Apache 1.3.14 and Mod_Perl
I am new to Apache and Mod_Perl and I have a question. I am running Red Hat 6.0 on an Intel machine. I loaded the Server setup. Apache 1.3.6 is loaded and runs fine. I was able to load and run Mod_Perl RMS package from Red Hat as DSO. I want to upgrade to Apache 1.3.14 and latest version of Mod_Perl. Here are the steps I took to load Apache 1.3.14. /etc/rc.d/init.d/httpd stop I downloaded Apache_1.3.14.tar.gz to the /usr/src directory tar zvxf apache_1.3.14.tar.gz ./configure --prefix=/usr/local/apache make make install /usr/local/apache/bin/apachectl start I verified that Apache 1.3.14 is now running. How do I install the latest version of Mod_Perl? Every time I try to install it I receive a message stating I need Apache 1.3.0 and then it aborts. I tried Mod_Perl version 1.19, 1.21, and 1.24 and I receive the same error. Any input would be appreciated and I hope this is the right address to send my question. Ann.
Re: ht_time vs. strftime
On Mon, 16 Oct 2000, David E. Wheeler wrote:
Matt Sergeant wrote:
On Mon, 16 Oct 2000, David E. Wheeler wrote:
I'm confused. Why are you using gmtime then?
Because if no time is supplied, I want it to default to GMT. I'm setting
up an app in which the database will store date/time in GMT only, but
will serve it out to users in their own local timezones. So sometimes
it'll be GMT and sometimes it won't.
Gotcha.
BEGIN {
if ($ENV{MOD_PERL}) {
use Apache::Util;
$format_date = \Apache::Util::ht_time;
} else {
use POSIX;
$format_date = sub {
POSIX::strftime($_[1] || $_[0] ? "%a, %d %b %Y %T %Z" :
"%a, %d %b %Y %T GMT", $_[0] ? localtime($_[0]) :
(gmtime)[0..7]);
};
}
}
You should still switch to Time::Object. Loading POSIX.pm still loads in
the .so which contains loads of cruft for things you don't
want/need. Whereas loading Time::Object is a lot smaller. Of course I'm
not sure how you'd fix the isdst thing with Time::Object, since it does
strftime internally...
--
Matt/
/||** Director and CTO **
//||** AxKit.com Ltd ** ** XML Application Serving **
// ||** http://axkit.org ** ** XSLT, XPathScript, XSP **
// \\| // ** Personal Web Site: http://sergeant.org/ **
\\//
//\\
// \\
Re: Apache 1.3.14 and Mod_Perl
Annette wrote: I am new to Apache and Mod_Perl and I have a question. I am running Red Hat 6.0 on an Intel machine.I loaded the Server setup.Apache 1.3.6 is loaded and runs fine. I was able to load and run Mod_Perl RMS package from Red Hat as DSO. I want to upgrade to Apache 1.3.14 and latest version of Mod_Perl.Here are the steps I took to load Apache 1.3.14. /etc/rc.d/init.d/httpd stopI downloaded Apache_1.3.14.tar.gz to the /usr/src directorytar zvxf apache_1.3.14.tar.gz./configure --prefix=/usr/local/apachemakemake install/usr/local/apache/bin/apachectl start I verified that Apache 1.3.14 is now running. How do I install the latest version of Mod_Perl? Every time I try to install it I receive a message stating I need Apache 1.3.0 and then it aborts.I tried Mod_Perl version 1.19, 1.21, and 1.24 and I receive the same error. Any input would be appreciated and I hope this is the right address to send my question. Ann. Hi When the use configure, try "configure --help" to see options for apache building, and you will see that you should add "--enable-module=so" to build apache with a share core and "--enable-module=perl" for perl. Hope it's help -- Don't be irreplaceable, if you can't be replaced, you can't be promoted.
Re: Apache 1.3.14 and Mod_Perl
At 23:59 16/10/2000 -0700, Annette wrote: How do I install the latest version of Mod_Perl? Every time I try to install it I receive a message stating I need Apache 1.3.0 and then it aborts. I tried Mod_Perl version 1.19, 1.21, and 1.24 and I receive the same error. You need 1.24_01 to work with Apache 1.3.14 because of a tiny bug that prevents mod_perl's setup from parsing Apache's version number properly. You can grab it from http://perl.apache.org/dist/mod_perl-1.24_01.tar.gz. Alternatively, you can play with Makefile.PL to get it to return the version number you know is true, but it's probably faster this way. -- robin b. After all, what is your hosts' purpose in having a party? Surely not for you to enjoy yourself; if that were their sole purpose, they'd have simply sent champagne and women over to your place by taxi.
