bad track record of
trashing drives (after the intel changeover mac sleep writes RAM to disk
before the drive spins down -- and before many users put their laptops in
bags and start walking).   This trashed drive can present as random long io
blocking for weeks or months before the drive fails.
http://discussions.apple.com/thread.jspa?threadID=960977&start=0&tstart=0 is
an old thread about the issue.
http://www.macworld.com/article/53471/2006/10/sleepmode.html is the fix I
run my macs with -- one caveat is that if the computer runs completely out
of battery it in effect does a hard boot.  The other option is to wait (up
to 2 minutes) for RAM to write to disk and the sleep light to slow blink
before moving your lappy;  I am just too impatient.



-Wade
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Which C::View::PDF should I use?

[Wade Stuart]

On Tue, Mar 16, 2010 at 2:53 PM, Aristotle Pagaltzis wrote:

> * Gabriel Andrade  [2010-03-16 16:50]:
> > http://code.google.com/p/wkhtmltopdf/
>
> That looks interesting, thanks!
>
>
> * Adam Sjøgren  [2010-03-16 18:15]:
> > An alternative could perhaps be CutyCapt:
> >
> > * http://cutycapt.sourceforge.net/
>
> It requires an X11 server, so it isn’t.
>
> Xvfb has been the solution to this forever.

-Wade



> The wkhtmltopdf doesn’t make it easy either: it requires
> a patched Qt for that. But at least it’s possible at all.
>
> Regards,
> --
> Aristotle Pagaltzis // 
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Avoiding UTF8 in Catalyst

[Wade Stuart]

On Wed, Dec 9, 2009 at 1:27 AM, Bill Moseley  wrote:

>
>
> On Tue, Dec 8, 2009 at 8:32 PM, Bill Moseley  wrote:
>
>>
>>  The UTF8 flag doesn't mean anything more than
>>> any of the other SV flags.
>>
>>
>> But the flag on indicates the the string was decoded.
>>
>
> Obviously, that's not the only way to get that flag set.  What I meant was
> if the flag is on I'm pretty sure I need to encode it before sending out on
> the wire.  Yes, all text needs to be encoded, even if the flag is not set --
> but at the time the engine is setting the length all that can be checked is
> the flag.
>
> Probably a better solution is to look at the content type -- or make
> decoding and encoding core in Catalyst so that it's just another part of the
> request cycle.  Isn't that the problem here?  That it's not handled and thus
> the need to try and fix by using bytes::length?
>
>
>
>
>>   And that implies that it needs to be encoded.  And if I don't know what
>> encoding to use then it's time to throw an exception.
>>
>> That's why it seems like the Engine should throw an exception if the utf8
>> flag is set when it's time to get the length.  Because the encoding is not
>> known so it's impossible to know the encoded byte length.
>>
>>
>>
>>
How about making it skip that code for default behavior and a config var
check to re-enable the backcompat behavior with bytes::length.  Seems like a
quick win-win.  Make a strong note in the changelog/release notes and if old
apps break,  you have the option to fix them or set the config flag to
enable the hackish-hack-hack.

Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Choosing the language

[Wade Stuart]

On Tue, Oct 13, 2009 at 9:35 AM, Pavel O. Korovkin wrote:

> On Tue, Oct 13, 2009 at 4:16 PM, Octavian Râsnita 
> wrote:
> > From: "Larry Leszczynski" 
> >>
> >> Hi (again) Octavian -
> >>
> >>> Is there a recommendation for storing the language ID in the URL in
> order
> >>> to
> >>> be as easy to get it from there?
> >>>
> >>> I want to have unique links for each URL, so I can't just put it in the
> >>> cookies. Using ?lang=EN seems to be the easiest way, although it
> doesn't
> >>> look nice.
> >>>
> >>> Putting it as the first element in the path info looks nice, but I
> don't
> >>> know how to get it from there in a single controller/action and not in
> >>> every
> >>> action separately.
> >>
> >> Here is one way to have it in the URL without all controllers needing to
> >> be aware:
> >>
> >>   http://dev.catalyst.perl.org/wiki/wikicookbook/urlpathprefixing
> >>
> >>
> >> HTH,
> >> Larry
> >
> > Thank you Larry. It seems to be what I need.
> >
> > I've seen some uses of $self which were not defined in that example.
> > Shouldn't be __PACKAGE__ instead?
> >
> > Unfortunately I don't know how to make it work in some cases:
> >
> > 1. If I use the test Catalyst server the static URLS that begin with
> /static
> > don't work because I can't configure that server to not handle /static
> URLS.
> > (But this is not so important).
> >
> > 2. Most important, if I need to use
> > [% c.uri_for('/static', 'css', 'layout.css') %]
> > for making it work even if I need to change the base location the app
> > handles, then the static files are not served by Apache directly but by
> the
> > app.
> >
> > If the app listens to the / location, the request is in this case:
> >
> > GET /en/static/css/layout.css HTTP/1.1
> >
> >
> >
> > I think I could make a hack somehow and configure Apache to do a request
> to
> > /static whenever the user tries to access /en/static or /fr/static... but
> I
> > guess this could be done with mod_rewrite which I don't know how to use
> yet.
> >
> >
> >
> > Is there a more simple method to make the web server serve the static
> files
> > directly?
> >
> >
> >
>
> Octavian,
>
> I think it's a "feature". Think about it if you will need different
> images for different languages, for example. Or RTL stylesheets for
> rtl languages. And you can use symlinks for now while you do not need
> these "features", or mod_rewrite to rewrite path to /static/ if there
> is no /en/static/ yet =)
>
>
Might I also suggest splitting out Location from Language and treating
them as a key pair.  For instance,  http://example.com/us/en/foo/bar/.

Just because two countries may speak Spanish does not mean their content
(and static assets like images!) would be the same --  they may very well
differ because of legal, cultural differences or local services/products.
Even if a site starts out with 100% translated/mirrored content,  it is
advisable to build flexibility into the url structure.

   Also,  depending on your roll out and domain plan,  take into
consideration that country specific domains should be able to publish the
country and language default content. http://example*.co.ae*/en/  serves ~
http://example.com/ae/en/.

-Wade



-- 
Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Problem with index.tt2

[Wade Stuart]

"we don't need to do nothing" parses as "we need to do something."


Specifically, you missed:

TEMPLATE_EXTENSION => '.tt2'


also, this book has some errata:
http://www.packtpub.com/view_errata/book/catalyst-perl-web-application



-Wade

On Tue, Sep 29, 2009 at 5:30 PM, David Silva  wrote:

> Hi again,
>
> I'm following the book "Catalyst - Accelerating Perl Web Application
> Development" by Jonathan Rockway (2007) with Catalyst 5.80013.
>
> And in chapter 3 the autor says to create an index.tt2 page and said that
> we don't need to do nothing cos Catalyst will recognize the index. I start
> the server and it shows me the default page of catalyst.
>
> I'm following the book, so what i done wrong?
>
> Thanks once again!
>
> --
> David Silva - http://davidslv.com/
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>


-- 
Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Restarting Catalyst on request or doing something per request

[Wade Stuart]

On Mon, Aug 24, 2009 at 3:51 PM, Matthias Dietrich wrote:

> Hi Chris,
>
> Am 24.08.2009 um 04:43 schrieb Chris:
>
>  Can you use catalyst::plugin::cache as the backend for the lexicon?
>> Then refreshing the texts involves clearing the cache, and updates are
>> transparent.
>>
>
> I took a quick look at C::P::Cache and I don't think it is possible to use
> this module as the backend with adequate work.  Locale::Maketext::Lexicon
> stores the text somewhere under its own package name in a hash.  To use a
> cache backend here would mean creating a module around L::M::L which alters
> "internal" data whereas this new module would depend on the current L::M::L
> module version.  I don't think this would be good.
>
> So from my point of view the best way would be to reload the lexicon data
> once it has changed.  As this is not possible without manually restarting
> apache, this leads me to reloading the lexicon after the database contents
> has changed within each apache client on request start (before any lexicon
> text is requested).  I could initiate this within an auto sub in Root.pm,
> but this seems very ugly.  I guess a new plugin (like
> C::P::I18N::DBI::Reloader) would be good.  What do you think?
>
>
Why cant you just do a:

# ... incrementally add new lexicons
Locale::Maketext::Lexicon->import({
de => [Gettext => 'local/hello/de.po'],

})

... on change instead of reloading apache?
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Newbie Question about Database

[Wade Stuart]

> > lol I know but I'm doing this inside a private lan where we are
> > building this app with my coleagues :p
> > of course later on we will have specific accounts with limited access
>
> Your colleagues can be your biggest security problem. It just takes an
> argument...a jealousy...someone who feels belittled...someone who just
> wants to take advantage of lax data security. It is real good practice
> to use least-privilege access to data from the very beginning.
>
>
Exactly, also how many of those "we will of course do X later..." TODO's end
up hanging out there forever.

-- 
Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] how to confirm before deleteing

[Wade Stuart]

On Wed, Jan 21, 2009 at 10:22 AM, Simon Wilcox
wrote:

> Dave Howorth wrote:
>
>> Paul Falbe wrote:
>>
>>> That works thank you very much.  Don't know how many google searchs I did
>>> trying to find that out!
>>>
>>
>>  Rodrigo-51 wrote:
>>>
>>>> Paul, how about a javascript confirm() box?
>>>>
>>>
>> ... and if the user has Javascript disabled? 
>>
>
> Or if you have some like Google's ill-fated prefetch running, caching all
> the links it finds on a page ?
>
> GETing a link should really only be used when the action is idempotent. If
> it changes stuff then you ought to use a POST via a form button.
>
>
 YES!  There are rare cases where a get may enable consequences,  but this
is not one of them.







This both checks if the user really wants to delete (if js is enabled) and
also uses a post to delete data via the app.

-- 
Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Newbie help

[Wade Stuart]

On Wed, Jan 14, 2009 at 7:14 PM, Toby Corkindale <
toby.corkind...@strategicdata.com.au> wrote:

> Diego M. Vadell wrote:
>
>> Hi everybody,
>>
>>   I'm making a nice little webapp in Catalyst: metheorology models run via
>> crontab and catalyst shows the data and graphs that they produce. Im very
>> happy how it's working so far.
>>
>>   Now I have been asked if I could make a "Run the model now" button, that
>> would run a script (the model) and show it's output in a popup window.
>>   The process may run for about 15 minutes, so I have to handle , somehow,
>> the browser timing out because of lack of output. I thought about making the
>> script output to a tmp file and using ajax to query that file.
>>
>>   What is the best way to do that? Is there a nice, magical CPAN module
>> out there? :)
>>
>
> You don't really need one..
>
> Simplest way to handle this would be for the web page to kick off the model
> running in another process, and then immediately display a web page that
> says "Please wait, model running.."


>
> That page then either uses javascript or a http-refresh mechanism to check
> back every 30 seconds to see if the model is ready yet.
>

Seconded.  This is a very easy way to accomplish this task.  If you need
further control (stopping jobs, viewing status % done, etc) I would build or
use one of the many queue managers out there (
http://search.cpan.org/search?query=job+queue&mode=all ) outside of you app
that updates your database and accepts commands via your app and database.

