Re: Apache::Registry vs. Handlers
On Mon, 20 Nov 2000, Gunther Birznieks wrote: Stas already ran benchmarks. Search the previous posts if he didn't include them in the guide. http://perl.apache.org/guide/performance.html#Apache_Registry_PerlHandler_vs_ At 03:10 PM 11/19/2000 -0700, E.S. wrote: on 11/19/00 6:04 PM, Randal L. Schwartz at [EMAIL PROTECTED] uttered the following: When you're *really* good with mod_perl, you abandon Apache::Registry and move up to writing handlers or using embedded templating systems like EmbPerl, Mason, or Template Toolkit. Question... All other things being equal, what's the general performance difference between writing your own handlers or using a templating system vs. using your scripts under Apache::Registry? I've been running my old CGI scripts under Apache::Registry for awhile now, and they seem to be pretty speedy; what do I have to gain by doing it the "right" way? Thanks.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Gunther Birznieks ([EMAIL PROTECTED]) eXtropia - The Web Technology Company http://www.extropia.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://apachetoday.com http://jazzvalley.com http://singlesheaven.com http://perlmonth.com perl.org apache.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security suggestion
In the context of what you are talking about, I think giving ExecCGI permissions should not allow them to change mod_perl handlers or do anything to adjust mod_perl either. ExecCGI is a lot less problematic than exposing access to mod_perl from a shared web server security standpoint especially if CGI's are suexec'ed. So I would advocate an ExecModPerl option or something like that so that user's could not arbitrarily install their own Perl Handlers. At 12:20 PM 11/19/2000 +, Richard Goerwitz wrote: Gunther Birznieks wrote: The CGI scripts on your site would not be passed through Apache::Registry or Apache::PerlRun, they would run as normal CGIs. No? So that makes sense as a motivation to allow mod_perl on a server for content handlers that are tightly defined. But don't allow the users access to anything else in mod_perl. Precisely. I feel as though I've been explaining myself poorly because I've been so widely misunderstood. But what you said above about sums it up. I'm only talking about giving people access to specific mod_perl modules (or to modules in very specific places). I don't want to give people blanket Apache::Registry access as part of that package (except in cases where I specifically say so). At the risk of repeating myself, I'm looking for a way of setting up mod_ perl so that, if I turn off ExecCGI for a given directory (and maybe spe- cify a list of Perl modules or paths), it will mean that, as far as mod_perl is concerned, 1) users can only use specific modules (or modules in specific places) 2) users can't (by implication) use Apache::Registry unless I say so 3) users can't change PERL5LIB or use PerlSetEnv (or PerlPassEnv) 4) users can't include any Perl code indirectly or otherwise (e.g., Perl) Re (1) above, I wonder whether it matters if modules I allow load modules that I _don't_ allow. My sense is that as long as I can control the ini- tial loading, I don't care whether the thing that's loaded runs amok. It is my responsibility (if I allow access to a module) to make sure that module will behave itself. Those more versed in security issues will perhaps want to think this through. I've been receiving a steady trickle of off-list mail, by the way, from ISPs and webmasters/sysadmins working in organizations where you just can't allow everyone CGI access (or full mod_perl/Perl access) - but where it would be very useful to allow people selective access to specific Perl modules. They are excited by the thought that they could offer new functionality (and added value) to their services, without necessarily having to trust all their web users (publishers, web developers - whatever) enough to allow them to execute arbitrary Perl code. Those of you who are working on your own, or in small/controlled shops, may not have an intuitive grasp of the circumstances the rest of us work under. But if you think about how things must be for us (some of us w/ hundreds, if not thousands, of web developers), you'll see that we can't monitor every account and audit every change. Universities with lots of student workers/accounts are classic cases. Students are smart and mis- chievous, and they come and go regularly. They make web pages and sys- tems, and they do the same part-time for departments and workgrous with- in the institution. We may want to give them access to a specific Perl module (e.g., some institution-wide authentication system that's imple- mented with a PerlAuthenHandler). But we certainly don't want giving them that sort of access to open up a floodgate by allowing them to exe- cute arbitrary Perl code on the server - unless we say so (e.g., by giv- ing them ExecCGI permission). -- Richard Goerwitz PGP key fingerprint:C1 3E F4 23 7C 33 51 8D 3B 88 53 57 56 0D 38 A0 For more info (mail, phone, fax no.): finger [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Gunther Birznieks ([EMAIL PROTECTED]) eXtropia - The Web Technology Company http://www.extropia.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bunch of need AuthName in error.log