A chapter about Apache-modules programming in C
http://www.performancecomputing.com/books/book_preview2_pf.htm
Remembering Authentication
Hi all Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? I have managed to authenticate a user once through some text fields on a HTML page but unfortunately this does not make the browser remember the user's authentication information. On subsequent requests tothe same secure area apache requires that the user enters their credentials again. Is there a way around this? If so any help would be appreciated. Thanks Ian
Re: Remembering Authentication
Hi - Original Message - From: "Ian Frawley" [EMAIL PROTECTED] Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? 2 words: digital certificates This probably means a lot of infrastructure [LDAP, CA, smart cards ...], but it will let your users authenticate without doing anything more than clicking the certificate they want to use for authentication. \js
Re: Apache 1.3.14 and Mod_Perl
Here's what I would do: Remove the rpm version of apache: # rpm -e packagename If you want to use the start up files that are part of that package just copy them some where since they'll be removed. Build the source version following the directions in the mod_perl document called INSTALL.apaci under the heading "The flexible way". Unless you have a specific reason for it, I wouldn't bother with building it as a DSO. It's usually not a problem on Linux but it adds a level of complexity. I used mod_perl 1.24_01 with Apache 1.3.14 last time and had no problems with the build. --Jeff On Mon, 16 Oct 2000, Annette wrote: I am new to Apache and Mod_Perl and I have a question. I am running Red Hat 6.0 on an Intel machine. I loaded the Server setup. Apache 1.3.6 is loaded and runs fine. I was able to load and run Mod_Perl RMS package from Red Hat as DSO. I want to upgrade to Apache 1.3.14 and latest version of Mod_Perl. Here are the steps I took to load Apache 1.3.14. /etc/rc.d/init.d/httpd stop I downloaded Apache_1.3.14.tar.gz to the /usr/src directory tar zvxf apache_1.3.14.tar.gz ./configure --prefix=/usr/local/apache make make install /usr/local/apache/bin/apachectl start I verified that Apache 1.3.14 is now running. How do I install the latest version of Mod_Perl? Every time I try to install it I receive a message stating I need Apache 1.3.0 and then it aborts. I tried Mod_Perl version 1.19, 1.21, and 1.24 and I receive the same error. Any input would be appreciated and I hope this is the right address to send my question. Ann.
Re: Remembering Authentication
Is it not just possible through a perl module as I am not very clued up on digital certificates. Thanks Ian - Original Message - From: "John Saylor" [EMAIL PROTECTED] To: "Ian Frawley" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 17, 2000 8:24 AM Subject: Re: Remembering Authentication Hi - Original Message - From: "Ian Frawley" [EMAIL PROTECTED] Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? 2 words: digital certificates This probably means a lot of infrastructure [LDAP, CA, smart cards ...], but it will let your users authenticate without doing anything more than clicking the certificate they want to use for authentication. \js
Re: Remembering Authentication
Hi - Original Message - From: "Ian Frawley" [EMAIL PROTECTED] Is it not just possible through a perl module as I am not very clued up on digital certificates. Well, you have to have some credentials- and if it's not a cookie [bad idea anyway], and if it's not a username/password- what would it be? You could have IP address based authentication, but this is probably more prone to misconfiguration and forgery than digital certificates. How important is access control to your application? In other words, where is the line on how much effort you [and your users] are going to put into security at the expense of convenience? \js
Re: Remembering Authentication
There's no way to use basic authentication (the stuff inside HTTP) from web pages... you can't tell a browser "use this form to ask your user for passwords". If you want to manage authentication in web pages, you have to build the whole authentication/session management system yourself. Since you don't want to use cookies, you will have to preserve state on the server side and redirect the client to all sorts of ugly URLs with unique IDs embedded inside. Or you could embed the username and password in the URLs, which would probably be dangerous from the security perspective and would probably make users cringe, but would let their browser send that information at each request. BUT if your only objection to basic authentication is the "unfriendly" login box provided by their browser, you should probably accept that the web is not a medium whereby you should expect or try to mold the complete user interface. The popup box that says "Enter password for Bob's Secure Area" might not have your logos and banner ads, but the user will understand what it means. On some browsers they will even be able to do useful things like save that password for future sessions. Sure, you could program this whole thing yourself, but unless you really need a more sophisticated user structure this way really isn't that bad. Remember: "less is more." shimon. On Tue, Oct 17, 2000 at 02:20:22PM -0500, Ian Frawley wrote: Hi all Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? I have managed to authenticate a user once through some text fields on a HTML page but unfortunately this does not make the browser remember the user's authentication information. On subsequent requests to the same secure area apache requires that the user enters their credentials again. Is there a way around this? If so any help would be appreciated. Thanks Ian