Either way this really should be done outside of the webapp.

 -Wade
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] Re: Production session issue - commercial support inquiry?

[Wade Stuart]

Sorry,
   Wanted to clarify a few things.  I realized there may be a few cryptonuts
on this list and I want to avoid a flame.  The "session_hash_seed" is
actually not a seed generator -- but a plaintext generator.  Below, I am
talking about collisions of the plaintext and therefore the digest -- not
digest collsions on unique plaintexts.  Given that the default is:

sub session_hash_seed {
my $c = shift;

return join( "", ++$counter, time, rand, $$, {}, overload::StrVal($c),
);
}

and the generator is

sub generate_session_id {
my $c = shift;

my $digest = $c->_find_digest();
$digest->add( $c->session_hash_seed() );  #note the "seed" is actually
plaintext;
return $digest->hexdigest;
}

and that the OP is running on a prefork system,  most of the join on the
seed above can theoretically overlap on a high hit, fast cycled/forked
system -- resulting in potential overlaps of plaintext and therefore session
id/digest.   Depending on how many children and the fork depth (runs per
fork) this could situation be exacerbated.

-- 
Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles

On Fri, Jan 9, 2009 at 3:50 PM, Wade Stuart  wrote:

> Have you looked at trying to replace the seed generator for the session (or
> if you have, have you verified it actually has enough entropy for your
> load)?  I could imagine given enough preforks and hitrate that the default
> seed could allow doe some collisions.  I would expect it would take a very
> high hit rate -- if so you may need to pull more than 20 bytes of random to
> get enough entropy. Examples from the POD below:
>
> In the hopes that those combined values are entropic enough for most uses.
> If this is not the case you can replace session_hash_seed with e.g.
>
> sub session_hash_seed {
> open my $fh, "<", "/dev/random";
> read $fh, my $bytes, 20;
> close $fh;
> return $bytes;
> }
>
> Or even more directly, replace generate_session_id:
>
> sub generate_session_id {
> open my $fh, "<", "/dev/random";
> read $fh, my $bytes, 20;
> close $fh;
> return unpack("H*", $bytes);
> }
>
>
>
> --
> Thanks!
>
> Wade Stuart
>
> Phone:  917-363-6164
> IM: SpaceMuscles
>
>
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] Production session issue - commercial support inquiry?

[Wade Stuart]

Have you looked at trying to replace the seed generator for the session (or
if you have, have you verified it actually has enough entropy for your
load)?  I could imagine given enough preforks and hitrate that the default
seed could allow doe some collisions.  I would expect it would take a very
high hit rate -- if so you may need to pull more than 20 bytes of random to
get enough entropy. Examples from the POD below:

In the hopes that those combined values are entropic enough for most uses.
If this is not the case you can replace session_hash_seed with e.g.

sub session_hash_seed {
open my $fh, "<", "/dev/random";
read $fh, my $bytes, 20;
close $fh;
return $bytes;
}

Or even more directly, replace generate_session_id:

sub generate_session_id {
open my $fh, "<", "/dev/random";
read $fh, my $bytes, 20;
close $fh;
return unpack("H*", $bytes);
}



-- 
Thanks!

Wade Stuart

Phone:  917-363-6164
IM: SpaceMuscles
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] How to detect cancelled requests?

[Wade . Stuart]

Stuart Watt <[EMAIL PROTECTED]> wrote on 10/28/2008 12:22:07 PM:

> Hi all,
>
> Has anyone found a neat way of detecting and handling cancelled
> requests? We have a Catalyst app that dynamically generates SQL queries
> for part of its search, some of which are long and complex, and users
> are able to create queries that can take minutes to execute. This is OK,
> except that we need users to be able to cancel those requests through
> the browser.


Hard(er) problem alert -- depending on how your app is structured.  The
only sane way I can think of to handle this is to submit the query to a
queue outside of your cat app.  this queue would then need logic to fork
out the query and check periodically for the "kill" tag in the queue entry.
upon completion the status and output can be left in a database or file for
the cat app to recover. Maybe a POE based queue would work.  This may also
help you prioritize and limit such queries.

Otherwise,  if the query is not destructive and usage is low -- is there a
reason why you can't just take the easy way out and let it finish and
ignore the output?

-Wade



>
> To add complexity to this, we are using IIS (client specification) as
> the front end, although we are trying to get a FastCGI rather than CGI
> (with ActiveState's PerlEx) engine in place. We're doing this because we
> had to use our own Perl, simply because we were getting too many
> DBI-based memory leaks in the ActivePerl and Strawberry for our indexing
> system to be able to function effectively. (Essentially, this is a
> large-scale IR type application).
>
> The Perl we use is not threaded, essentially a "5.10 with all the
> patches as of September 2008", although I'd be happy to make it threaded
> if that would help. As far as I can tell, alarm is just about capable of
> cancelling long-running database queries, and with polling, the database
> no longer seems to be the issue. However, rendering the results can take
> a while, and IIS seems to choose not to inform anyone (or us, at least)
> when the user cancels a request and the connection close is initiated.
>
> Does anyone have any experience or recommendations?
>
> All the best
> Stuart
> --
> Stuart Watt
> [EMAIL PROTECTED]
>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] CSRF

[Wade . Stuart]

Moritz Onken <[EMAIL PROTECTED]> wrote on 09/30/2008 01:08:38 PM:

>
> Am 30.09.2008 um 19:20 schrieb Ashley:
>
> > On Sep 30, 2008, at 10:08 AM, Moritz Onken wrote:
> >> "attackers can use POST"
> >>
> >> This is possible due to the fact that flash movies can send any
> >> request to a server.
> >> You can achieve this even with a XMLHTTPRequest.
> >
> > If scripting is involved that makes it a XSS attack instead, though.
> > No?
> >
> > -Ashley
>
> I was wrong about the XMLHttprequest. Posting to another server is not
> possible as of the same origin policy.
> But flash movies can send post request to a different server without
> user interaction.

Actually, no.  Flash can do GET to another server (hostname) but as of
flash 7 (they are at 9 now),  you need a crossdomain.xml file on the
receiving end to allow POST and data loads.



>
> XSS is more like posting a javascript snippet to a facebook wall which
> does some javascript actions in the context of the user who opens that
> wall.
>
> cheers,
>
> moritz
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] CSRF

[Wade . Stuart]

Dave Howorth <[EMAIL PROTECTED]> wrote on 09/30/2008 10:23:10 AM:

> There's an interesting paper on CSRF mentioned on slashdot today:
> 
>
> It mentions Catalyst along with some other frameworks and suggests a way
> to build in CSRF-protection.
>
> Cheers, Dave
>

I really don't understand why they even reference Catalyst.  CSRF is a
generalized issue -- whether you use Catalyst or hand spun assembly for a
webapp the same protections are needed.   Seems like a cheap way (listing a
bunch of frameworks in a security paper) to gain cheap traffic on your
paper.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] How to send raw HTTP response

[Wade . Stuart]

Tomas Doran <[EMAIL PROTECTED]> wrote on 09/25/2008 04:04:58 PM:

>
> On 25 Sep 2008, at 19:35, Christian Lackas wrote:
> >
> > print CGI::header(...);
> > $ZIP->writeToFileHandle(*STDOUT);
> > for my $f (@files) {
> > $ZIP->addFile($f, basename($f));
> > }
> >
> > How can I achieve something similar under Catalyst?
>
> Looking at the source code for Catalyst::write, and
> Catalyst::Engine::write, you need to say $c->finalize_headers, after
> which just writing to STDOUT as above should do the right thing..
>
> However, I'd have thought that clients on the other end would be
> somewhat unhappy with not getting a Content-Length header...

The only two consequences I know of for not including the content length is
that the download bar for the transfer lists unknown in browsers, and if
the transfer fails midway the browser does not "know".

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Simple blob upload example?

[Wade . Stuart]

"Dr. Jennifer Nussbaum" <[EMAIL PROTECTED]> wrote on 09/23/2008 02:30:27
PM:

>
>
> --- On Fri, 9/19/08, Dr. Jennifer Nussbaum <[EMAIL PROTECTED]> wrote:
>
> > From: Dr. Jennifer Nussbaum <[EMAIL PROTECTED]>
> > Subject: Re: [Catalyst] Simple blob upload example?
> > To: "The elegant MVC web framework" ,
> "J. Shirley" <[EMAIL PROTECTED]>
> > Date: Friday, September 19, 2008, 11:58 AM
> > --- On Fri, 9/19/08, J. Shirley <[EMAIL PROTECTED]>
> > wrote:
> >
> > > From: J. Shirley <[EMAIL PROTECTED]>
> > > Subject: Re: [Catalyst] Simple blob upload example?
> > > To: [EMAIL PROTECTED], "The elegant MVC web
> > framework" 
> > > Date: Friday, September 19, 2008, 8:52 AM
> > > On Fri, Sep 19, 2008 at 7:40 AM, Dr. Jennifer Nussbaum
> > > <[EMAIL PROTECTED]> wrote:
> > > > Hi,
> > > >
> > > > Im about to start an app where i'll need to
> > upload
> > > PDFs from a user and store them in my database. Is
> > there any
> > > quick example that might show
> > > > how to do this? I browsed through the wiki and
> > didnt
> > > see anything. I know its simple but ive never done
> > this
> > > before.
> > > >
> > > > Thanks!
> > > >
> > > > Jen
> > > >
> > >
> > > To divert this a bit, are you -really- sure you want
> > to
> > > store them in
> > > a database?  Storing large files in a database is not
> > going
> > > to be
> > > ideal, as you'll lose abilities to replicate the
> > files
> > > in a separate
> > > policy from you DB, etc.
> >
> > Yes, but OTOH i gain the ability to back up everything at
> > once, and move onto a different machine or even platform
> > without having to worry about two seperate place.
> >
> > But this is a holywar that others have fought about for a
> > long time, no need to, ah, replicate it here ;-)
> >
> > >
> > > But to answer your question, the uploads are this
> > object:
> > >
> > http://search.cpan.org/~mramberg/Catalyst-Runtime-5.
> 7014/lib/Catalyst/Request/Upload.pm
> > >
> > > You can then just do $db_record->contents(
> > > $upload->slurp );
> >
> > Yes, i saw the upload object but most of it looked like
> > filesystem stuff, so i wasnt sure what to do then. So if i
> > want to create a new record, for lets say a table called
> > 'image' and a blob field called 'image' with
> > a 'mime_type' description, i just do something like
> >
> > my $new_record =
> > $c->model('MyDB::Image')->create({ image =>
> > $upload->slurp, mime_type => 'application/pdf'
> > });
> >
> > and thats all i have to do? Wow thats easy!
>
> I did just want to report that i did this and it worked perfectly.
> My actual line was:
>
> $c->model('MyDB::Image')->create({ image => $upload->slurp, type =>
> $upload->type });
>
> I figured that i should use $upload->type so that just in case i
> later want to upload gifs or something i wouldnt have to change code.