Where's this AuthName coming from? Try [EMAIL PROTECTED]">http://forum.swarthmore.edu/epigone/modperl/crerdquenddil/[EMAIL PROTECTED] HTH, Simon. __ This email contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or reply on this email. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache::ASP
Hi, I've got a problem with Apache::ASP. I've installed according to the install doc with all the needded modules ( using CPAN). When I try to use the /eg/ directory it gives me the following. #!/usr/local/bin/perl5 asp {PRIVATE}{HYPERLINK "%=$_-"} ({HYPERLINK "source.asp?file=%=$_-"}) Can anyone please help me? Cecil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Use of .htaccess files
You will need to use StatINC. mod_perl does not re-read modules that it has already loaded. -Original Message- From: Kevin Beckford [mailto:[EMAIL PROTECTED]] Sent: Friday, November 17, 2000 11:06 PM To: [EMAIL PROTECTED] Subject: Use of .htaccess files Hello all, I'm a newbie to mod_perl, and I have a question. We have mod_perl on our server, but it is a standard out of the box install (Only PerlHandler is enabled.) Now, I'd like to use .htaccess files to test some stuff out (no dev server either) and I don't want to be constantly restarting the server. Am I correct in thinking that since .htaccess files are read by the server every request, I do not need to use techniques like Apache::StatINC to ensure that the libs get read every request. What Perl directives can I not put in .htaccess? I plan on testing this stuff in a directory, and if it works, moving it into the main server. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[DIGEST] mod_perl digest 11/12/2000
-- mod_perl digest November 12, 2000 - November 18, 2000 -- Recent happenings in the mod_perl world... Features o mod_perl status o module announcements o mailing list highlights o FAQ of the week o links mod_perl status o mod_perl - stable: 1.24_01 (released October 10, 2000) [1] - development: 1.24_02-dev [2] o Apache - stable: 1.3.14 (released October 13, 2000) [3] - development: 1.3.15-dev [4] o Perl - stable: 5.6 (released March 23, 2000) [5] - development: 5.7 [6] module announcements o HTML-Embperl 1.3b7 - a module for embedding Perl code in HTML pages that includes buliding pages/sites out of small reusable objects/components and session handling [7] mailing list highlights o The call for papers for ApacheCon US 2001 is upon us [8] o A very detailed post was put forward describing the (current, but previously undocumented) behavior of mod_proxy. [9] This entire thread is definitely worth the time. o A rather lengthy thread on trying to install mod_perl on Alpha/Tru64 should prove enlightening for those who are trying to get started on this platform. [10] o Using Apache::File-tmpfile() with $r-send_fd requires calling seek $fh, 0, 0; prior to calling $r-send_fd. In a follow up, the differences between seek and sysseek, open and sysopen were explained. [11] o mod_perl security discussed from the standpoint of allowing thousands of developers access to mod_perl's power [12] o There may be a bug in mod_perl Perl sections that does not allow for duplicate directives within the same location [13] [14] links o The Apache/Perl Integration Project [15] o mod_perl documentation [16] o mod_perl modules on CPAN [17] o mod_perl homepage [18] o mod_perl list archives [19] [20] happy mod_perling... --Geoff [EMAIL PROTECTED] -- [1] http://perl.apache.org/dist/ [2] http://perl.apache.org/from-cvs/modperl/ [3] http://www.apache.org/dist/ [4] http://dev.apache.org/from-cvs/apache-1.3/ [5] http://www.perl.com/pub/language/info/software.html#stable [6] http://www.perl.com/pub/language/info/software.html#devel [7] http://forum.swarthmore.edu/epigone/modperl/vaxquale [8] http://forum.swarthmore.edu/epigone/modperl/blahphoiben [9] http://forum.swarthmore.edu/epigone/modperl/limpbandming [10] http://forum.swarthmore.edu/epigone/modperl/maxminsni [11] http://forum.swarthmore.edu/epigone/modperl/gruldendsten [12] http://forum.swarthmore.edu/epigone/modperl/yehsworgen [13] http://forum.swarthmore.edu/epigone/modperl/zhaxyinggrimp [14] http://forum.swarthmore.edu/epigone/modperl/zheewhahle [15] http://perl.apache.org [16] http://perl.apache.org/#docs [17] http://www.perl.com/CPAN-local/modules/by-module/Apache/ [18] http://www.modperl.com [19] http://forum.swarthmore.edu/epigone/modperl/ [20] http://archive.covalent.net/modperl/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security suggestion
Gunther Birznieks wrote: At the risk of repeating myself, I'm looking for a way of setting up mod_ perl so that, if I turn off ExecCGI for a given directory (and maybe spe- cify a list of Perl modules or paths), it will mean that, as far as mod_perl is concerned, 1) users can only use specific modules (or modules in specific places) 2) users can't (by implication) use Apache::Registry unless I say so 3) users can't change PERL5LIB or use PerlSetEnv (or PerlPassEnv) 4) users can't include any Perl code indirectly or otherwise (e.g., Perl sections, literal 'sub { ... }'s as handlers) ...I would advocate an ExecModPerl option or something like that so that user's could not arbitrarily install their own Perl Handlers. Some thoughts: If a user has ExecCGI privileges he or she can commandeer the most important part of the request cycle (the response phase), so I'm not sure we get better security or control by having a separate ExecModPerl option. NB: If we re-use ExecCGI for mod_perl, people will feel as though they're on familiar turf. Sysadmins will understand the implications of turning it on (i.e., they'll know that turning it on means the ability to execute code on the server, using the ID under which Apache runs). And re-using ExecCGI would relieve us of having to reserve another (mostly redundant) word. -- Richard Goerwitz[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security suggestion