Re: Remembering Authentication
Security is very important as the user will be buying something and I have to distinguish if the user is a casual browser[rules out smart cards] or a regular shopper. Casual browsers need to be told how wonderful our content is and asked 1)do they want to sign up or 2) Do they want to make an immediate credit card payment[rules out smart cards again]. Where as regular shoppers(subscribers) can just login. Ian - Original Message - From: "John Saylor" [EMAIL PROTECTED] To: "Ian Frawley" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 17, 2000 8:48 AM Subject: Re: Remembering Authentication Hi - Original Message - From: "Ian Frawley" [EMAIL PROTECTED] Is it not just possible through a perl module as I am not very clued up on digital certificates. Well, you have to have some credentials- and if it's not a cookie [bad idea anyway], and if it's not a username/password- what would it be? You could have IP address based authentication, but this is probably more prone to misconfiguration and forgery than digital certificates. How important is access control to your application? In other words, where is the line on how much effort you [and your users] are going to put into security at the expense of convenience? \js
Re: Remembering Authentication
What if the user added his username and password to the URL? If they are valid the application could add those parameters to all links/form actions, but the plaintext password would be replaced with some parameter that would be good for the next access and expire after a specified period of time. The inital URL could be generated from a fill-out form. -Todd On Tue, 17 Oct 2000, John Saylor wrote: Hi - Original Message - From: "Ian Frawley" [EMAIL PROTECTED] Is it not just possible through a perl module as I am not very clued up on digital certificates. Well, you have to have some credentials- and if it's not a cookie [bad idea anyway], and if it's not a username/password- what would it be? You could have IP address based authentication, but this is probably more prone to misconfiguration and forgery than digital certificates. How important is access control to your application? In other words, where is the line on how much effort you [and your users] are going to put into security at the expense of convenience? \js
Re: Remembering Authentication
On Tue, 17 Oct 2000, Shimon Rura wrote:
|There's no way to use basic authentication (the stuff inside HTTP) from web
|pages... you can't tell a browser "use this form to ask your user for
|passwords".
#untested code
use URI::Escape;
use CGI;
$q=new CGI;
$l=uri_escape($q-param('login'),'^A-Za-z0-9');
$p=uri_escape($q-param('password'),'^A-Za-z0-9');
print $q-redirect("http://$login:$password@$ENV{HTTP_HOST}/path");
Re: Remembering Authentication
On Tue, 17 Oct 2000, Nicolas MONNET wrote:
|On Tue, 17 Oct 2000, Shimon Rura wrote:
|
||There's no way to use basic authentication (the stuff inside HTTP) from web
||pages... you can't tell a browser "use this form to ask your user for
||passwords".
|
|#untested code
|use URI::Escape;
|use CGI;
|$q=new CGI;
|$l=uri_escape($q-param('login'),'^A-Za-z0-9');
|$p=uri_escape($q-param('password'),'^A-Za-z0-9');
|print $q-redirect("http://$login:$password@$ENV{HTTP_HOST}/path");
ouch:
print $q-redirect("http://$l:$p\@$ENV{HTTP_HOST}/path");
Re: Remembering Authentication
I should probably place a plug and say that the open source extropia authentication framework for Perl handles digital certificates, session's with and without cookies, the unfriendly login screen, form-based logon screens in it's default capacity. As a company working on real projects, we've also adapted it to 3rd party authentication schemes so our applications could plug into proprietary auth mechanisms including a couple banks and a WAP portal (where asking passwords is a pain for WAP users). The free stuff is in the extropiaperl project at sourceforge.net and the docs are at http://www.extropia.com/ExtropiaObjects/ including an extremely detailed chapter on the basic choices you basically have related to auth on the web. Later, Gunther PS It was mentioned you probably need LDAP for certs. The key word is probably. But it does add an additional layer of security and many *IMPLEMENTATIONS* of using digital certificates require the use of LDAP as a lookup data store to double check that the cert has not been revoked in real-time. However, digital certs are not for the faint of heart, they aren't cross browser friendly, are a pain in the ass to mint unless you have bought a 3rd party digital cert mechanism (or force the user to get one at Verisign), and require the use of SSL throughout the entire user session. At 02:40 PM 10/17/00 -0500, Ian Frawley wrote: Is it not just possible through a perl module as I am not very clued up on digital certificates. Thanks Ian - Original Message - From: "John Saylor" [EMAIL PROTECTED] To: "Ian Frawley" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 17, 2000 8:24 AM Subject: Re: Remembering Authentication Hi - Original Message - From: "Ian Frawley" [EMAIL PROTECTED] Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? 2 words: digital certificates This probably means a lot of infrastructure [LDAP, CA, smart cards ...], but it will let your users authenticate without doing anything more than clicking the certificate they want to use for authentication. \js
Re: Remembering Authentication
From: "Nicolas MONNET" [EMAIL PROTECTED]
print $q-redirect("http://$l:$p\@$ENV{HTTP_HOST}/path");
Ack! Can anybody find a bigger security hole than this?