Be careful,  upload->type Returns the _client-supplied_ Content-Type.  You
may want just a bit more code around that to verify type and the fact that
the client actually submitted a mime type.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Slow template processing on debian lenny

[Wade . Stuart]

Terence Monteiro <[EMAIL PROTECTED]> wrote on 09/15/2008 10:23:50 AM:

> Jose Luis Martinez wrote:
> > Terence Monteiro escribió:
> >> On my machine, an ubuntu hardy, it works fast - about 2.5 seconds to
> >> process the template. On a production server using debian lenny, it
> >> used to
> >> take around the same amount of time. But recently, I upgraded it to
> >> libperl
> >> 5.10 and updated the different Perl modules including Template and
> >> Catalyst::View::TT. After this upgrade, the same template takes 25
> >> seconds
> >> on average to process. The times I am mentioning are the times taken
> >> on the
> >> server side, as shown by the Catalyst application debug logs.
> >
> > Maybe Template Toolkit is packaged without the XS module enabled?
> >
> > http://search.cpan.org/~abw/Template-Toolkit-2.20
/lib/Template/Stash/XS.pm
>
> When I run
>
>   perl -MTemplate::Stash::XS -e 'print "No problem\n"'
>
> it tells me that Template::Stash::XS is present.
>
> I dumped c.session, c.config and c.stash into a YAML file, read it using
a
> script and used the data to process my template. It took just 0.62
seconds,
> which is way faster than when C::V::TT processes it. I actually did some
> tests to verify whether it is a TT problem, but it does not occur when I
> use the Template module directly. The log information and test results
seem
> strange, and I still cannot point my finger on a specific Perl module.
> Could it be a libperl issue? My libperl5.10 version is 5.10.0-13 from
> debian lenny.

try:

perl -V  I bet you see !5.10.  XS is not binary compatible a lot of the
time with different perl versions,  it is best to update perl to 5.10 too
and then reinstall XS modules.

-Wade



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Pushing data to Catalyst powered web page

[Wade . Stuart]

Bill Moseley <[EMAIL PROTECTED]> wrote on 09/12/2008 02:45:42 PM:

> On Fri, Sep 12, 2008 at 02:15:23PM +0200, Supra, Morne wrote:
> >
> > The problem that I have is that I have no idea how to push the data to
a
> > web page instead of pulling.
>
> Pull with an AJAX update, perhaps.
>

Or,  if you control both the app that reads the RFID and the webapp that is
to display them,  why not have the RFID app insert into the webapps db
directly instead of some url post?

-Wade



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Troubleshooting FastCGI error

[Wade . Stuart]

Marcus Ramberg <[EMAIL PROTECTED]> wrote on 08/28/2008 02:05:44 PM:

>
> On 13. aug.. 2008, at 13.40, Dermot wrote:
> >
> > Thanx Carl and Sorry Matthias, I didn't follow you exactly because
> >
> > su apache
> > This account is currently not available

look at your apache users' passwd entry,  you will see a shell for
/sbin/nologin (which produces that error),  if you pass a valid shell to su
you can use it to run commands as apache...

#su -s /bin/sh -c "whoami" apache
apache




> >
> > and
> >
> > su -m apache
> > bash: /root/.bashrc: Permission denied
> >
> > So I have chown apache:apache MyApp directory and it works.
> >
> > Is it okay to leave the top level directory and the datafile owned by
> > the httpd user? I would have thought all the other code should be
> > read-only for other that user.
>
> SQLite requires write access on the directory the data file is in as
> well as the data file to be able to provide locking. leaving the app
> writeable by the httpd user isn't really recommended. I suggest moving
> your sqlite database to a db directory or something similar.
>
> Marcus
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Intermittent blank pages

[Wade . Stuart]

Tobias Kremer <[EMAIL PROTECTED]> wrote on 08/28/2008 12:29:13 PM:

> On 28.08.2008, at 18:48, [EMAIL PROTECTED] wrote:
> > Is it possible that the concat error and resstart are related
> > (memory load)
> > but the blank pages are due to the restart killing (restarting) the
> > procs
> > off before the fastcgi payload is sent
>
> That was my guess, too. But if the problem is really situated there it
> should
> have occurred much earlier. Nothing dramatically changed in our setup or
> application. I'll try a rollback of the Rose::HTML::Form module to
> eliminate it
> from the equation. Any other thoughts are still greatly appreciated!
>
> --Tobias

Change happens over time too,  is the dataset that is being loaded/used
getting larger over time and now hitting a tipping point?  Maybe the new
Rose modules are tunes more speed>space?  How often did the procs get
restarted due to memory hard limits in the past?  Is that behavior in
action new as well?

-Wade


>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Intermittent blank pages

[Wade . Stuart]

Tobias Kremer <[EMAIL PROTECTED]> wrote on 08/28/2008 10:44:31 AM:

> Quoting [EMAIL PROTECTED]:
> > Tobias Kremer <[EMAIL PROTECTED]> wrote on 08/28/2008 09:02:24 AM:
> > > Quoting Sebastian Willert <[EMAIL PROTECTED]>:
> > > > Are you using Perlbal in front of FastCGI? Perlbal is prone to
deliver
> > > > blank pages if the back-end times out. Unfortunately I haven't
found
> > > > a way to avoid this behavior, but maybe someone on the list can
help
> > > > out ...
> > > No, we're using lighttpd and nothing changed on that front during the
> > last two
> > > days :(
> > Are they delivered instantly or after a long pause?
>
> Instantly.
>
> I just noticed that shortly after a series of those errors appear inthe
error
> log, the process gets killed off (and restarted) by daemontools'
softlimit due
> to memory constraints. Afterwards it takes some time until the
errorreappears.
> But we have this exact setup running for over a year now and never had
said
> problem.
>
> --Tobias
>

Is it possible that the concat error and resstart are related (memory load)
but the blank pages are due to the restart killing (restarting) the procs
off before the fastcgi payload is sent?

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Intermittent blank pages

[Wade . Stuart]

Tobias Kremer <[EMAIL PROTECTED]> wrote on 08/28/2008 09:02:24 AM:

> Quoting Sebastian Willert <[EMAIL PROTECTED]>:
> > Are you using Perlbal in front of FastCGI? Perlbal is prone to deliver
> > blank pages if the back-end times out. Unfortunately I haven't found
> > a way to avoid this behavior, but maybe someone on the list can help
> > out ...
>
> No, we're using lighttpd and nothing changed on that front during the
last two
> days :(
>
> --Tobias

Are they delivered instantly or after a long pause?


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Catalyst::Response - send a file

[Wade . Stuart]

Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote on 08/20/2008 04:12:18 PM:

> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-08-20 17:55]:
> > Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote on 08/19/2008 04:39:55 PM:
> > > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-08-19 21:55]:
> > > > $c->response->headers->header('Content-disposition:' =>
> "attachment; filename=$filename" );
> > >
> > > You forgot
> > >
> > > $filename =~ s!"!\\"!g;
> >
> > Yes, I usually sanitize and escape outside of that block --
> > good catch.
>
> I prefer to do this kind of encode/decode stuff at the boundaries
> of the code. It is hard to keep track of how the data is encoded
> and who is responsible for what kind of transformation at what
> time when you don?t do it that way. The particular case of these
> filenames is probably not too difficult because you probably
> aren?t going to be doing a whole lot with them anyway, but still,
> I prefer to push encoding and decoding to the boundaries as a
> general principle so I can never forget to take it into account
> in the middle of the system.

I should have been more concise,  I mean outside of that block of lines
(not elsewhere in the app logic).  I just copied the bunch o header setting
lines I used from my send file code...

>
> PS.: I missed the fact that that should of course also be
> accompanied by always quoting the filename (which presumably in
> your own code is also happening elsewhere):
>
> $filename =~ s!"!\\"!g;
> $c->res->header( 'Content-Disposition' => qq[attachment;
> filename="$filename"] );
>

no,  I have not quoted the filename.  I have to look at the rfc further,
but all my testing has shown it to work without the quotes...



> Regards,
> --
> Aristotle Pagaltzis // 
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Catalyst::Response - send a file

[Wade . Stuart]

Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote on 08/19/2008 04:39:55 PM:

> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-08-19 21:55]:
> > $c->response->headers->header('Content-disposition:' =>
> "attachment; filename=$filename" );
>
> You forgot
>
> $filename =~ s!"!\\"!g;

Yes,  I usually sanitize and escape outside of that block -- good catch.

>
> Regards,
> --
> Aristotle Pagaltzis // 
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst::Response - send a file

[Wade . Stuart]

Jonathan Rockway <[EMAIL PROTECTED]> wrote on 08/19/2008 01:20:53 PM:

> * On Tue, Aug 19 2008, Dermot wrote:
> > This method will work well for binary files. I have opted
> > $c->response->header() method for now.
>
> You haven't described what that method is.
>
> There are two things you need to do to send a file for download.
>
> 1) Set up the HTTP headers (Content-disposition) so that the browser
>knows what to do.

For the save to disk force prompt -- code I that has served me well in the
past (for all tested browsers, ie mac, ie 5->7, moz, ff 1->2, safari,
opera, lynx, many proxy servers ...)

$c->res->headers->content_type('application/octet-stream');
$c->res->headers->content_length( $stat->size );
$c->res->headers->last_modified( $stat->mtime );
$c->response->headers->header('Content-disposition:' =>
"attachment; filename=$filename" );
$c->res->headers->expires( time() );
$c->res->headers->header( 'Last-Modified' => HTTP::Date::time2str);
$c->res->headers->header( 'Pragma'=> 'no-cache' );
$c->res->headers->header( 'Cache-Control' => 'no-cache' );


This forces the save promt and also makes sure no-cache is set so that a
failed download does not leave the user with a partial file.

-Wade


>
> 2) Actually send the data.
>
> In your original post, you hand-waved sending the data.  A number of
> posters told you how to do it.  Now you're saying you've "opted [for
> the] header method".  That doesn't make any sense.
>
> So what exactly are you doing?
>
> Regards,
> Jonathan Rockway
>
> --
> print just => another => perl => hacker => if $,=$"
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] API Versioning for Web Services

[Wade . Stuart]

Bill Moseley <[EMAIL PROTECTED]> wrote on 07/28/2008 01:53:11 AM:

> On Sun, Jul 27, 2008 at 06:42:23PM -0500, [EMAIL PROTECTED] wrote:
> > > widget.1.get
> > > widget.2.get
> > > etc.
> > >
> >   Icky,  I think the API should be versioned -- not methods.  What
if
> > the methods across versions are not compatible (widget1 output used
with
> > foo2) versioning the api forces all methods to be used with their
tested
> > and versioned partners.  When you have 30 or 40 different revisions and
> > developers start relying on mismatching methods from different versions
> > that seems like a headache waiting to happen.
>
> I completely agree.
>
> I suppose a "version" XMLRPC parameter in the request payload is
> possible, but I'm actually leaning more toward just using separate
> endpoints:
>
> http://localhost:3000/rpc1.2
> http://localhost:3000/rpc1.3
>
> or
>
> http://localhost:3000/rpc/1.2
> http://localhost:3000/rpc/1.3
>
> or
>
> http://localhost:3000/rpc?version=1.2
>

I guess there would be nothing wrong with:

api10.example.com:3000/method
api11.example.com:3000/method

either,  I guess it depends on if users are going to be using it or if it
is all app usage.  if all app usage that would allow you to just rev the
api in source control / separate procs and not have a mammoth app with x
number of api versions hanging out and possibly conflicting.