At 08:42 AM 11/20/00 -0500, Richard L. Goerwitz wrote: Gunther Birznieks wrote: At the risk of repeating myself, I'm looking for a way of setting up mod_ perl so that, if I turn off ExecCGI for a given directory (and maybe spe- cify a list of Perl modules or paths), it will mean that, as far as mod_perl is concerned, 1) users can only use specific modules (or modules in specific places) 2) users can't (by implication) use Apache::Registry unless I say so 3) users can't change PERL5LIB or use PerlSetEnv (or PerlPassEnv) 4) users can't include any Perl code indirectly or otherwise (e.g., Perl sections, literal 'sub { ... }'s as handlers) ...I would advocate an ExecModPerl option or something like that so that user's could not arbitrarily install their own Perl Handlers. Some thoughts: If a user has ExecCGI privileges he or she can commandeer the most important part of the request cycle (the response phase), so I'm not sure we get better security or control by having a separate ExecModPerl option. I don't think that this is the case if you configure apache to use suexec option. With suexec, the CGI script a user invokes cannot even run with the permissions of the web server, it runs with the permissions of the individual user. No scripts can trample over each other (other than a denial of service on CPU and disk) maliciously. But if you open up mod_perl, then you give the user power over the entire web server including the prospective capability to hijack another user's URLs. I do believe there would be ISPs that would enable CGI and special mod_perl handlers, but not want to enable a user installing their own handlers. NB: If we re-use ExecCGI for mod_perl, people will feel as though they're on familiar turf. Sysadmins will understand the implications of turning it on (i.e., they'll know that turning it on means the ability to execute code on the server, using the ID under which Apache runs). And re-using ExecCGI would relieve us of having to reserve another (mostly redundant) word. I am not sure I agree that ExecCGI gives similar power as mod_perl based on the argument of suexec behavior. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: compiling modperl on alpha
Hi all, Just in case this may help others in coping with the install of mod_perl on Tru64, here are a few more info: After installing mod_perl 1.24_01 into Apache 1.3.14 statically on the DU4.0b system and getting it done all the way without errors besides the usual warnings, I found out that it really doesn't work. The perl in use on that system is 5.6 and I think it's the source of most troubles. I built mod_perl like this: CC="cc" export CC perl Makefile.PL \ APACHE_SRC=../apache/src \ EVERYTHING=1 \ PERL_TRACE=1 \ USE_APACI=1 \ DO_HTTPD=1 \ PREP_HTTPD=1 just like we should (I think), then did the make and make install but I skipped the make test, which never worked. I installed apache with modperl static and all other standard modules as DSOs, then added php4 as a DSO afterwards. PHP4 "kinda" worked because a simple page giving out its status info actually does work, but modperl doesn't. I don't really want to roll back perl on that system, it has too many users and too much traffic to mess with it that way. I did however try this same thing on the Tru64 5.1 system and same thing, PHP ended up working (at least for a while) but modperl just wouldn't work. So I rolled back to perl 5.00501 and did the whole thing from scratch, using the same script as above on the modperl side, with the make and make install (skipping test) then did the build of apache with: CC="cc" \ CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" \ ./configure \ "--with-layout=config.mylayout:MyApache" \ "--activate-module=src/modules/perl/libperl.a" \ "--server-uid=httpd" \ "--server-gid=httpd" \ "--enable-module=most" \ "--enable-module=perl" \ "--enable-shared=max" \ "--disable-shared=perl" and a couple of other things like suexec. I haven't tried to use modperl as a DSO on that system again, so I'm not sure it would work or not. I also added PHP4 as a DSO after the install and that worked (also for a while) and modperl seems now to be working. The only problem I have to solve now is "why the heck did php work for a while then stopped working because of some unresolved symbol without changing anything in the config"! Beats me! I haven't found that out yet, even after re-building php from scratch again twice, it still won't work because of that un-resolved symbol "php_sig_gif". Other than that the modperl/apache tandem seems ok for now and I hope I can resolve this php thing without having to rebuild the whole thing. (if anyone knows about this un-resolved symbol, give me a hint..) But in any case, trying to use perl 5.6 is nothing but trouble and if someone has been able to make all this work with it, I'd like to know how! -- Didier Godefroy mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
how to...unsubscribe!!