Rodney Broom
Re: Remembering Authentication
On Tue, 17 Oct 2000, Rodney Broom wrote:
|From: "Nicolas MONNET" [EMAIL PROTECTED]
|
| print $q-redirect("http://$l:$p\@$ENV{HTTP_HOST}/path");
Like what?
Re: Remembering Authentication
The problem for me with cookies is the fact that we are going to be serving WAP phones that don't like cookies for obvious reasons. The only thing I can think of is using server side cookies thatare destroyed at the end of the user session.Perhaps relating the server side cookie to a Session ID storing the users password and username to compare against. The problem with this is that I can't seem to install the AuthCookie module from cpan. DOH!!! Ian - Original Message - From: [EMAIL PROTECTED] To: Ian Frawley Cc: [EMAIL PROTECTED] Sent: Tuesday, October 17, 2000 10:05 AM Subject: Re: Remembering Authentication Ian, Using cookies is just one way of overcoming the stateless nature of http. The other ways that I know of are to modify the url in some way or to put a hidden field in a form. The latter only works if you're processing forms of course so for general viewing, you need to modify the URL. There are two ways that I have heard about. 1. modify the url to include a session key in the path. To serve html pages you'd need to write a custom content handler to rewrite all your outgoing page links to include the session key. I haven't seen one on CPAN, please let me know if you find one, I could use it too ! 2. authenticate the users and then redirect to a fake host session.www.somecorp.com/page/you/wanted/. Then you use a custom handler at the translation phase to strip the session key and recover the user name from whatever session store you're using. I haven't got beyond cookies myself but these are both avenues I need to explore in the next few months. HTH, Simon Wilcox From "Ian Frawley" [EMAIL PROTECTED]Date 17 October 2000 To [EMAIL PROTECTED] Time 19:20 Copy to (bcc: Simon Wilcox/BASE/WilliamsLea) Bcc Simon Wilcox/BASE/WilliamsLea Fax to Subject Remembering AuthenticationHi allIs it possible to authenticate a user without having to use the unfriendly loginbox provided by browsers, without using cookies?I have managed to authenticate a user once through some text fields on a HTMLpage but unfortunately this does not make the browser remember the user'sauthentication information. On subsequent requests to the same secure areaapache requires that the user enters their credentials again.Is there a way around this? If so any help would be appreciated.ThanksIan __ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email.
Re: Remembering Authentication
Why not just write the app to use session and store to the db. It is not hard to do. Auth to db/ldap cook up a digest with $$, username, and remote_ip. Store all userinfo in Storable object in the db/ldap. GET http://some.where.net/?sessionID=md5 digest POST input type=hidden name=sessionID value=md5 digest No worrying about browser type, client configuration... you should be all set. Stay away from cookies. Cookies are bad when you have paying customers!!
[OT]logging Apache processes w/rotatelogs
hi, is anyone using rotatelogs ? I have a bunch of virtualdomains, each with its own, separate log. Then I'm running three different apache binaries (that resulting in a whole lot of daemons). Now I'm trying to use rotatelogs, and I find the pipes are kept open, so I have a *lot* of rotatelogs processes running. A *LOT* of them, believe me. They don't seem to hurt the load averages nor the memory, but I wonder if there might be any problem running so many of them, like, erm, hitting a max-processes count? martin
Re: [OT]logging Apache processes w/rotatelogs
martin langhoff [EMAIL PROTECTED] writes: They don't seem to hurt the load averages nor the memory, but I wonder if there might be any problem running so many of them, like, erm, hitting a max-processes count? Yes. There are plenty of counter examples floating around. Mostly involving moving log files away then doing a graceful restart. -- Dave Hodgkinson, http://www.hodgkinson.org Editor-in-chief, The Highway Star http://www.deep-purple.com Apache, mod_perl, MySQL, Sybase hired gun for, well, hire -
Re: ht_time vs. strftime
Matt Sergeant wrote: You should still switch to Time::Object. Loading POSIX.pm still loads in the .so which contains loads of cruft for things you don't want/need. Whereas loading Time::Object is a lot smaller. Of course I'm not sure how you'd fix the isdst thing with Time::Object, since it does strftime internally... Perhaps you could add something like ht_time() has - it takes a third argument indicating whether the time passed is UTC. If it is, it uses gmtime internally, otherwise it uses localtime. And it looks like ht_time()'s implementation of gmtime() properly returns the time zone and doesn't add in DST stuff. Is that doable in Time::Object, or are you using Perl's gmtime() there? http://src.openresources.com/debian/src/web/HTML/S/ncsa_1.4.2.orig%20ncsa-1.4.2.orig%20src%20util.c.html#117 David -- David E. Wheeler Phone: (415) 645-9365 Software Engineer Fax: (415) 645-9204 Salon Internet ICQ: 15726394 [EMAIL PROTECTED] AIM: dwTheory
Re: Remembering Authentication