___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] API Versioning for Web Services

[Wade . Stuart]

Bill Moseley <[EMAIL PROTECTED]> wrote on 07/27/2008 11:09:46 AM:

> On Sat, Jul 26, 2008 at 06:00:39AM +0100, Matt S Trout wrote:
> >
> > sub widget :Local VersionedXMLRPC('widget.get') {
> >
> > sub widget_xmlrpc_v1 {
> >
> > have VersionedXMLRPC apply a custom a ction class that does ->can
> > based dispatch, same way Catalyst::Action::REST does.
>
> C::Action::REST uses "ActionClass('REST')" to specify the class for
> the action.  And with a custom request class, has a custom dispatcher to
> dispatch based on the request method.
>
> Your example above does not use ActionClass.  Were you suggesting that
> these XMLRPC actions have their own action class, and if so how would
> the actions be setup then?
>
> I would think the Catalyst approach would be something like this:
>
> sub widget : Local ActionClass('XMLRPC', 'widget.get' ) {
>
>
> There's more than one approach, of course.
>
> My current approach (w/o versioning) is to have a custom dispatcher
> type (which I push onto $c->dispatcher->preload_dispatch_types).  I
> also have a custom HTTP::Body type to parse the XMLRPC payload.  Once
> the XMLRPC method name is known from the request the dispatcher
> searches for the matching action.
>
> But, I do like the approach of matching the action, and then using
> $controller->can to try and find an appropriate version as you
> suggested.
>
> By the way, my assumption is I would have the entire XMLRPC API
> versioned.  I asked about this on the XMLRPC list and it was
> recommended that instead I version individual methods.  That is, have
> separate method names that include a version:
>
> widget.1.get
> widget.2.get
> etc.
>
> which would make the Catalyst part very simple, but I'm not sure I
> like that idea of each method having a version in the method name.
>

Bill,

  Icky,  I think the API should be versioned -- not methods.  What if
the methods across versions are not compatible (widget1 output used with
foo2) versioning the api forces all methods to be used with their tested
and versioned partners.  When you have 30 or 40 different revisions and
developers start relying on mismatching methods from different versions
that seems like a headache waiting to happen.

-Wade

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Preventing simultaneous logins

[Wade . Stuart]

>
> It's fairly simple to track user login now.  You can have an automatic
> ping from the browser to the server that updates the session time.
> Just put it in your template wrappers so you have some simple request
> (even something like an action that renders an image, and a javascript
> timer that reloads that image every X number of seconds).
>
> That way you can set your lockout time to a ridiculously low level so
> the user doesn't have to wait for the session to clear.
>

True, assuming you can count on javascript to be enabled on the client (you
control the client software/settings, or don't care to support users that,
either by choice, or cooperate policy can't enable js) and take the extra
hits on your server(s) and db/session store for each idle client.

Even with web 2.0 around there are still quite a few users that will not
run js.

> I think the points about the problem are perfectly valid though, it's
> a hard problem to solve right, because "right" is very use case
> specific and the protocol itself is the problem.

Yep,  all "solutions" have trade offs.  If someone knows one that fits all
I would be more then interested in hearing about it.



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Preventing simultaneous logins

[Wade . Stuart]

"Daniel McBrearty" <[EMAIL PROTECTED]> wrote on 07/23/2008 02:47:57
PM:

> I'm using Cat with a pretty standard configuration of :
>
> Catalyst::Plugin::Authentication
> Catalyst::Plugin::Session
> Catalyst::Plugin::Session::State::Cookie
> Catalyst::Plugin::Session::Store::FastMmap
>
> to handle login and session management. My login code looks like this:
>
>  my $u = $params->{username};
>
>   if ($c->authenticate( { username => $u,
>   password => $params->{'password'}
> } )){
> my $user = $c->user;
> $user->last_login(DateTime->now);
> $user->update();
> $c->response->redirect( $forward, 301);
>
>   } else {
> # login failed
> $c->stash->{login_failed} = 1;
>   }
>
>
> What I'd like to do is check if this user is already logged in at some
> other computer, and deny access if so. I guess that means :
>
> 1. checking whether there is an existing session associated this username
> 2. Being sure that the associated session is cleared when the user
> hits 'logout'
>
> I did a quick search and didn't get anything on the list - any quick
> clues about the easy way to do this, before I start digging into the
> guts of the plugins to see how?
>
> many thanks
>
Daniel,

  This is actually a pretty "hard" problem -- there is no right answer.
What if the user clears her browser state while using the site?  Leaves the
computer and browser on at work then tries to log in at home on a different
computer?  I think you can gain most of the lockdown of 1 session per user
if you just track user activity over a X minute period.  for instance every
time a user hits your app add a record that is attached to the user account
in the db (src ip, session number, other relevant info).  Then do (either
inline or if it is too costly,  via cron) a check on those entries that
looks for multiple IP/Sessions or whatever you define as multiple users
(given that http is stateless there really is no _safe_ definition).  If
that process detects usage over your threshold,  disable (temp or
permanent) the account.  The same process can clean up entries that are
outside of the time window that you want to look at.




___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst::Authentication::Credential::LDAP

[Wade . Stuart]

Bruce J Keeler <[EMAIL PROTECTED]> wrote on 07/23/2008 02:16:16 PM:

> Peter Karman wrote:
> > On 07/22/2008 10:37 PM, Matt S Trout wrote:
> >
> >> On Wed, Jun 25, 2008 at 11:27:13AM -0700, Bruce J Keeler wrote:
> >>
> >>> Also, somewhat apropos, I have a
> >>> C::A::{Store,Credential}::ActiveDirectory  that I based on the LDAP
> >>> stuff.  The LDAP modules didn't work for me because they want to bind

> >>> anonymously and retrieve the crypted password, whereas AD just wants
to
> >>> authenticate with a bind.
> >>>
> >> So, having established this isn't true.
> >>
> >> Could you perhaps instead post a message asking why your config of the
> >> main LDAP store didn't work so we can figure out what configuration
problem
> >> you had and document it?
> >>
> >
> > likely he is missing a 'binddn' and 'bindpw' config setting. The
> initial bind() will try
> > anonymously if those are not set. What I usually do for Active
> Directory is create a user
> > specifically for use with Net::LDAP (and by extension, C::A::
> Store::LDAP), and then do all
> > my initial binds with that user/pass.
> >
> > 'binddn' and 'bindpw' are fully documented; if the docs can be
> improved, please send a patch.
> >
> >
> I seem to recall trying that, but it's been long enough that I don't
> recall the details of what went wrong.
>
> The other reason I went off in my own direction is that I wanted to pull
> role information from AD groups, and I couldn't see any way of making
> that work with the stock ::LDAP modules.  I will try to make some time
> to revisit this stuff soon.

http://search.cpan.org/~karman/Catalyst-Authentication-Store-LDAP-0.1002
/lib/Catalyst/Authentication/Store/LDAP.pm#use_roles



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst::Authentication::Credential::LDAP

[Wade . Stuart]

Peter Karman <[EMAIL PROTECTED]> wrote on 07/23/2008 08:29:42 AM:

>
>
> On 07/22/2008 10:37 PM, Matt S Trout wrote:
> > On Wed, Jun 25, 2008 at 11:27:13AM -0700, Bruce J Keeler wrote:
> >> Also, somewhat apropos, I have a
> >> C::A::{Store,Credential}::ActiveDirectory  that I based on the LDAP
> >> stuff.  The LDAP modules didn't work for me because they want to bind
> >> anonymously and retrieve the crypted password, whereas AD just wants
to
> >> authenticate with a bind.
> >
> > So, having established this isn't true.
> >
> > Could you perhaps instead post a message asking why your config of the
> > main LDAP store didn't work so we can figure out what configuration
problem
> > you had and document it?
>
> likely he is missing a 'binddn' and 'bindpw' config setting. The
> initial bind() will try
> anonymously if those are not set. What I usually do for Active
> Directory is create a user
> specifically for use with Net::LDAP (and by extension, C::A::Store::
> LDAP), and then do all
> my initial binds with that user/pass.
>
> 'binddn' and 'bindpw' are fully documented; if the docs can be
> improved, please send a patch.
>

Peter,

  From my perspective they are documented too well -- it took me a bit
to figure out how to do _anon_ binds. =)

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst::Authentication::Credential::LDAP

[Wade . Stuart]

Matt S Trout <[EMAIL PROTECTED]> wrote on 07/21/2008 04:32:03 PM:
>
> Maybe the search phase failed for the original poster?
>
> I dunno, I was just saying it should probably support both approaches :)
>

Sorry Matt,  my comment was directed twords the OP not you -- I just
piggybacked on your message.  If the search phase failed for him it seems
like it was a config problem or a edge bug (lets find it and fix vs a new
ldap auth module for cat on cpan).  I have used it on a bunch o different
AD schemas (some heavily segmented,  some heavily locked down) with no
issues.  I don't really know of any non vendor ldap auth that grabs the
crypted pass for client side auth instead of binding against the user (what
this app does).



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Catalyst::Authentication::Credential::LDAP

[Wade . Stuart]

Matt S Trout <[EMAIL PROTECTED]> wrote on 07/19/2008 07:10:28 PM:

> On Wed, Jun 25, 2008 at 11:27:13AM -0700, Bruce J Keeler wrote:
> > Also, somewhat apropos, I have a
> > C::A::{Store,Credential}::ActiveDirectory  that I based on the LDAP
> > stuff.  The LDAP modules didn't work for me because they want to bind
> > anonymously and retrieve the crypted password, whereas AD just wants to

> > authenticate with a bind.  My stuff also gets role information from AD
> > groups.  I've been meaning to get it out on CPAN one of these days, but

> > it hasn't been a priority; I suppose I can work on it if anyone else
> > needs it though.
>
> Sounds to me like 'auth by bind' versus 'auth by retrieve and check'
should
> be an option in the LDAP stuff, not a separate module. Fancy doing up
> a patch?
>

>From the POD It authenticates users in two steps:



1) A search of the directory is performed, looking for a user object that

   matches the username you pass.  This is done with the bind credentials

   supplied in the "binddn" and "bindpw" configuration options.



2) If that object is found, we then re-bind to the directory as that
object.

   Assuming this is successful, the user is Authenticated.







And the actual check password code:

$self->store->ldap_bind( undef, $self->ldap_entry->dn, $password,

'forauth' );

Notice the rebind.

So it does not try to "retrieve the crypted password",  it does bind (anon
or by authorized service account if set in binddn and bindpw) to the ldap
server, Next it grabs the user's dn from a search on that bind.  Finally to
authenticate it actually binds to the ldap server as that user's dn.  This
works well against AD (I use it),  I don't understand what deficiency you
are trying to fix with your patch.