Hi, I've been trying to unsubscribe from this list for a week. I sent several blank emails to [EMAIL PROTECTED] . It doesn't work! What now?? Joel Cohen, Ph.D.Dr. Joel's Computer Shoppe(www.drjoelscomputers.com)8209 Meadow Road #1030Dallas, Texas 75231 ph./fax: 214-706-8963email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to...unsubscribe!!
If you would at least read your OWN posts... :) To unsubscribe, e-mail: [EMAIL PROTECTED] ^^^ For additional commands, e-mail: [EMAIL PROTECTED] "Joel Cohen, Ph.D." wrote: Hi, I've been trying to unsubscribe from this list for a week. I sent several blank emails to [EMAIL PROTECTED] . It doesn't work! What now?? Joel Cohen, Ph.D. Dr. Joel's Computer Shoppe (www.drjoelscomputers.com) 8209 Meadow Road #1030 Dallas, Texas 75231 ph./fax: 214-706-8963 email: [EMAIL PROTECTED] --- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- Ricardo Stella O.I.T. (609)896-5000 x7436 _suAve_ Rider University *** SPAM will not be tolerated *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: compiling modperl on alpha
From: Didier Godefroy [mailto:[EMAIL PROTECTED]] [...snip...] But in any case, trying to use perl 5.6 is nothing but trouble and if someone has been able to make all this work with it, I'd like to know how! We have a Perl5.6.0 with apache 1.3.14 and mod_perl 1.24_01 built with no problems. Did it just according to the book (which one? Don't know :) perl Makefile.PL EVERYTHING=1 PERL_TRACE=1 and them build httpd in the apache tree. Works just fine. I have tried building with DSO, but that fails miserably. Did so with perl5.005_03 as well. Just my EUR0.02. Henrik Tougaard, FOA, Denmark. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security suggestion
"Richard L. Goerwitz" [EMAIL PROTECTED] wrote: Gunther Birznieks wrote: ...I would advocate an ExecModPerl option or something like that so that user's could not arbitrarily install their own Perl Handlers. If a user has ExecCGI privileges he or she can commandeer the most important part of the request cycle (the response phase), so I'm not sure we get better security or control by having a separate ExecModPerl option. NB: If we re-use ExecCGI for mod_perl, people will feel as though they're on familiar turf. Sysadmins will understand the implications of turning it on (i.e., they'll know that turning it on means the ability to execute code on the server, using the ID under which Apache runs). And re-using ExecCGI would relieve us of having to reserve another (mostly redundant) word. I don't think it's redundant at all. In fact it is already possible to configure a Location or VirtualHost section within a mod_perl server in which mod_perl functionality is disabled (or overridden) with an old-style ExecCGI directive (scripts fork into separate SUID user-owned processes). In that scenario, which is not as unlikely as it might at first seem, for an ISP, the directive ExecCGI already has meaning, and "reusing it" would cause some bad ambiguouity. -dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts mod_perl
"GB" == Gunther Birznieks [EMAIL PROTECTED] writes: GB Apache::Registry programs are basically compatible with Velocigen, GB PerlEx, and SpeedyCGI acceleration. I think that's a huge GB commercial and open source advantage for anyone writing web GB programs for sale or open community use. And most of them can still run as traditional fork/exec CGI's for the occasion where you need to use it on another server. I think I've written exactly *one* direct handler (other than for hire), and that was just for learning how to do it. I use Registry all the time and see no reason not to continue using it. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D.Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security suggestion
"Gunther Birznieks" [EMAIL PROTECTED] wrote: In the context of what you are talking about, I think giving ExecCGI permissions should not allow them to change mod_perl handlers or do anything to adjust mod_perl either. ExecCGI is a lot less problematic than exposing access to mod_perl from a shared web server security standpoint especially if CGI's are suexec'ed. So I would advocate an ExecModPerl option or something like that so that user's could not arbitrarily install their own Perl Handlers. [snip] 1) users can only use specific modules (or modules in specific places) 2) users can't (by implication) use Apache::Registry unless I say so 3) users can't change PERL5LIB or use PerlSetEnv (or PerlPassEnv) 4) users can't include any Perl code indirectly or otherwise (e.g., Perl) It seems like what you're really asking for is some sort of "LessModPerl" directive that disallows raw perl (perl sections, PerlModule and PerlRequire directives, others?) in .htaccess and limits @INC within .htaccess to a certain path, but allow