AuthCookie won't help you here, it still sends a cookie back to the client. Whatever you do, you will need to modify the response to the client to contain a session id somewhere where you can get it back. From what you've said, you will need to modify the url in some way. It doesn't matter whether you store information in a server-side store or in the session key itself, you still need to stick it in the url somewhere and make sure that all relative links contain that key. Is there a handler out there that can munge relative urls in this way for static pages, perhaps as part of an Apache::Filter chain ? HTH, S. From "Ian Frawley" [EMAIL PROTECTED] Date 17 October 2000 To Simon Wilcox/BASE/WilliamsLea@WilliamsLea, Time 21:30 [EMAIL PROTECTED] Copy to Bcc Fax to Subject Re: Remembering Authentication The problem for me with cookies is the fact that we are going to be serving WAP phones that don't like cookies for obvious reasons. The only thing I can think of is using server side cookies that are destroyed at the end of the user session. Perhaps relating the server side cookie to a Session ID storing the users password and username to compare against. The problem with this is that I can't seem to install the AuthCookie module from cpan. DOH!!! Ian - Original Message - From: [EMAIL PROTECTED] To: Ian Frawley Cc: [EMAIL PROTECTED] Sent: Tuesday, October 17, 2000 10:05 AM Subject: Re: Remembering Authentication Ian, Using cookies is just one way of overcoming the stateless nature of http. The other ways that I know of are to modify the url in some way or to put a hidden field in a form. The latter only works if you're processing forms of course so for general viewing, you need to modify the URL. There are two ways that I have heard about. 1. modify the url to include a session key in the path. To serve html pages you'd need to write a custom content handler to rewrite all your outgoing page links to include the session key. I haven't seen one on CPAN, please let me know if you find one, I could use it too ! 2. authenticate the users and then redirect to a fake host session.www.somecorp.com/page/you/wanted/. Then you use a custom handler at the translation phase to strip the session key and recover the user name from whatever session store you're using. I haven't got beyond cookies myself but these are both avenues I need to explore in the next few months. HTH, Simon Wilcox From "Ian Frawley" [EMAIL PROTECTED] Date 17 October 2000 To [EMAIL PROTECTED] Time 19:20 Copy to (bcc: Simon Wilcox/BASE/WilliamsLea) Bcc Simon Wilcox/BASE/WilliamsLea Fax to Subject Remembering Authentication Hi all Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? I have managed to authenticate a user once through some text fields on a HTML page but unfortunately this does not make the browser remember the user's authentication information. On subsequent requests to the same secure area apache requires that the user enters their credentials again. Is there a way around this? If so any help would be appreciated. Thanks Ian - - __ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email. The problem for me with cookies is the fact that we are going to be serving WAP phones that don't like cookies for obvious reasons. The only thing I can think of is using server side cookies thatare destroyed at the end of the user session.Perhaps relating the server side cookie to a Session ID storing the users password and username to compare against. The problem with this is that I can't seem to
AuthCookie
I'm thinking of adding a "locked out" functionality to AuthCookie/AuthCookieDBI and was wondering if anyone has already attempted or started this. It should function much like NT domain authentication. Thanks, Charles Day IT Symix Systems, Inc.
Re: ht_time vs. strftime
On Tue, 17 Oct 2000, David E. Wheeler wrote: Matt Sergeant wrote: You should still switch to Time::Object. Loading POSIX.pm still loads in the .so which contains loads of cruft for things you don't want/need. Whereas loading Time::Object is a lot smaller. Of course I'm not sure how you'd fix the isdst thing with Time::Object, since it does strftime internally... Perhaps you could add something like ht_time() has - it takes a third argument indicating whether the time passed is UTC. If it is, it uses gmtime internally, otherwise it uses localtime. And it looks like ht_time()'s implementation of gmtime() properly returns the time zone and doesn't add in DST stuff. Is that doable in Time::Object, or are you using Perl's gmtime() there? Its doable - I could add in the code for ht_time almost verbatim, although I *am* using Perl's gmtime. -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\
PerlAuthenHandler and DBI:
While the behaviour seems correct from the browser, I am getting errors in
the error_log that may be indicative of some kind of problem:
Here is the relevant snippet of my httpd.conf:
PRE
# Added for Oracle to work. Dan H. 5-oct-2000
#
SetEnv ORACLE_HOME /home/oracle/product/8.1.6
SetEnv LD_LIBRARY_PATH /home/oracle/product/8.1.6/lib
# End Oracle
#
# Added for mod_perl. Dan H. 5-oct-2000
PerlRequire/home/apache/conf/startup.pl
PerlTaintCheck On
PerlWarn On
Alias /survey/ /home/apache/survey/
Location /survey
SetHandler perl-script
PerlSendHeader On
PerlHandler Apache::Registry
Options ExecCGI
#
# Added 16-Oct-2000
#
AuthName SURVEY
AuthType Basic
PerlAuthenHandler AuthSurvey
require valid-user
/Location
# End Perl
#
/PRE
Here is AuthSurvey.pm:
PRE
package AuthSurvey;
# authenticate users into the survey directory on the web server
use strict;
use Apache::Constants ':common';
use DBI;
sub handler {
my $r = shift;
my($res, $sent_pwd) = $r-get_basic_auth_pw();
return $res if $res != OK;
my $user = $r-connection-user;
my $dbh = DBI-connect("DBI:Oracle:targ2","surveydev","surveydev");
my $lt = "select 'password_ok'
from oas_users
where primary_db_user = 'SURVEYDEV'
and oas_user = '".$user."'