___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] method to repeatedly submit form

[Wade . Stuart]

Dermot <[EMAIL PROTECTED]> wrote on 07/10/2008 02:46:33 AM:

> 2008/7/9 Mesdaq, Ali <[EMAIL PROTECTED]>:
> > Just to better understand what your trying to do. Are you saying you
> > want to display records and only the records that are selected you want
> > to be passed to the other db?
>
>
> Yes in part that correct. However up to that point there wouldn't have
> been any validation on the records (there are imported from csv). I
> had thought that I should, for each record, open it in a FormFu, do
> the validation, if ok send it, if not halt and prompt the user.
>
> Perhaps I should try a different approach, like validating the data at
> the import stage. I had thought about using Chain also.
> Thanx,
> Dp.

  I must be misunderstanding what you are trying to do.  I read it as
you have a few hundred records in your cat app that you wish to be able to
present to a user and have them submit them in such a way that a cgi post
happens to a non related cgi app (that controls another database).  Is this
correct?  If so,  I do not know why you would not just show the records
(not in html forms, but as an informational view) with an ability to select
records.  these selected records posted via a submit to your app, can cause
your app to validate (why are they not validated on import of the csv btw?)
and submit to the external app via LWP server side (not via some client
side javascript hack).

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Users hierarchy

[Wade . Stuart]

jakac <[EMAIL PROTECTED]> wrote on 06/02/2008 09:59:37 AM:

> Hello!
>
> I need a help on building a model for user that has a permission to edit
> other users that were created by this user or any of his children,
> grandchildren etc.
> (difficult sentence, I know)
>
> To make this a little more understandable here's my database table:
>
> - user_id
> - username
> - password
> - various other data such as fname, lname, address etc.
> - parent_id
>
> Column "parent_id" has a value of "user_id" that created one user.
> There is also
> a "superadministrator" with parent_id '0' that can edit everybody.
>
> Now I would like to build a model that I can use in my controllers like:
>
> if ( user_id is child,grandchild,gradgrandchild of logged in $c->user
) {
>     # has permisson to edit
> } else {
>     # doesn't have a permission to edit
> }
>
> Example:
> - superadmin
> |__- foo
> |__- bar
> |- john
> |__- doe
>
> In this example:
> - superadmin can edit anybody,
> - bar can edit john & doe
> - john can edit only doe
> - foo can't edit anybody since he has no children
> And there can be unlimited levels of users...
>
> There is no problem with permission to edit first child since I can
> just compare
> logged in user's ID with edited user's parent_id but when edited
> user is grandchild,
> grandgrandchild, (grand * n) child of $c->user then I need some kind of
model
> to return true/false value.
>
> I've never done that and I am also new to Catalyst so any help would
> be appreciated.
> Thank you!
>


Check out Nested Trees,  Joe Celko has some articles about them.  Mojomojo
has a pretty complete implementation of one in dbix:class if I remember.
http://www.dbmsmag.com/9603d06.html
http://www.intelligententerprise.com/001020/celko.jhtml






>
> JakaC. ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] So, what do we want in the -next- book?

[Wade . Stuart]

Andrew Kornak <[EMAIL PROTECTED]> wrote on 04/28/2008 03:19:39 PM:

> Personally, I would like any book on Catalyst, even if it was only a
> single chapter in a larger MVC treatment. I bought Jonathan's book and
> contrary to another poster's opinion found it quite useful.
>
> -Andrew


  Hopefully I do not derail this thread (is that possible?), but how
about concentrating on something that is more likely to happen.  Such as a
concentrated effort to have a large(er) (complicated) example app that uses
Cat in "best practices" mode.  I am not talking 25 examples at different
stages (or targeted towards old updated Cat styles -- see svn),  but one or
two large apps that everyone can work towards extending.  Showing different
real world coding issues.  Then take next years Advent and target pieces of
these real world examples picking apart how sections work,  why they were
constructed in a certain way etc. That seems like a goal that will allow a
better overall base for people to work on.  Pushes conversations about best
practice (via code review and check ins merges) and designs. and is an
orchestrated effort to self document by example.

Pick one or two app topics and let people extend and create -- then talk
about what they did in a advent sort of way.

-Wade





>
> On Mon, 2008-04-28 at 10:03 -0500, Mitch Jackson wrote:
> > I'd like to see a walkthrough of good MVC separation in practice.
> > This took me a while to get through my stubborn skull, and would be
> > good material to a new Catalyst developer.  My first few Cat apps
> > suffered heavily from having too much logic in the controllers.
> >
> > The example could look something like this:
> > - Put this logic into a model method and why
> > - Build a .t file to test the model method ( possibly include
> > deploying and testing against a mock database )
> > - Build a .pl file, outside the catalyst web app that uses the method
> > - Finally, use the method from your catalyst action
> >
> > This not only suggests good practice to the reader, but shows them how
> > to do it properly and gives them hands-on with the benefits of the
> > approach.
> >
> > /Mitchell K. Jackson
> >
> > On Sat, Apr 26, 2008 at 7:01 PM, Ian Sillitoe <[EMAIL PROTECTED]> wrote:
> > > So as I said - I contacted O'Reilly to request info/submit interest
in a
> > > Catalyst Cookbook/Best Practices. I've been in contact with a chap
called
> > > Andy Oram who seems to be O'Reilly's Perl Guy (FWIW he also seems a
nice,
> > > but very busy, guy). I was waiting for him to give me the nod
> before posting
> > > the following thread to the mailing list...
> > >
> > >
> > > 
> > >
> > >
> > > I just had a moment to reply. You can post my reply to the mailing
list--I
> > > do appreciate that you asked first. Results of my asking around are
> > > discouraging. I will try to do some more research next week, butthis
is a
> > > busy time for me. (I have only 6 days at home during the whole month
of
> > > April.)
> > >
> > >  Andy
> > >
> > >  - Original Message -
> > >  From: "Ian Sillitoe" <[EMAIL PROTECTED]>
> > >  To: "Andy Oram" <[EMAIL PROTECTED]>
> > >  Sent: Thursday, April 17, 2008 4:28:34 AM (GMT-0500)
America/New_York
> > >  Subject: Re: Catalyst Cookbook/Best Practices
> > >
> > >  Andy,
> > >
> > >  Thanks for getting back to me. It would obviously be nice to see
> > >  O'Reilly give Catalyst the full "Best Practices" treatment, however
as
> > >  you say, a more simple "Catalyst Cookbook/Hacks" book of code
snippets
> > >  would presumably be much easier to produce/edit and therefore more
> > >  likely to happen. The Catalyst POD docs are already pretty good and
> > >  will undoubtably continue to improve. However most Catalyst
> > >  developers, i.e. the people that would actually fork out money (or
get
> > >  their employers to fork out money) to buy the book, would probably
be
> > >  very happy just to get the interesting snippets in lots of different
> > >  case scenarios.
> > >
> > >  Also, I was going to post the reply you gave on the Catalyst mailing
> > >  list - but it feels a bit rude without at least asking you first -
any
> > >  objections?
> > >
> > >  Lots of people would be really interested in any further
developements
> > >  so if you had a chance to update me when you hear anything, I would
be
> > >  really grateful.
> > >
> > >  Regards,
> > >
> > >  Ian
> > >
> > >
> > >  -- Forwarded message --
> > >  From: Andy Oram <[EMAIL PROTECTED]>
> > >  Date: Wed, Apr 16, 2008 at 11:46 PM
> > >  Subject: Catalyst Cookbook/Best Practices
> > >  To: [EMAIL PROTECTED]
> > >
> > >
> > >  I just had a moment to reply to your request for a Catalyst
Cookbook,
> > >  which was forwarded to me because I edit most of our Perl books now.
> > >
> > >   I appreciate your contacting us, and I'll ask the Stonehenge
trainers
> > >  as well as the many O'Reilly employees who are heavily involved in
> > >  Perl development. Unfortunately, it's very hard to

Re: [Catalyst] Re: Why does $c->stats require -Debug flag?

[Wade . Stuart]

Aristotle Pagaltzis <[EMAIL PROTECTED]> wrote on 04/24/2008 12:32:12 PM:

> * Jonathan Rockway <[EMAIL PROTECTED]> [2008-04-24 19:10]:
> > * On Thu, Apr 24 2008, Aristotle Pagaltzis wrote:
> >> * Jonathan Rockway <[EMAIL PROTECTED]> [2008-04-24 11:25]:
> >>> * On Thu, Apr 24 2008, Jon Schutz wrote:
> >>> > No problems, if that's what the Catalyst standard says; I
> >>> > must have missed it. Where is it? I'd like to consult it on
> >>> > a number of matters... please post the link.
> >>>
> >>> Basically it's more of a "zeitgeist" than an actual document.
> >>> There are some things that the community has decided and
> >>> "just do".
> >>
> >> That?s the sort of feel-good bollocks I?d expect to read on a
> >> Rails hype blog, not here. Unspoken rules and gut feel are no
> >> way to run a community. Catalyst suffers from this in general:
> >> way too little is written down, much less in any systematic
> >> fashion.
> >
> > Nobody has time to run a bureaucracy.  We just want to write
> > code.
>
> Yes, backcompat code. And I suppose the time to run a deprecation
> cycle bureaucracy will find itself. File under ?false laziness.?

If you expect behavior over cycles, write test code.  If changes happen
that make that test fail it will prompt discussion and offset the
depreciation cycle to the closest change set.  If you want to document down
to the dot,  without test code -- you are in for a world of outdated
documentation.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: CatalystSites.org

[Wade . Stuart]

Stephen Sykes <[EMAIL PROTECTED]> wrote on 04/02/2008 03:46:16 PM:

> Pagaltzis wrote:
> > * Jonathan Rockway <[EMAIL PROTECTED]> [2008-04-02 20:55]:
> >
> >> * On Wed, Apr 02 2008, Oleg Pronin wrote:
> >>
> >>> 2008/4/2, Ulf Lenski <[EMAIL PROTECTED]>:
> >>>
>  Hallo Ulrich,
>  ich habe, dein Einverstandnis vorausgesetzt, unsere pspf-app
>  mal auf der unten genannten Seite veroffentlicht.
>  http://drs.dife.de/ konnte dort doch auch gelistet werden?
> 
>  Wollen wir uns bei Gelegenheit mal wieder treffen?
> 
>  bis bald - ulf.
> 
> >>> ti che raspizdilsya po-nemetski, suka ?
> >>>
> >> ??
> >>
> >
> > Περί τίνος μιλάμε?
> >
> > Regards,
> >
> Can someone translate?

Ich bin nicht gut Deutsch sprechen, aber ...

Hello Ulrich,
I have your consent provided our pspf-app times on the
Referred to below page.
Http://drs.dife.de/ but there could also be listed?

Shall we look at the opportunity again?

Up soon - Ulf.

>
> Thanks,
> [stephen]
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

RE: [Catalyst] Chart::Graph::Gnuplot trouble.

[Wade . Stuart]

Gene Selkov <[EMAIL PROTECTED]> wrote on 03/20/2008 08:26:22 AM:

> On Mon, 17 Mar 2008, Peter Edwards wrote:
>
> But I would also like a competent answer to this question: what can be
> done to make the "normal" Catalyst code interact with unix processes on
> all 3 channels? I mean, all 3: if a process spews something on stderr,
> I'd like to capture that, consider how severe the message is (unless it
> tells me in the status code) and possibly throw an exception and
> ultimately forward the message to the browser.