users to add PerlSetVar youconfigvalue PerlHandlder YourPredefined::handlers to their .htaccess sections I agree - this has very useful applications in shared hosting. Having developed on large shared-server ISPs that successfully manage multiple developers, I've always thought it was going to be problematic for ISP's to deploy it because all of mod_perls power is just as easily invoked from .htaccess as it is from conf files (where the shared users are forbidden to go). that's where to enforce the security. administrators need to be able to set up the server conf files such that users can use .htaccess to configure what mod_perl handlers they want to use, but they can't specify handlers outside of a read-only (to them) "handlerlib" area and so cannot write their own handlers, "PerlRequire" scripts, or "PerlModule" modules. -dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Probably [OT] Are there any Simple Generic Server modules
Dear All This is a little OT - but bear with me. I am looking for a simple generic server (prefably OO) that I can use for my NON OO stuff. I have writen my own, but I am after ideas One project I've got involves getting HTML (template)files via LWP, and uploads them into an IPC cache for HTML::Template. It needs to accept signals so that Apache can HUP it to go get new templates. Using a generic server class can enable me to get the code out of apache. Any clues welcome. Thanks. Greg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bunch of need AuthName in error.log
Ime Smits wrote: Hi, Today I upgraded to Apache 1.3.14, mod_perl 1.24_01, Apache::ASP 1.27, which seems to work just fine, except that for *each* mod_perl script being executed I get something like [Mon Nov 20 05:22:13 2000] [error] [client 192.168.31.31] need AuthName: /site/gpsmap.plp in my error.log, however, the page just shows in the browser like nothing is wrong. Where's this AuthName coming from? Apache::ASP calls the $r-*basic_auth* functions to set up ServerVariables. It seems that recent versions of Apache require that AuthName be set to something, like "AuthName globalauth" in a httpd config file, or they will kick off this warning to the error log. What I'll do is have Apache::ASP only set up the auth data in ServerVariables if there is a new config set, to be determined. For now, just set AuthName to something. --Joshua _ Joshua Chamas Chamas Enterprises Inc. NodeWorks free web link monitoring Huntington Beach, CA USA http://www.nodeworks.com1-714-625-4051 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache::ASP
[EMAIL PROTECTED] wrote: Hi, I've got a problem with Apache::ASP. I've installed according to the install doc with all the needded modules ( using CPAN). When I try to use the /eg/ directory it gives me the following. #!/usr/local/bin/perl5 asp {PRIVATE}{HYPERLINK "%=$_-"}[0]% ({HYPERLINK "source.asp?file=%=$_-"}[0]%source) Can anyone please help me? You have either not installed Apache::ASP/mod_perl correctly, or you have not activated Apache::ASP to run the files in /eg/ which is more a general Apache config issue. Make you you did what's at http://www.apache-asp.org/install.html#Quick%20Start --Joshua _ Joshua Chamas Chamas Enterprises Inc. NodeWorks free web link monitoring Huntington Beach, CA USA http://www.nodeworks.com1-714-625-4051 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session expiration
Is there anyway to know that a user has disconnected from their session through network failure, power off, or browser closure? I am logging information about the user to a database when they login to a site, and I need to clean up this data when they leave. Obviously this is no problem with the user explicitly clicks a button to logoff, but we all know that hardly ever happens Thanks! Trey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Probably [OT] Are there any Simple Generic Server modules
On Mon, 20 Nov 2000, Greg Cope wrote: Dear All This is a little OT - but bear with me. I am looking for a simple generic server (prefably OO) that I can use for my NON OO stuff. I have writen my own, but I am after ideas One project I've got involves getting HTML (template)files via LWP, and uploads them into an IPC cache for HTML::Template. It needs to accept signals so that Apache can HUP it to go get new templates. Using a generic server class can enable me to get the code out of apache. I use POE for this. It allows me to have one server and add different modules for it, including things like an IRC bot, and a TCP/IP listener. All in the same POE kernel. -- Matt/ /||** Director and CTO ** //||** AxKit.com Ltd ** ** XML Application Serving ** // ||** http://axkit.org ** ** XSLT, XPathScript, XSP ** // \\| // ** Personal Web Site: http://sergeant.org/ ** \\// //\\ // \\ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session expiration