and oas_password = '".$sent_pwd."'";
my $login_check = $dbh-selectrow_array($lt);
if ($login_check $login_check eq 'password_ok') {
return OK;
} else {
return AUTH_REQUIRED;
}
}
1;
/PRE
Now, when I browse to the survey directory and enter my username and
password this line appears in the errors_log:
[datestamp] null: ORACLE_HOME environment variable not set!
I've never had this error before, and most of my scripts do access oracle,
always working fine.
Only in this case has it ever appeared.
Any help would be appreciated, or a pointer to some thorough documentation.
thanks!
Dan
Re: Apache 1.3.14 and Mod_Perl
On 17 Oct 2000 Robin Berjon [EMAIL PROTECTED] wrote: At 23:59 16/10/2000 -0700, Annette wrote: How do I install the latest version of Mod_Perl? Every time I try to install it I receive a message stating I need Apache 1.3.0 and then it aborts. I tried Mod_Perl version 1.19, 1.21, and 1.24 and I receive the same error. You need 1.24_01 to work with Apache 1.3.14 because of a tiny bug that prevents mod_perl's setup from parsing Apache's version number properly. You can grab it from http://perl.apache.org/dist/mod_perl-1.24_01.tar.gz. Alternatively, you can play with Makefile.PL to get it to return the version number you know is true, but it's probably faster this way. Why can't I download it with wget? [root@wakko /root]# wget http://perl.apache.org/dist/mod_perl-1.24_01.tar.gz --15:56:47-- http://perl.apache.org:80/dist/mod_perl-1.24_01.tar.gz = `mod_perl-1.24_01.tar.gz' Connecting to perl.apache.org:80... connected! HTTP request sent, awaiting response... 403 Forbidden 15:56:47 ERROR 403: Forbidden. I was able to download it with lynx, however. Wacky. -- /chris "The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd edition, June '72
Re: ht_time vs. strftime
Matt Sergeant wrote: Its doable - I could add in the code for ht_time almost verbatim, although I *am* using Perl's gmtime. Could you not use the same gmtime that ht_time uses? D -- David E. Wheeler Software Engineer Salon Internet ICQ: 15726394 [EMAIL PROTECTED] AIM: dwTheory
Similar scripts in different directories
Hi there, quick question regarding script concurrency with mod_perl. If Ihave the same script name in different directories, will mod_perl treat them differently and can they be used concurrently? i.e. I have a production version and a development version of help.pm which gets called by help.pl by mod_perl. The code differs and they are in different directories. Can the two instances of help.pl (/production/help.pl and /devel/help.pl) be used at the same time without interfering with each other? Regards Andreas -- | Andreas Schiffler [EMAIL PROTECTED] | | Senior Systems Engineer - Deskplayer Inc., Buffalo | | 4707 Eastwood Cres., Niagara Falls, Ont L2E 1B4, Canada | | +1-905-371-3652 (private) - +1-905-371-8834 (work/fax) |
Re: Similar scripts in different directories
If the script is a module then no. If the script is a script being loaded by something else like Apache::Registry, there is code in Apache::Registry to mangle the namespace of the script so it appears to be different from a script of the same name running at a different URL. However, there is no such logic for the modules or libraries that are loaded. If this is your issue you need to read the Mod_Perl Guide by Stas which I believe has a section on this... maybe look for %INC issues. At 05:40 PM 10/17/00 -0400, Andreas Schiffler wrote: Hi there, quick question regarding script concurrency with mod_perl. If I have the same script name in different directories, will mod_perl treat them differently and can they be used concurrently? i.e. I have a production version and a development version of help.pm which gets called by help.pl by mod_perl. The code differs and they are in different directories. Can the two instances of help.pl (/production/help.pl and /devel/help.pl) be used at the same time without interfering with each other? Regards Andreas -- | Andreas Schiffler[EMAIL PROTECTED] | | Senior Systems Engineer-Deskplayer Inc., Buffalo | | 4707 Eastwood Cres., Niagara Falls, Ont L2E 1B4, Canada | | +1-905-371-3652 (private) - +1-905-371-8834 (work/fax) |
Re: Remembering Authentication
At 06:58 PM 10/17/00 +0100, [EMAIL PROTECTED] wrote: AuthCookie won't help you here, it still sends a cookie back to the client. Whatever you do, you will need to modify the response to the client to contain a session id somewhere where you can get it back. From what you've said, you will need to modify the url in some way. It doesn't matter whether you store information in a server-side store or in the session key itself, you still need to stick it in the url somewhere and make sure that all relative links contain that key. Is there a handler out there that can munge relative urls in this way for static pages, perhaps as part of an Apache::Filter chain ? Not as part of an Apache::Filter chain, but feel free to play with http://www.hank.org/modules/AuthCookieURL-0.02.tar.gz Bill Moseley mailto:[EMAIL PROTECTED]
XML help (offtopic)?