I do not get what you are pushing for -- from what I have seen "normal"
catalyst code acts like "normal" perl code,  except when the type of engine
you are using requires its own stdio redirects -- in which case it must
handle these in/outputs differently.

If you want to have full control over the running procs use IPC::Run3,
IPC::Run, IPC::Open3 or one of the other perl modules that afford you
specific controls over the standard filehandles (per exec, system or run),
or use an engine that does not require  hijacking the handles for its own
purposes I do not believe there _can_ be a generalized fix for all engines
-- some _require_ stdio control to function.

-Wade



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

RE: [Catalyst] implementing ajax

[Wade . Stuart]

"Matt Pitts" <[EMAIL PROTECTED]> wrote on 03/12/2008 11:53:45 AM:

> > -Original Message-
> > From: Jonathan Rockway [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, March 12, 2008 12:12 PM
> > To: The elegant MVC web framework
> > Subject: Re: [Catalyst] implementing ajax
> >
> > * On Wed, Mar 12 2008, Matt Pitts wrote:
> > > The main reason against JSON for me is security. Something that can
> > be
> > > eval'd is very dangerous and I'm sure we're all aware of the cross-
> > site
> > > vulnerabilities that take advantage of JSON returned data.
> >
> > Don't parse JSON with eval.  Use a parser.  (How do you think Perl
> > parses JSON?)
> > It's a code vs. data issue.  Yes, evalling code is dangerous.  So
> don't
> > do that.  Treat your data as data and you won't have a problem.
>
> Sure, I can do this in my own client-side JS, but what if I can't trust
> the client? Even if my returned JSON is purely JSON structure (no "var x
> = {  };", just "{  }") can I still be guaranteed
> that if someone does:
>
>  src="http://myapp.com/some/cat/action/that/returns/json/data";>
>
> in their own pages that the local JS engine won't actually put my data
> (with potential user info) into memory and allow a malicious person to
> get it? I see where you could maybe make this same argument against XML,
> but since JSON is really, really close to being eval-able as JS code
> whereas XML is not, I'd rather err on the side of caution.
>
> If data is data and you have to use a parser anyway, then again, why not
> use a format that is less vulnerable to malicious access?
>

Matt,

  I have absolutely no idea what additional security you are
inferencing by this email.  If you toss sensitive data out whether the
format is json, xml, or xor 3|\|CoD3d it is still in their hands.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Upload progress meter

[Wade . Stuart]

Bill Moseley <[EMAIL PROTECTED]> wrote on 02/29/2008 01:30:38 PM:

> So I have a file upload page and an ajax-updated progress meter.  Not
> unlike the UploadProgress plugin.
>
> The progress meter works fine while transferring the file.
>
> There's also some processing that happens to the file after the upload
> is complete (and before returning the response) and during that
> processing I update the JSON that is returned.
>
> But, the progress meter isn't showing that post-upload status.
> My guess is once the browser has sent all the file data that it stops
> processing the ajax requests.  Can anyone confirm that's what is
> happening?

This depends,  if you are submitting a passthrough form for the upload
directly the page will reload after the upload is done.  If you are doing a
ajax submit this could also be the case depending on how your framework
handles the form post. If you are posting to an iframe this problem is most
likely in your js update progress event loop.  It would help if you strip
out the offending code blocks/template and js and post.

>
> Another question about upload progress meters.  A seemingly common way
> to handle the upload progress is to submit the form in an iframe.  Are
> there some browsers that require that?  That is, won't work with the
> UploadProgress method of submitting the form and continuing to run the
> ajax to check the progress?

I have been bitten by this -- safari seems to _not_ allow updates to dom
while a form (with upload) is being posted unless you post to an iframe.  I
am sure there are others.

>
> I'm not a fan of the iframe method.  The examples I've tried online
> are often poorly implemented.  A few that I tried failed to stop
> making ajax requests after the file was uploaded.

Well the YUI framework upload progress does not use an iframe (directly at
least -- it may do so in the js code) and works on safari.  The problem is
this uses a flash part for file select and upload so it may not be
acceptable to you.

My goal is to get a very flexible (bulletproof) upload progress plugin.
IMHO it should support fall back to normal form post if js is not available
and work across all browsers out of the box. Also I would like to extend it
to allow multi file select ala js or flash via config. I am still digging
into the current uploadprogress plugin to make it work for my needs,  but I
would like to get it upadted to just generally work (to be fair it does
work for most cases right now, just not on specific browsers such as
safari).

A secondary problem I have is that http uploads do not support files larger
than 2gb (with some very limited exceptions based on browser/server
combos).  I would have loved to see yui's flash based uploader work around
this somehow but I guess there is no way to do so yet.

-Wade

-Wade



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: YUI uploader example

[Wade . Stuart]

"Lance A. Brown" <[EMAIL PROTECTED]> wrote on 02/21/2008 10:02:32 PM:

> This is *really* cool.  Thanks
>
> --[Lance]

Yes, very cool.  I am still testing it, but it looks like there may need to
be some tests added to the code to limit file size.  I was hoping that the
flash uploader would work with large files (greater than 2g) unlike http
uploads.  It does not seem to be the case though.  I will post diffs once I
work out the best place to test and the actual limits in the example.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

[Catalyst] RFC - Catalyst::Plugin::UploadProgress (changes to accommodate safari)

[Wade . Stuart]

  I am looking for comments from people whom use this plugin.  I have
had some issues getting it to display the upload progress bar realtime with
safari.  After a lot of digging around it appears as though safari does not
allow you to update the DOM while a form containing a fileupload is posted.
Actual usage shows the progress bar for a flash (or not even) right before
the final page reload happens from the form action url.

  The solution I have found and seems to test across all browsers
(ie,ff,safari, opera) is to (yes I know i hate them too) use an invisible
iframe in the form and set the form's target to that iframe.  The jmpl js
needs to be changed to redirect to the action url to achieve the same
redraw of the screen that happens after the non-iframe-target-hacked
version.

My questions are:

Has anyone else seen these issues, or found any other way around them?
Should I just submit a patch for pod describing the issue and workaround
for safari OR change the pod, startEmbeddedProgressBar to accept a target
final target argument and jmpl to allow for the jump?



See below for a working  (safari,ff,ie,opera) example modified from the pod
(without the jmpl/js mods).


 use Catalyst;
MyApp->setup( qw/Static::Simple Cache::FastMmap UploadProgress/ );

# On the HTML page with the upload form, include the progress
# JavaScript and CSS.  These are available via a single method
# if you are lazy.

  
[% c.upload_progress_javascript %]
  
  ...

# For better performance, copy these 3 files from the UploadProgress
# distribution to your static directory and include them normally.

  



  
  ...

# Create the upload form with an onsubmit action that creates
# the Ajax progress bar.  Note the empty div following the form
# where the progress bar will be inserted.

+ 

  
  



# No special code is required within your application, just handle
# the upload as usual.
sub upload : Local {
my ( $self, $c ) = @_;

my $upload = $c->request->uploads->{file};
$upload->copy_to( '/some/path/' . $upload->filename );
}



Thanks!
Wade Stuart
Fallon Worldwide
P: 612.758.2660
C: 612.877.0385


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Schedule::Cron

[Wade . Stuart]

Andrew Kornak <[EMAIL PROTECTED]> wrote on 02/13/2008 04:41:08 PM:
>
> It occurs to me that some might not have the advantage of being on an
> open platform and may be in a primitive Windows environment. I am
> uncertain if there is an equivalent to cron on Windows and this plugin
> might be a "portable" alternative in such a circumstance. My 2 cents.
>
> Regards,
> Andrew Kornak

Still...

built in "at" in windows or
http://cronw.sourceforge.net/

A webapp is not the place to emulate cron -- just like your shoe is not
comfortable being worn on your ear.


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] catalyst book

[Wade . Stuart]

Chisel Wright <[EMAIL PROTECTED]> wrote on 01/31/2008 02:40:14 PM:

> On Thu, Jan 31, 2008 at 04:19:22PM -0400, Fernanda Boronat wrote:
> > Hello, forgive my English, I speak Spanish, I would like to know if
> > anyone has the book: Accelerating Perl Web Application Development
> > (Packt Pub.) In digital format (PDF) or any link to be able to
> > download
>
> Or ... like the rest of us, you could buy a copy.
>
> http://www.packtpub.com/catalyst-perl-web-application/book

No idea if he was asking for a pirated version or if he was just looking
for a electronic version to buy -- I would hope the second option.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] warning

[Wade . Stuart]

"Carl Franks" <[EMAIL PROTECTED]> wrote on 01/24/2008 01:44:33 AM:

> On 24/01/2008, Octavian Rasnita <[EMAIL PROTECTED]> wrote:
> >
> > I hope I will be able to test why Firefox isn't working. Our client
told
> > that it used to work last year and now it is not working. The only
change
> > I've made was to remove the domain specification from the cookie, for
making
> > it work with more domain names.
> > Now I put it to set the cookie_domain in Root.pm and he says that the
login
> > is working again so I assumed that the domain is important for Firefox.
>
> I recommend that if you can't replicate the client's problem, go to
> the client's site (or vnc in), view the problem yourself, and diagnose
> it from there.
> It won't be the first time a user's forgotten how to log-in to a
> system over the holidays - and then happened to get it right after
> support had made an inconsequential change!
>

Also check for a brain dead proxy server (or transparent proxy server) on
the client side that be eating your cookies.



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] warning

[Wade . Stuart]

"Octavian Rasnita" <[EMAIL PROTECTED]> wrote on 01/23/2008 12:23:48 PM:

> From: <[EMAIL PROTECTED]>
> >
> >  Try setting the cookie to a more reasonable second count (1 day)
and
> > see if that resolves your issue.  All of the browsers handle extended
> > cookies a bit differently and while one setting may work on IE, the
smae
> > may cause a nocookie on firefox.  I really believe your problem is one
of
> > cookie expiration (or content length) and not one where you have to
mess
> > around setting the domain again (that problem is solved for you -- stop
> > looking for zebras).
>
> But if I do that and a client will close the browser without logging off,

> somebody else could open the browser and the app will recognize him as
the
> owner of the account, so it could be a big security issue.
> That's why I need to have cookies which are not saved and used after the
> browser was closed.
>
> Can I set the expiry date and avoid that security risk?
>
> Thank you.
>
> Octavian

Octavian,  diagnose the issue. See if setting the cookie to a reasonable
second count fixes the issue.  See if it is a expiry issue or something
else.  I am not asking you to redesign your app -- just pinpoint the issue
without assuming it is the domain setting in the cookie.