Hi Trey! Is there anyway to know that a user has disconnected from their session through network failure, power off, or browser closure? How about extracting the user's IP address and then, if he hasn't sent anything over for a time period, ping him? -- Craig (The Data Ferret) http://www.pcferret.com/ for RARS, NetClip http://www.pcferret.com/teletools.html for Telephony http://www.pcferret.com/gps.html for GPS! Virtual Access 5.50 build 311 Win98 http://counter.li.org ID #184149 "Do not meddle in the affairs of FERRETS..." - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session expiration
Yeah, thought about that, but that won't work if they are sitting behind a firewall. Trey Craig E Ransom wrote: Hi Trey! Is there anyway to know that a user has disconnected from their session through network failure, power off, or browser closure? How about extracting the user's IP address and then, if he hasn't sent anything over for a time period, ping him? -- Craig (The Data Ferret) http://www.pcferret.com/ for RARS, NetClip http://www.pcferret.com/teletools.html for Telephony http://www.pcferret.com/gps.html for GPS! Virtual Access 5.50 build 311 Win98 http://counter.li.org ID #184149 "Do not meddle in the affairs of FERRETS..." - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session expiration
At 03:00 PM 11/20/00 -0600, Trey Connell wrote: Is there anyway to know that a user has disconnected from their session through network failure, power off, or browser closure? How is that different from just going out for a cup of coffee or opening a new browser window and looking at a different site? I am logging information about the user to a database when they login to a site, and I need to clean up this data when they leave. Define "leave" and you will have the answer. All you can do is set an inactivity timeout, I'd suspect. cron is your friend in these cases. Cheers, Bill Moseley mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
configuration file ( startup.pl )!!!
Dear all, I am with a small problem. I used the following command to open some connections when the WWW server is initialized: #Initialize the database connections for each child Apache::DBI-connect_on_init ("dbi:Oracle:ora8", "travel", "travel", { PrintError = 1, # Warn() on errors RaiseError = 0, # Don't die on error AutoCommit = 1, # Commit executes immediately } ); The problem is which I do not know how to configure the WWW server to open many connections for example "20 connections"!!! Can anyone help me ? If possible, I would like someone send me your configuration file (startup.pl). Thanks, Edmar Edilton da Silva Bacharel em Ciência da Computacão - UFV Mestrando em Ciência da Computacão - UNICAMP
Re: session expiration
On Mon, 20 Nov 2000, Bill Moseley wrote: At 03:00 PM 11/20/00 -0600, Trey Connell wrote: Is there anyway to know that a user has disconnected from their session through network failure, power off, or browser closure? How is that different from just going out for a cup of coffee or opening a new browser window and looking at a different site? I am logging information about the user to a database when they login to a site, and I need to clean up this data when they leave. Define "leave" and you will have the answer. All you can do is set an inactivity timeout, I'd suspect. cron is your friend in these cases. And spec out what you want when a user does happen to come back after you have expired their session with cron. (they leave their browser open for awhile, or they bookmark a page). -Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI scripts mod_perl
On Mon, 20 Nov 2000, Gunther Birznieks wrote: Most normal applications do not require every bit of speed eeked out of them that may be possible with an Apache handler. In the mod_perl guide, a reasonably fast machine (which most production mod_perl sites run on) shows very little time difference between a real-world app (what I would categorize the heavy Apache::Registry vs heavy hander) running in Apache::Registry versus being written as a handler. We've already discussed this one into the ground, but for anyone here who hasn't heard all this before, the main reason to use handlers instead of Registry is to avoid the odd compromises caused by writing something that is going to be wrapped in a generated package name and eval'ed into a subroutine. It's a pretty cool trick, but it's also limiting. For example, not being able to use subroutines unless you put them in an external module is troublesome. I also use handlers invoked as class methods so that I can do some inheritance stuff in my modules. I don't think Apache::Registry can deal with that at this point. - Perrin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configuration file ( startup.pl )!!!