I know this isnt the right place to ask this question but if someone could at least fill me in and point me in the right direction I'd be gratefull. I'm trying to find a way to do XML over HTTP. I have a project at work that I'm doing where we have a XML based system. The system would connect to port 80 and do XML over HTTP. I'm not exactly sure what this entails but I'm guessing using the HTTP protocall to send XML. So, you get the HTTP methods (GET, POST, HEAD, etc) and headers (Date, Server, Content-Type, etc) but with XML data instead of HTML. Now, I understand I could easily use apache to send XML data (GET) but I'm not to sure how I should handle receiving XML (POST). I definetly want to do the XML parsing and such with perl (I've been playing with XML::Parser, very cool). What am I missing? Thanks, sorry for being offtopic and for the bad explanation... Geoff -- Geoffrey Gallaway || This may seem a bit weird, but that's okay, because it [EMAIL PROTECTED] || is weird. D e v o r z h u n ||-- Tom Christiansen
Re: XML help (offtopic)?
I think I might have been a slight bit confusing in the email. I need to
have apache be able to *recieve* the POST and GET requests. I know how to
send the XML to another server, I just need to know how to get *my*
server to handle the requests/data from other clients..
Geoff
This one time, at band camp, cloudnine wrote:
HTTP::Request is your friend. It generates an HTTP request, whether it be
a get or a post.
LWP::UserAgent actually performs the request for you.
## example:
my $request = HTTP::Request-new(POST='http://foo.bar.com');
$request-content_type('application/x-www-form-urlencoded');
$request-content("XMLStuff=$scalarWithYourXML"); ## add the xml to the post.
my $ua = LWP::UserAgent-new;
my $response;
$response = $ua-simple_request($request);
unless ( $response-is_success ) {
## do what must be done in event of a failure
}
## whatever else
The receiving server could grab the XMLStuff as $r-param('XMLStuff');
Hope i answered your question!
- Matt Avitable
On Tue, 17 Oct 2000, Geoffrey Gallaway wrote:
I'm trying to find a way to do XML over HTTP. I have a project at work
that I'm doing where we have a XML based system. The system would connect
to port 80 and do XML over HTTP. I'm not exactly sure what this entails
but I'm guessing using the HTTP protocall to send XML. So, you get the
HTTP methods (GET, POST, HEAD, etc) and headers (Date, Server,
Content-Type, etc) but with XML data instead of HTML. Now, I understand I
could easily use apache to send XML data (GET) but I'm not to sure how I
should handle receiving XML (POST). I definetly want to do the XML parsing
and such with perl (I've been playing with XML::Parser, very cool). What
am I missing?
--
Geoffrey Gallaway || Programming the X Window System is like trying to find
[EMAIL PROTECTED] || the square root of pi using Roman numerals.
D e v o r z h u n ||-- Anonymous
Win32: Activestate 5.6.0 618 / 1.24_01 / 1.3.14
Hi, Win32 issues might be slightly OT here, but I really would like to find my way around/a solution concerning the AS 5.6.0 618 / 1.24_01 combo crashing Apache during a service shutdown/stop. This was discussed at ng comp.lang.www-servers.ms-windows ( Subject: mod_perl and ActiveState perl (v5.6.0 618)) recently, but the thread died somehow. To me this is totally weird, but I mysteriously got rid of the crashing when additionally loading PHP4.0.2 as a DSO into the mod_perl enabled server. Why this works is a total mystery to me, but it may give a clue to what is failing to someone else... OS is NT (sp4) If anyone is interested in trying this out for themselves, a pre-compiled PHP 4.0.2 binary (mod_php.dll) is available at http://www.geocities.com/ro_marius/mod_php4.html you'll also need the core php-lib from the latest php Win32 binary dist, namely phpts.dll (~860kb) Place the lib in the server-root dir, add a LoadModule directive into the ap-conf and install kickstart a service-instance of "Apache/1.3.14 (Win32) PHP/4.0.2 mod_perl/1.24_01" Now, hopefully, your AS 5.6.0 618 / 1.24_01 / 1.3.14 service no longer crashes at a shutdown/stop. thomas.