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] warning

[Wade . Stuart]

"Carl Johnstone" <[EMAIL PROTECTED]> wrote on 01/23/2008 11:22:50
AM:

> > Our sysadmin told me that this way is better because we won't make
traffic
> > (and slow down) on the public network interface.
>
> Marginal, you'd need to be doing *a lot* of data transfer. I think our
data
> transfer at our ISP maxes out at around 12Mbps on an average lunch time -

> well below the 100Mpbs a poor network can do.
>
> > And he also told me that he cannot assign a single domain name that
points
> > to 2 different IP addresses, because we have a single DNS. He told that

> > yes, if we would have 2 DNS, he could make one work for the intranet
and
> > one for the internet access, but it is not the case.
>
> Use HOSTS files on the local machines to override the DNS IP?
>
> > cookies_expire => 0,
> >
> > If you have also tried with this kind of cookies and it works in
Firefox,
> > please tell me the version of Firefox.
>
> I've it on my dev setup and it works on current Firefox 2, however
checking
> the raw cookie and it's setting a time of 2 hours, so I think something
else
> is going on. I've not got time to dig further at the moment.
>

Oct,

  Try setting the cookie to a more reasonable second count (1 day) and
see if that resolves your issue.  All of the browsers handle extended
cookies a bit differently and while one setting may work on IE, the smae
may cause a nocookie on firefox.  I really believe your problem is one of
cookie expiration (or content length) and not one where you have to mess
around setting the domain again (that problem is solved for you -- stop
looking for zebras).


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Development environments and performance

[Wade . Stuart]

"John Goulah" <[EMAIL PROTECTED]> wrote on 01/16/2008 11:13:06 AM:

>
>
>
> Why wouldn't you just use the standalone server bundled with
> Catalyst?  Fcgi is great for production, but the processes are
> fairly thick memory wise, so having instances for each developer
> could be an issue.   We use the cat server for development and works
> fine for about 5-10 people at any given time on a modest box (4G ram)

Could be a massive assumption,  but usually when you go through the cost
(time, cap) of building out a dev server environment you want it to mirror
your production servers as much as possible so that you spend time
squishing bugs that may exist in your production environment -- not some
other different environment.  If they are using FCGI in prod it makes
perfect sense to do so in dev.  Why battle bugs that may be introduced on
the standalone server, or worse miss bugs that _do_ affect your production
environment because you are developing on a different environment?

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] hostname

[Wade . Stuart]

"Octavian Rasnita" <[EMAIL PROTECTED]> wrote on 01/10/2008 12:54:06 PM:

> From: "Carl Johnstone" <[EMAIL PROTECTED]>
> > Both the context object and the hostname should be available to code
> > within MyApp.pm, but only if the code is running during a request.
>
> Ok, but how to get the hostname during a request in MyApp.pm if a $c
> variable is not available?
>
> Octavian
>

Sys::Hostname or a statically set config var,  as there is no reference to
a request at that point (or any real way to derive the list of possible
hostnames hat could be requested).  But then again,  unless you "know" the
hostname that will always be requested why try to set it at that point at
all?  I would still opt for using the request to set a dynamic hostname
later in the process unless you have good reason not to (ssl cert tied to a
hostname for example).  I think most times it is better to not assume that
the hostname requested will be static in code. It makes for a more flexible
and  deployment easier for your app (do you really want to go change a
hardcoded hostname when dns changes need to happen).




-Wade







___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] hostname

[Wade . Stuart]

"Carl Johnstone" <[EMAIL PROTECTED]> wrote on 01/10/2008 09:44:30
AM:

> > from the context object, but is unavailable to MyApp.pm.  cookie_domain
>
> Both the context object and the hostname should be available to code
within
> MyApp.pm, but only if the code is running during a request.
>
> In any case I wouldn't point multiple domains at the same site, you're
> always best off choosing your preferred name and redirecting
alternatives.
> Otherwise you're going to have fun with users following links to
domain1.com
> and coming back via links to domain2.com - often within minutes of each
> other.

How would you propose handling an ASP like service that is branded (both
host whatever.companya.com ... othersuch.company9.com, and templates)
for 1 companies? 1 instances of your app on different servers + all
of the cache and proxy services?  Or would you have companya.com redirect
to service.aspprovider.com and lose the ability (and pretty important
branding sometimes) to masquerade the service as if it were run by
companya?

I am just saying,  it is a completely valid and useful ability.

-Wade

>
> That said, there's a case for needing to know the hostname if you've got
> multiple sites running from the same Cat App.
>
>
> Carl
>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] hostname

[Wade . Stuart]

"Octavian Rasnita" <[EMAIL PROTECTED]> wrote on 01/09/2008 02:01:02 PM:

> From: <[EMAIL PROTECTED]>
> > So if you want the cookie to be set on the client without worrying
about
> > the hostname requested don't set the domain_name or set the domain_name
to
> > the common domain for all hosts.
>
> Thank you very much! That was it.
> I thought that if I won't set a domain name, it wont set the cookie
> correctly.
>
> Octavian

No problem,  I am impressed you were able to understand that post -- I was
interrupted six times while writing it and after I hit send noticed how
non-english-like it turned out.

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] hostname

[Wade . Stuart]

Ash Berlin <[EMAIL PROTECTED]> wrote on 01/09/2008 05:39:22 AM:

>
> On Jan 9, 2008, at 11:12 AM, Octavian Rasnita wrote:
>
> > From: "Ashley" <[EMAIL PROTECTED]>
> >
> >> Oh, I was too fast. Blush. You mean without the context object. :(
> >
> > Yes, that's what I want.
> > Can't the context object be accessed in MyApp.pm?
> >
> > Thanks.
> >
> > Octavian
> >
> >
>
> Currently MyApp.pm *is* the context object. The problem is Catalyst
> has no idea of the hostname until it sees the request headers - you
> can have multiple hosts point at the same Catalyst app. Only you know
> what the hostname is - so you'll have to set it in the config.
>
> -ash

Not really,  the http request also includes the clients version of the host
it is requesting from.  This is how virtual servers work (where one http
process serves different data based on the hostname the client is
requesting).  $c->req->header( 'Host' ) provides the information needed
from the context object, but is unavailable to MyApp.pm.  cookie_domain
setting in Catalyst::Plugin::Session::State::Cookie needs to be set to
reflect the requested hostname in this case else the browser will not set
the cookie nor include it on round trips to the application if the
requested host/domain is different from the host that Catalyst believes it
is running as.  I believe a workaround for this issue is to leave the
cookie_domain setting unset which I believe will produce a cookie that is
not stating its domain and the client browser will treat as locked to the
requested host's name for the domain.



So if you want the cookie to be set on the client without worrying about
the hostname requested don't set the domain_name or set the domain_name to
the common domain for all hosts.



-Wade





___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Custom error handling

[Wade . Stuart]

"Dmitriy S. Sinyavskiy" <[EMAIL PROTECTED]> wrote on 12/12/2007 04:12:45 PM:

> Hello, catalyst.
>
> I've found some problem during developing Catalyst application.
> When app can't connect to database it shows error full stack info
> together  with db_username and db_password. I just want to handle
> error in other way - may be localized error message and a part of
> stack data.
>
> How can I handle errors custom may be you know some FAQ?

Turn off debug on your live site?

http://search.cpan.org/dist/Catalyst-Manual/lib/Catalyst/Manual/Tutorial/Debugging.pod

-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] BBC's "Perl on Rails" nuttiness

[Wade . Stuart]

Dave Howorth <[EMAIL PROTECTED]> wrote on 12/03/2007 05:44:06 AM:

> >>> You have to remember that Siemens are responsible for ensuring
the
> >>> stability of the public facing infrastructure.
> >>> This makes it important not to introduce new modules, or upgrade
> >>> existing modules, without an extensive
> >>> testing period to make sure it works with all existing
> applications. The
> >>> trouble with this is that it is easier to
> >>> keep stable (or work around existing known problems) by not
installing
> >>> anything new.
> >>>
> >> Sure - but as I understand BBC is their client and this policy
makes
> >> the life of BBC programmers pretty miserable.
> >>
> > Yes, it does make for a pretty frustrating work environment
> > sometimes and although Siemens should
> > be working for the BBC it often feels like the other way around.
> >
> > Seems poorly thought out.
>
> There's one point that hasn't been stressed that I think is very
> important. The problem isn't technical, it's commercial.
>
> The BBC have outsourced some work to Siemens. It's certainly the case
> that to maintain stability Siemens would need to do testing but I
> imagine the main factor from their point of view is that *it provides
> extra revenue*. I don't know about this contract but on another I'm
> aware of they like nothing better than having the client request a new
> feature :)
>
> Without knowing the reasons why the BBC chose to outsource and the
> contract details, it really isn't possible to say whether it's a
> sensible arrangement. Sure it makes developers' lives more difficult,
> but that's not the main goal to be optimized.
>
> Cheers, Dave

Last time I dealt with a Siemans "managed" system it was using a very old
and outdated (never patched) SCO openserver install. Mind you this was 2001
and the openserver software version was from 1994 (unpatched,  still had
the -f root remote login hole).  I hope they are being better to the BBC's
bits.

-Wade



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] how to get controller path

[Wade . Stuart]

> Instead of trying to forward to the action that the URI would have
> given them, once they have logged in just redirect them back to the
> stored URL, and let the dispatcher handle it as normal.  This also
> avoids problems where you forward to the action they were requesting,
> and they then bookmark that page, which actually bookmarks the login
> page because the URL didn't change with the ->forward().
>

This is what I consider best practice too.  The only divergences happen
when you are building out the app to support multiple subsessions or
windows -- in which case you will need to handle the flash/session
placeholder a bit differently to avoid a race situation.

-Wade

> I usually handle it like this:
>
> package MyApp::Controller::Root;
> ...
> sub access_denied : Private {
>my ( $self, $c ) = @_;
>
>if ( $c->user_exists ) {
>   $c->abort( 'Access Denied' );
>} else {
>   $c->flash->{ 'login_dest' } = $c->request->path;
>   $c->response->redirect( '/login' );
>}
>return 0;
> }
>
> sub login : Local {
>my ( $self, $c ) = @_;
>
>my $form = $c->model( 'FormFu' )->load_form( 'login.yml' );
>
>if ( $form->submitted_and_valid ) {
>   my $params = $c->request->params;
>   my $email = $params->{ 'email' };
>   my $pass = $params->{ 'password' };
>   if ( $c->login( $email, $pass ) ) {
>  $c->response->redirect( $c->flash->{ 'login_dest' } || '/' );
>   }
>   $c->detach;
>} else {
>   $form->form_error_message( 'Incorrect email or password' );
>}
> }
>
>
> package MyApp;
> ...
> sub assert_roles {
>my ( $self, @roles ) = @_;
>
>if ( ! $self->check_any_user_role( @roles ) ) {
>   $self->detach( '/access_denied' );
>}
>return 1;
> }
>
> package MyApp::Controller::Admin;
> ...
> sub auto : Private {
>my ( $self, $c ) = @_;
>
>$c->assert_roles(qw( Administrator SuperAdmin ));
>return 1;
> }
>
> --
> Jason Kohles, RHCA RHCDS RHCE
> [EMAIL PROTECTED] - http://www.jasonkohles.com/
> "A witty saying proves nothing."  -- Voltaire
>
>
>
> ___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/[EMAIL PROTECTED]/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Re: Ubuntu / Catalyst

[Wade . Stuart]

> On Tue, Nov 13, 2007 at 11:16:54AM +, Richard Jones wrote:
> > Peter Edwards wrote:
> > >Centos 5 == Red Hat Enterprise Linux 5.
> > >For production quality, you can expect it to be pretty stable and I
have
> > >corporate customers running it successfully. It's one of our
development
> > >platforms.
> > >However, note mst's comments about the broken Perl on it. I found that

> > >quite
> > >shocking considering it's supposed to be a premier Linux hosting
platform.
> > >As usual, compiling your own perl and Apache and providing your own
> > >PERL5LIB
> > >dir per live application area is a sane way of going about delivering
> > >standardised live applications you can roll out and support.
> > >
> >
> > Possibly a bit OT now, but as I'm about to set up another production
> > server and was going to use CentOS 5, I'm a bit concerned. Matt
> > mentioned fstab and init, but not as far as I can see Perl - in what
way
> > is Perl broken on CentOS 5?
>
> That's because I was bitching about later Ubuntus, not Dead Rat.
>
> I simply don't consider RH distros a deployment platform you'd choose
unless
> mandated to use them, and prefer to build my own perl if I have to.
>
> CentOS 5's vendor perl will show a 2* performance hit due to their
inability
> to maintain a perl package.
>
> Just Don't.