The below code in your startup.pl will have 1 connection per child. If you're apache config allows for 20 kids, each one will get its own connection to your database. There is no built in pooling support (though that will be trivial in 2.0) but usually having a connection per kid is what you're looking for. sterling On Mon, 20 Nov 2000, Edmar Edilton da Silva wrote: Dear all, I am with a small problem. I used the following command to open some connections when the WWW server is initialized: #Initialize the database connections for each child Apache::DBI-connect_on_init ("dbi:Oracle:ora8", "travel", "travel", { PrintError = 1, # Warn() on errors RaiseError = 0, # Don't die on error AutoCommit = 1, # Commit executes immediately } ); The problem is which I do not know how to configure the WWW server to open many connections for example "20 connections"!!! Can anyone help me ? If possible, I would like someone send me your configuration file (startup.pl). Thanks, Edmar Edilton da Silva Bacharel em Ciência da Computacão - UFV Mestrando em Ciência da Computacão - UNICAMP - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] $r-header_out(Location=$dst) browser response
At 11:02 PM 11/19/00 +0100, you wrote: | Is there a way to tell the browser(s) not to make this same substitution in | the near future? | Or, is there a better way to do a one time only redirect from within a | dynamic page? I don't expect IE to do anything by the rules, but maybe you can experiment with sending an explicit Status: 303, as described on http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4 Yes, the 303 status code is exactly what I needed. I also tried setting the "Expire" time to a negative and a small positive time in conjunction with the "normal" REDIRECT (302) status return code, but IE 5 still did not hack the response favorably. I hope that SEE_OTHER {302} can be added to mod_perl's: FakeRequest.pm for future reference. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
@INC and Apache::Registry scripts
Recently I was having a weird problem. I was playing with a CPAN module, and needed to make some changes to it. So I copied it to a different directory out of the /usr/local/lib... perl area. And added a use lib qw(/path/to/that/dir); to the top of my Apache::Registry script. However, on some occasions it seemed to give me a "cannot find subroutine NS::Module::subroutine" or something to that effect. This went away after I did an apachectl restart. Is this something I should look into or just something that's normal? -- Do what thou wilt shall be the whole of the Law. Love is the law, love under will. PGP signature
Re: session expiration
Well, this is the basic scenario. The same userid cannot be logged into the app more than once at any given time. Also, we want to use a cookie to keep the user from having to explicitly login everytime. The latter will be accomplished with cookies and the first rule will be enforced with a "loggedin" flag in the database. My problem lies in the user not explicitly clicking logout when they leave the site. If they explicitly click logout, i can change the "loggedin" flag to false so that they can enter again the next time they try. However, if they do not explicitly logout, I cannot fire the code to change the flag in the database. So basically I want to set a cookie that will allow them to enter the site under their userid, but I can't allow them to enter if they are currently logged in from elsewhere. Any ideas? Trey Tim Bishop wrote: On Mon, 20 Nov 2000, Bill Moseley wrote: At 03:00 PM 11/20/00 -0600, Trey Connell wrote: Is there anyway to know that a user has disconnected from their session through network failure, power off, or browser closure? How is that different from just going out for a cup of coffee or opening a new browser window and looking at a different site? I am logging information about the user to a database when they login to a site, and I need to clean up this data when they leave. Define "leave" and you will have the answer. All you can do is set an inactivity timeout, I'd suspect. cron is your friend in these cases. And spec out what you want when a user does happen to come back after you have expired their session with cron. (they leave their browser open for awhile, or they bookmark a page). -Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session expiration
At 05:20 PM 11/20/00 -0600, Trey Connell wrote: The latter will be accomplished with cookies and the first rule will be enforced with a "loggedin" flag in the database. My problem lies in the user not explicitly clicking logout when they leave the site. If they explicitly click logout, i can change the "loggedin" flag to false so that they can enter again the next time they try. However, if they do not explicitly logout, I cannot fire the code to change the flag in the database. That's where cron comes in. Just make your flag a time, and update it each request. cron then removes any that are older than some preset time and *poof* they are then logged out. They try to access again and you see they have a cookie, yet are logged out and you say "Sorry, you session has expired". So basically I want to set a cookie that will allow them to enter the site under their userid, but I can't allow them to enter if they are currently logged in from elsewhere. Why? What if they want two windows open at the same time? Is that allowed? That design limitation sounds like it's going to make trouble. Bill Moseley mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session expiration
