Re: [Catalyst] mod_fcgid on win32
Hi fREW, > Ok, so I may be getting somewhere with this, but I can't tell. > > I installed the .dll found here: http://www.fastcgi.com/dist/ and now my > config looks like the following: > > Considering that the mentioned DLL is dated 2007 it is very likely to be buggy on Win32 Apache + Catalyst. Have you checked this article on catalyst wiki? (BTW: the first google hit for: apache win32 mod_fastcgi catalyst) http://wiki.catalystframework.org/wiki/deployment/apache_fastcgi_win32 -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] mod_fcgid on win32
Hi, > Ok, so I may be getting somewhere with this, but I can't tell. > > I installed the .dll found here: http://www.fastcgi.com/dist/ and now my > config looks like the following: > > ... > > Any ideas on what I might try next? Have you tried the mod_fastcgi binaries and config example described on catalyst wiki? http://dev.catalystframework.org/wiki/deployment/apache_fastcgi_win32 -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] [ANNOUNCE] Catalyst-Runtime 5.80015
Hi t0m, 1) in the end I have reverted r12210 myself (see r12225) 2) on clean Win32/strawberry perl 5.8.9 and 5.10.1 the Catalyst::Runtime r12225 pass all tests 3) meanwhile I have also fixed some Win32 issues in Catalyst::Devel (see r12224) - however the current SVN trunk has some failing test(s) that does not seem to be Win32 specific -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] [ANNOUNCE] Catalyst-Runtime 5.80015
Hi t0m, sorry for making troubles, but could you please revert this commit (skipping one of the utf8 related tests): http://dev.catalystframework.org/svnweb/Catalyst/revision/?rev=12210 It seems that the failing test #6 (t/aggregate/utf8_content_length.t) was failing only on my perl 5.8 dev env (which might be considered strange in many ways) - I was not able to reproduce it on clean perl install. The IMPORTANT is - it was not off-by-one failure (so perhaps something completely different than the failure originally reported by Octavian). To sum up: - please revert 12210 - I will do more Win32 testing with the current trunk -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] [ANNOUNCE] Catalyst-Runtime 5.80015
Hi,
here is a patch that solves a part of the problem:
---
Catalyst-Runtime-5.80014_02.orig/t/lib/TestAppEncoding/Controller/Root.pm
+++ Catalyst-Runtime-5.80014_02/t/lib/TestAppEncoding/Controller/Root.pm
@@ -8,7 +8,7 @@
sub binary : Local {
my ($self, $c) = @_;
-$c->res->body(do { open(my $fh, '<', $c->path_to('..', '..',
'catalyst_130pix.gif')) or die $!; local $/ = undef; <$fh>; });
+$c->res->body(do { open(my $fh, '<', $c->path_to('..', '..',
'catalyst_130pix.gif')) or die $!; binmode($fh); local $/ = undef;
<$fh>; });
}
however it solves just failing test 3 in
t/aggregate/utf8_content_length.t but not failing test 6 (at least on my
Windows box). To be honest I have no idea what exactly is test 6 good for.
--
kmx
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Creating Catalyst Models from MSSQL
Hi, > state=1 line=1 server=MyServer text=Invalid object name > 'sysrowsetcolumns'. > [for Statement "SELECT * FROM sysrowsetcolumns WHERE ( 1 = 0 )"] at > > /usr/lib/perl5/site_perl/5.8.8/Catalyst/Helper/Model/DBIC/Schema.pm > > line 173' At least on MSSQL 2008 sysrowsetcolumns and some other views are hidden and cannot be queried like "SELECT * FROM sysrowsetcolumns". The reported error is probably an issue somewhere in DBIx::Class::Schema::Loader (but they are not claiming to support MSSQL - unfortunately). > I also seem to remember reading or hearing that DBD::ODBC > may be a better solution for MSSQL, but don't quote me on that. DBD::ODBC is a pretty good option that I would recommend if you are on a Win32 system. I am afraid you will not be able to use DBD::ODBC for MSSQL connection from a UNIX system. -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [SPAM] Re: [Catalyst] Session id creation
Hi,
> I'm fairly convinced that we should at least give the user the option
> to be extra paranoid if they want to, and we should add additional
> documentation about potential issues.
>
> I just haven't had time to work on any of this yet, it's somewhere on
> my list - but if anyone else wants to volunteer patches, then they're
> very welcome as always ;)
I have done some research and found out that it would be nice to have
the following 2 methods available in Catalyst::Plugin::Session
1) a method that just changes the sessionid but keeps all session data
2) a method that starts completely new session - new sessionid, new
cookie, clean session data (just necessary internal items like __user,
__user_realm, ...)
Then after (or during) authenticate() I can decide to: call method 1) OR
call method 2) OR do nothing.
ad 1) - my proposal is something like this:
sub change_session_id {
my $c = shift;
my $oldsid = $c->_sessionid;
my $newsid = $c->create_session_id;
# deleting old session data from store
# current $c->_session will be saved under a new sessionid
if ($oldsid) {
$c->log->debug(qq/Deleting session data for "$oldsid"/) if $c->debug;
$c->delete_session_data("${_}:${oldsid}") for qw/session expires flash/;
}
return $newsid;
}
And I can simply use it in my login action like this:
if ($c->authenticate( { username => $user, password => $pass } )) {
$c->change_session_id;
...
}
ad 2) - despite the fact that it seems to be as simple as creating a new
session - it is not (at least I was not able to easily: delete-create).
We are gonna call it after authenticate() and we cannot just drop all
session data because after authenticate the session data contains info
like '__user' etc. that we want to keep. I have not found out "nice"
solution - this is just sort of idea:
sub restart_session {
my $c = shift;
my $newsid = $c->change_session_id; # new session id (clears session
data from store)
$c->_clear_session_instance_data; # clear session_instance data
$c->initialize_session_data;# store __created __updated
__address
$c->persist_user if ($c->user); # store __user_realm __user
return $newsid;
}
And I can again simply use it in my login action like this:
if ($c->authenticate( { username => $user, password => $pass } )) {
$c->restart_session;
...
}
To be honest it is still quite hard for me to follow the whole catalyst
session stuff thus my suggestion might be slightly out of a cat session
concept. Any feedback welcome.
--
kmx
___
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
[SPAM] Re: [Catalyst] Session id creation
> http://dev.catalyst.perl.org/repos/Catalyst/Catalyst-Plugin-Session/0.00/trunk/t/live_session_fixation.t > > > I specifically wrote a test for this, however it's a test and not > comprehensive, and I can't see without spending time to take a > detailed look again if your case is proved or disproved by this test. > > If what you're saying is true, then it's session fixation and fairly > bad news - needs fixing. > According to my tests against real application t0m is right and this straightforward session fixation attack does not work. On the other hand there exists (at least in my opinion) another sort of session fixation issue in Catalyst application discussed here http://rt.cpan.org/Public/Bug/Display.html?id=46318 - however I was not able to convince Jayk that it is a real issue :) -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] 5.80005: $c->req->remote_user and apache: excluding actions from authentication
> Erm, no - $c->authenticate will _always_ succeed if you're using > Credential::Remote, as the web server above you will have always > authenticated you already.. In fact there are some situations where Credential::Remote's authenticate(..) can fail: - REMOTE_USER is not set or is empty (= no authentication was performed on Apache level) - REMOTE_USER did not pass allow_regexp / deny_regexp check - and of course if your Catalyst::Authentication::Store does not know the REMOTE_USER (this is not gonna happen if you are using C::A::Store::Null) You can look into source code - it is not so complicated. -- kmx ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