Win32: Activestate 5.6.0 618 / 1.24_01 / 1.3.14
Hi, Win32 issues might be slightly OT here, but I really would like to find my way around/a solution concerning the AS 5.6.0 618 / 1.24_01 combo crashing Apache during a service shutdown/stop. This was discussed at ng comp.lang.www-servers.ms-windows ( Subject: mod_perl and ActiveState perl (v5.6.0 618)) recently, but the thread died somehow. To me this is totally weird, but I mysteriously got rid of the crashing when additionally loading PHP4.0.2 as a DSO into the mod_perl enabled server. Why this works is a total mystery to me, but it may give a clue to what is failing to someone else... OS is NT (sp4) If anyone is interested in trying this out for themselves, a pre-compiled PHP 4.0.2 binary (mod_php.dll) is available at http://www.geocities.com/ro_marius/mod_php4.html you'll also need the core php-lib from the latest php Win32 binary dist, namely phpts.dll (~860kb) Place the lib in the server-root dir, add a LoadModule directive into the ap-conf and install kickstart a service-instance of "Apache/1.3.14 (Win32) PHP/4.0.2 mod_perl/1.24_01" Now, hopefully, your AS 5.6.0 618 / 1.24_01 / 1.3.14 service no longer crashes at a shutdown/stop. thomas.
[ RFC ] New Module Apache::SessionManager
Dear ALL I've writen a module that does transparent session management via either Cookies, Munged URI or Query Args. It has quite a few options to change the behavour, and appears stable in my developement environment. What I suggest is that unless there is a major objection I call it Apache::SessionManager and set up a Source Forge project with the same name. Unless there is a major issue I assume that by the weekend everyone whom wants to will have made thier view clear and will hopefully go forward from there. Regards Greg
Re: XML help (offtopic)?
Geoffrey Gallaway wrote: I think I might have been a slight bit confusing in the email. I need to have apache be able to *recieve* the POST and GET requests. I know how to send the XML to another server, I just need to know how to get *my* server to handle the requests/data from other clients.. Seems like you'd handle this the same as any HTML form with a POST method. If you aren't sure what that looks like you can read the HTTP specs or make LWP generate some POST requests and look at them. It's pretty simple stuff. - Perrin
Re: [ RFC ] New Module Apache::SessionManager
I like the name as it works well with our naming (SessionManager, Session hierarchy) so I can probably write a wrapper that assumes your SessionManager is embedded in Apache and it's not confusing for our users who want to configure our apps to use your session manager. Thanks, Gunther At 06:33 PM 10/17/2000 +, Greg Cope wrote: Dear ALL I've writen a module that does transparent session management via either Cookies, Munged URI or Query Args. It has quite a few options to change the behavour, and appears stable in my developement environment. What I suggest is that unless there is a major objection I call it Apache::SessionManager and set up a Source Forge project with the same name. Unless there is a major issue I assume that by the weekend everyone whom wants to will have made thier view clear and will hopefully go forward from there. Regards Greg __ Gunther Birznieks ([EMAIL PROTECTED]) eXtropia - The Web Technology Company http://www.extropia.com/
Re: Remembering Authentication
Ian, Using cookies is just one way of overcoming the stateless nature of http. The other ways that I know of are to modify the url in some way or to put a hidden field in a form. The latter only works if you're processing forms of course so for general viewing, you need to modify the URL. There are two ways that I have heard about. 1. modify the url to include a session key in the path. To serve html pages you'd need to write a custom content handler to rewrite all your outgoing page links to include the session key. I haven't seen one on CPAN, please let me know if you find one, I could use it too ! 2. authenticate the users and then redirect to a fake host session.www.somecorp.com/page/you/wanted/. Then you use a custom handler at the translation phase to strip the session key and recover the user name from whatever session store you're using. I haven't got beyond cookies myself but these are both avenues I need to explore in the next few months. HTH, Simon Wilcox From "Ian Frawley" [EMAIL PROTECTED] Date 17 October 2000 To [EMAIL PROTECTED] Time 19:20 Copy to (bcc: Simon Wilcox/BASE/WilliamsLea) Bcc Simon Wilcox/BASE/WilliamsLea Fax to Subject Remembering Authentication Hi all Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? I have managed to authenticate a user once through some text fields on a HTML page but unfortunately this does not make the browser remember the user's authentication information. On subsequent requests to the same secure area apache requires that the user enters their credentials again. Is there a way around this? If so any help would be appreciated. Thanks Ian Hi all Is it possible to authenticate a user without having to use the unfriendly login box provided by browsers, without using cookies? I have managed to authenticate a user once through some text fields on a HTML page but unfortunately this does not make the browser remember the user's authentication information. On subsequent requests tothe same secure area apache requires that the user enters their credentials again. Is there a way around this? If so any help would be appreciated. Thanks Ian __ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email.