Trey Connell writes: Well, this is the basic scenario. The same userid cannot be logged into the app more than once at any given time. Also, we want to use a cookie to keep the user from having to explicitly login everytime. Just some random ideas, not necessarily the ideal solution: Create an MD5 hash (or some other unique key) when the user logs in, set this key in the cookie and in the database. Add a timeout value to the database entry (for example 3 hours, or whatever). When a user attempts to log in from a different location check the timeout. Alternatively, log the user out from the first session at that point. Be careful of basing the client information on the IP address. AOL and a few other ISPs use rotating proxies so the client IP address can change from one request to the next. Michael -- Michael Peppler - Data Migrations Inc. - [EMAIL PROTECTED] http://www.mbay.net/~mpeppler - [EMAIL PROTECTED] - AIM MPpplr International Sybase User Group - http://www.isug.com Sybase on Linux mailing list: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session expiration
Yeah, big troubleI'm thinking the client's just retarded. ;~) Bill Moseley wrote: At 05:20 PM 11/20/00 -0600, Trey Connell wrote: The latter will be accomplished with cookies and the first rule will be enforced with a "loggedin" flag in the database. My problem lies in the user not explicitly clicking logout when they leave the site. If they explicitly click logout, i can change the "loggedin" flag to false so that they can enter again the next time they try. However, if they do not explicitly logout, I cannot fire the code to change the flag in the database. That's where cron comes in. Just make your flag a time, and update it each request. cron then removes any that are older than some preset time and *poof* they are then logged out. They try to access again and you see they have a cookie, yet are logged out and you say "Sorry, you session has expired". So basically I want to set a cookie that will allow them to enter the site under their userid, but I can't allow them to enter if they are currently logged in from elsewhere. Why? What if they want two windows open at the same time? Is that allowed? That design limitation sounds like it's going to make trouble. Bill Moseley mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: @INC and Apache::Registry scripts
I've run into this same situation... you probably had children answering the request that still had the older (without use lib) version taking care of it It sounds like something that is normal... if a newly spawned child had answered the request, it probably would of worked fine... - Sean On Mon, 20 Nov 2000, Rafael Kitover wrote: Recently I was having a weird problem. I was playing with a CPAN module, and needed to make some changes to it. So I copied it to a different directory out of the /usr/local/lib... perl area. And added a use lib qw(/path/to/that/dir); to the top of my Apache::Registry script. However, on some occasions it seemed to give me a "cannot find subroutine NS::Module::subroutine" or something to that effect. This went away after I did an apachectl restart. Is this something I should look into or just something that's normal? -- Do what thou wilt shall be the whole of the Law. Love is the law, love under will. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache::ASP (QueryString eats +)
When sending text with "+" by "?" on url $Request-QueryString eats "+" (the text is absolutely the same but only this sign). Is it a bug or may be some else ? using: Mandrake 7.2 Apache 1.3.14-2mdk apache-mod_perl 1.3.14_1.24-2mdk Apache-ASP 2.002mdk httpd-perl (proxied) If someone know what to do pls send a sign, thnks Serge - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cvs commit: modperl-site isp.html
sbekman 00/11/20 01:13:01 Modified:.isp.html Log: another mod_perl isp Revision ChangesPath 1.13 +2 -0 modperl-site/isp.html Index: isp.html === RCS file: /home/cvs/modperl-site/isp.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- isp.html 1999/06/27 10:54:39 1.12 +++ isp.html 2000/11/20 09:13:00 1.13 @@ -65,6 +65,8 @@ h3USA/h3 +a href="mailto:[EMAIL PROTECTED]"BC Publishing, Inc/aColumbus, Ohio + a href="http://www.kattare.com/"Kattare Internet Services/a, Corvallis, Oregon (a href="mailto:[EMAIL PROTECTED]"[EMAIL PROTECTED]/a) - MySQL, PHP, mod_perl based ASPbr a href="http://www.worldserver.com/"The WorldServer/a, San Francisco, CAbr