  While I mostly agree with Matt's take on unix/linux issues -- I will
give my support to Cent/RH here.  It is true,  they have had some missteps
with perl in the past.  Those tend get resolved fairly quickly. The perl
speed issue listed above is fixed in current patches. RH/Cent has some very
undeniable advantages over ubuntu/suse/flavor of the day.  Some advantages
likely to make a difference in corporations are tight partnerships with
dell and other server vendors (read tightly coupled hardware support and
updates), tight relationships with commercial software vendors (pick 5
software packages that run on linux from different vendors chances are the
common supported platform will be RH and therefore CentOS). It is also not
uncommon to build your own kit for webserver/perl/mysql etc for production
servers no matter what distro you choose -- and run that in parallel to the
distro's build. It makes sense to control the bits that run your
applications.

  In general,  when it comes to linux distros, my belief is that issues
you have with distros can generally be pinpointed down to the administrator
(myself included).  I have used all of the big 6 Linux distros and found
things I like and dislike about all of them.  They are all acceptable for
hosting perl web apps.

-Wade




___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] semi-OT: is it possible to circumvent tests that are related to WWW::Mechanize?

[Wade . Stuart]

"Christopher H. Laco" <[EMAIL PROTECTED]> wrote on 11/02/2007 09:39:31
AM:

> Jonathan Rockway wrote:
> > Matt Lawrence wrote:
> >> I should probably point out that I'm the Module::Mask author, just in
> >> the interests of full disclosure ;-)
> >>
> >
> > How is Module::Mask different from Devel::Hide?
> >
> > Regards,
> > Jonathan Rockway
>
> Or Test::Without::Module?

Seems obvious;

Module::Mask is different from Devel::Hide as underlined.
^^  
and

Module::Mask is different from Test::Without::Module as underlined.
^^  

=)


-Wade


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] MyApp::C::PageHooks - thoughts ?

[Wade . Stuart]

Matthew Pitts <[EMAIL PROTECTED]> wrote on 10/29/2007 03:24:10 PM:

> I wanted to get some thoughts on something a little different that I'm
> doing...
>
> What I want to to have is Controllers that are temporary (i.e. date
> sensitive) that represent a particular "promotion" that's running on a
> site. This promotion may need to affect different areas of the site, but
> I don't want to have $c->forward calls like the following everywhere
> that I need the Promo's code to inject stash data.
>
> $c->forward('Controller::Promos::Foo', 'some_action')
>
> So, I decided to do a form of "hooks" within my app so that any given
> controller can affect the stash for a defined set of hooks.
>
> Below is the first run of my code to implement this. Basically, I
> override Controller->register_actions and run through all the
> controllers looking for C->config->{pagehooks} and build a local hashref
> containing the hook definitions.
>
> Then, in all the places throughout the app that are defined as
> "hookable" I just do a:
>
> $c->forward('Controller::PageHooks', 'run_hook', 'hook_name', [ 'arg1',
> 'arg2' ]);
>
> and it "just works".
>
> The main advantage with is that I can remove the promo's controller and
> don't need to change any other controllers. I can even get my design
> guys to code their templates in such a way that when the promo expires,
> every place on the site affected by the promo magically goes back to
> pre-promo look-and-feel.
>
> Any thoughts on my level of sanity here?

Why not just store promos in the database and have a static controller that
acts on active promos?  No changing application code for the promo.  easy
to do future promos too as you can have an epoch start and end time for the
promo in the db tables that the controller takes into account.



___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/

Re: [Catalyst] Hypothetical Site and Scalability Planning

[Wade . Stuart]

"J. Shirley" <[EMAIL PROTECTED]> wrote on 10/26/2007 02:30:43 PM:

> On 10/26/07, Mesdaq, Ali <[EMAIL PROTECTED]> wrote:
> Hey All,
> Just wanted to start a thread about scalability planning and design.
> I was thinking we could take the approach of what peoples opinions,
> ideas, and best practices are for large scale sites and use a
> hypothetical site or a existing site as the model to plan for. Not
> everything discussed needs to be catalyst only it could be general
> web server configs or something similar.
> For example how would you guys approach a project where you needed
> to create a site like a myspace.com or similar with 0 current users
> but could surpass 1 million users in 1 month then 100 million in 1
> year. I am interested to see the opinions and designs people would
> have to deal with that type of scalability. I mean even simple
> issues become very complex with those numbers. Like where and how to
> store photos. Should they be stored on filesystem, db, or external
> sites like akamai. What web server should be used? Apache? Should it
> be threaded version? How does that affect catalyst and its modules
> are they all thread safe or is threaded apache not even the way to go?
>
> Here's my opinions on the matter:
> 1) Start out with memcached in place.  It scales well, and use it.
> Use PageCache where you can.

Seconded

> 2) Store images in something that is for storing data, not files.
> Storing images as files means you are stuck with some file system
> format that binds you unnecessarily.  Things like S3, Akamai or your
> own homegrown MogileFS cluster gives you an API into the data.
> Granted, you could do the same for NFS or whatever, and just write a
> good compatibility API, you are largely duplicating the work of the
> previous tech.  If you use S3, setup your image servers to cache for
> a loong time (on disk).  Pull from S3, and store it for as long
> as you reasonably can.  This area a lot of people get wrong and then
> get stuck with costly migrations.

NFS gets a bad wrap,  as long as you do sane planning and lay it out
properly NFS works very very well for servicing static files to the
webservers.  Breaking out to S3 seems silly (Amazon is out to make money
with S3 and if you do it yourself you should be able to do it for less
cost),  KISS works wonders as long as you think about usability.  Get a
Sysadmin to think out the NFS side realistically (Masters with multi read
onlys etc).




> 3) Use database replication strategies where you can.  In the F/OSS
> world, MySQL is outshining PostgreSQL with this.  InnoDB removes a
> lot of the complaints that folks have about MySQL but there is
> always evangelism against MySQL.  If it works for you, just take it
> in stride - a LOT of high traffic sites use MySQL; you can usually
> get some insight from them.  MySQL allows InnoDB on the master, and
> MyISAM on the slaves -- gets you faster read times, and tends to not
> block on inserts that bad -- and then as you grow it is easier to
> grow into a full blown MySQL cluster... but at that point, you have
> enough money to thoroughly explore every option available.

MySQL will be getting a huge dump o code from google in the next 6 months.
Most of it relating to Replication.  Agree, do not build your own.  No
matter what Database you choose have a well rehearsed plan in place for
disasters.


> 4) You'll have to tune Apache or whatever web server you have to
> your specific app.  Every app has different usage patterns, and
> you'll have to customize your web server accordingly.  This is where
> starting from scratch pays off -- you can experiment and see what
> improves performance.

Apache and light are the two major contenders here,  really tho, spend a
lot of time on reverse proxy servers vs the web servers.  a smart rev proxy
that can transparently divy up to dedicated (compartmentalized) web app
servers/images servers/file servers will save you a _ton_ of time and
headaches when


>
> Another piece of advice: Don't look at requests per second as the
> idea of webserver scalability -- sure, you want to have efficient
> code, but that is just efficient code measurement; not scalability.
> Look at it this way: How many webservers do I need to add to my
> cluster to double traffic.  If there answer is more than two, start
> looking at bottlenecks.  If it is two, and you are still near peak
> usage, look at bottlenecks.  If you add two, and everything is
> running smooth then you are probably in good shape.

Exactly,  also the frontend proxy servers will probably start off at 1/1 or
1/2 ratios to the webservers and as you add more webservers for load you
will drop down to 1/4 -> 1/8(or less) depending on what your site is
actually serving (larger long running downloads and file serving usually
men the ratio will remain high).

>
> Now start worrying about your databases :)



>
> Hope this helps, it is an area I have some experience in and find fun.
>
> -J
>
> --
> J. Shirley 

Re: [Catalyst] [OT] Firefox input type=image issues?

[Wade . Stuart]

Christopher,

  I have run into this issue as well,  every time it appeared to be
because one or more web developer extensions were loaded on the client and
were causing the issue.  I have not tracked it down to which ones or the
settings that seem to cause it (greesemonky, firebug, etc),  but removing
firefox and doing a fresh install nix any extensions/plugins seems to fix
it.

-Wade


"Christopher H. Laco" <[EMAIL PROTECTED]> wrote on 10/26/2007 10:04:36
AM:

> I posted this to UP, and wondered if anyone has run across this issue
> during their Catalyst hacking sessions.
>
> There's a long standing bug/feature with Firefox with input type=image
> elements.  When the user has images turned off, the image is 404ed or
> just not loaded...when it's clicked, no x/y coords are sent to the
server.
>
> Just this week, we've had complaints from users getting an error on our
> site they shouldn't. As it turns out, they get the error because we
> check to make sure button.x and button.y have values...but Firefox is
> passing them without values.
>
> Now, for the odd part. This is happening to people who by all
> appearances, have the image loaded. My Firefox 2/3 work just dandy, yet
> we have one internal user who gets the error (but the image is loaded
> via a provided screenshot).
>
> I have no idea what the hell is going on, but it's damn strange. This is
> about as much fun as the other gecko bug I found in the old Compuserve7
> version, where if you used javascript to hide a button after it was
> clicked, the browser would post nothing with a Content-Length: 0.
>
> Anyone else seen this before?
>
> I can check the request elements to make sure button.x and butt.y were
> sent, even without values to fix the problem, but at this point I'd like
> to know what's really going on here.
>
> -=Chris
>
>
> --
> Let them eat cake and false positives.
>
> -BEGIN NSATT SNOOP BLOCK-
> building bomb tower terrorist grenade c4 explosive plot hijack
> plane police feds white house guns dirty device convoy president
> war chemical death drop off mule undercover launch rocket drug
> covert cell cerin mass infidel Allah package subway mass
> --END NSATT SNOOP BLOCK--
>
> [attachment "signature.asc" deleted by Wade
> Stuart/FALMSP/USA/NA/FALLON]
___
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
http://www.mail-archive.com/[EMAIL PROTECTED]/
> Dev site: http://dev.catalyst.perl.org/


___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
Dev site: http://dev.catalyst.perl.org/