ANNOUNCE: mod_perl guide ver. 1.31

[Stas Bekman]

A new version of the mod_perl guide is now available:

- online:
  o HTML http://perl.apache.org/guide/
  o PDF  http://perl.apache.org/guide/mod_perl_guide.pdf.gz (665pp)
- the source at CPAN:
   file: $CPAN/authors/id/S/ST/STAS/Apache-mod_perl_guide-1.31.tar.gz
   size: 472182 bytes
md5: 72d698b0799d32c1c5b2f07cd1f75eb3
(it'll take a few hours for CPAN mirrors to catch up)

Changes since v1.30:

* intro.pod:

   o updated the long due credits section (~200 contributors! in total)

* install.pod:

   o add When DSO can be Used (Doug)

* modules.pod:

   o add Module::Use

   o add Apache::ConfigFile

* debug.pod:

   o noted the fact that the technique of detecting aborted connections
 doesn't work with mod_proxy.

* performance.pod:

   o removed from the last section a dead link of
 http://members.nbci.com/Alex_Maranda/gnuintel/GNUintel.htm

* snippets.pod:

   o detecting SSL connection (Vivek Khera, Geoff Young, Issac Goldstand)

   o Note the Apache::Request-instance class method in addition to the
 POST2GET example (Robin Bjorn)

* porting.pod:

   o s/headers_out/header_out/ where it was incorrectly used,
 (Issac Goldstand)

   o fix the potential bug when using -r $file followed by -M _ and 'do
 $filename' inbetween, which may call stat() and _ won't include the
 right stat struct. (Randy Kobes)

* troubleshooting.pod:

   o SegFaults During Startup

* help.pod:

   o add a reference to http://lists.perl.org/

   o add references to the new mailing lists

* code:

   o the results in lwp-bench.pl are correctly based on the number of
 @urls used (Boris Zentner)

* strategy.pod:

   o new section: Closing Lingering Connections with Lingerd

enjoy!
_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

What do these messages mean on startup

[John Michael]

I am getting these error messages when I restart 
apache on a new mod perlinstall.Starting httpd: Subroutine export 
redefined at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm 
line 35.Subroutine name redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
46.Subroutine Apache::Constants::__AUTOLOAD redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/mod_perl.pm line 
14.Subroutine Apache::Constants::SERVER_VERSION redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/mod_perl.pm line 
14.Subroutine Apache::Constants::SERVER_BUILT redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/mod_perl.pm line 
14.Subroutine Apache::Constants::DECLINE_CMD redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/mod_perl.pm line 
14.Subroutine Apache::Constants::DIR_MAGIC_TYPE redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/mod_perl.pm line 14.Constant 
subroutine OK redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/mod_perl.pm line 
65535.Constant subroutine DECLINED redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
65535.Constant subroutine DONE redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
65535.Constant subroutine NOT_FOUND redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
65535.Constant subroutine FORBIDDEN redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
65535.Constant subroutine AUTH_REQUIRED redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
65535.Constant subroutine SERVER_ERROR redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
65535.Subroutine AUTOLOAD redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
30.Constant subroutine AUTH_REQUIRED redefined at 
/usr/lib/perl5/5.6.0/Carp.pmline 4Constant subroutine DONE redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
4Constant subroutine SERVER_ERROR redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
4Constant subroutine NOT_FOUND redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
4Constant subroutine FORBIDDEN redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
4Constant subroutine OK redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
4Constant subroutine DECLINED redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 
4Subroutine handler redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Registry.pm line 
27.Subroutine compile redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Registry.pm line 
174.Subroutine parse_cmdline redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Registry.pm line 
190.Subroutine DESTROY redefined 
at/usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Registry.pm line 
214.[ OK ]Here is my perl conf file.Alias /perl/ 
/home/www/perl/PerlModule Apache::RegistryLocation 
/perlSetHandler perl-scriptPerlHandler 
Apache::RegistryOptions ExecCGIallow from 
allPerlSendHeader On/Location#This bit of code, 
causes apache to exit gracefully on any request forMicroshit files: nimbda 
fighterPerlModule Apache::ConstantsLocationMatch 
"\.(ida|exe|dll|asp)$"SetHandler perl-scriptPerlInitHandler 
Apache::Constants::DONE/LocationMatchPerlRequire 
/etc/httpd/conf/perl_conf/startup.plPerlFreshRestart OnPerlWarn 
OnThe server appears to have started.Should or can I just 
disreguard these messages.thanksJohn 
michael

Re: mod_perl make test fails

[Marcus Taylor]

we had this same problem.

make test expects 3 pre-loaded perl modules to be present
in order to execute.  One of them is LWP::UserAgent (part of libwww-perl)

The problem you specify only occurs if you have installed a version of
libwww-perl that is  5.53 (probably v. 5.6)

If you don't want to downgrade, you can install 5.53 to a local directory,
set $PERL5LIB to include it, then rerun make test.

Marcus Taylor
Semantico
http://www.semantico.com/

[EMAIL PROTECTED] wrote:

Hi there!

I'm trying to compile apache_1.3.22+mod_perl-1.26 on a redhat 7.1 
linux box. I replace the original gcc  2.xx with gcc version 3.0.2 
and perl 5.6.0 with perl 5.6.1 both compiled in the same box.

Any help will be highly appreciated

_ Jose Albert

These are the last lines of the output of 'make test'

../apache_1.3.22/src/httpd -f `pwd`/t/conf/httpd.conf -X -d `pwd`/t 

httpd listening on port 8529
will write error_log to: t/logs/error_log
letting apache warm up...\c
done
/usr/bin/perl t/TEST 0
Can't locate object method new via package URI::URL (perhaps 
you forgot to load URI::URL?) at ../blib/lib/Apache/test.pm line 
252.
make: *** [run_tests] Error 255

* This is the error log **
[root@lancelot mod_perl-1.26]# cat t/logs/error_log  
[notice] Destruction-DESTROY called for $global_object
[Wed Nov 14 12:41:28 2001] [warn] [notice] child_init for process 
4115, report any problems to [no address given]

Re: What do these messages mean on startup

[Stas Bekman]

John Michael wrote:

 I am getting these error messages when I restart apache on a new mod perl
 install.


http://perl.apache.org/guide/troubleshooting.html#Constant_subroutine_XXX_redefine


Something forces the code reloading since Apache restarts itself on the 
start. make sure to run the latest mod_perl, as PerlModule/Require used 
to call the code twice (fixed now). Also I heartly suggest not to use 
5.6.0 and move onto 5.6.1.

Whenever you report a problem, make sure to check the SUPPORT file and 
give us all the details about your system.


 Starting httpd: Subroutine export redefined at
 /usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Constants.pm line 35.


[snip]


 Subroutine DESTROY redefined at
 /usr/lib/perl5/site_perl/5.6.0/i386-linux/Apache/Registry.pm line 214.
 [  OK  ]
 
 Here is my perl conf file.
 Alias /perl/ /home/www/perl/
 PerlModule Apache::Registry
 Location /perl
  SetHandler perl-script
  PerlHandler Apache::Registry
  Options ExecCGI
  allow from all
  PerlSendHeader On
 /Location
 
 #This bit of code, causes apache to exit gracefully on any request for
 Microshit files: nimbda fighter
 PerlModule Apache::Constants
 LocationMatch \.(ida|exe|dll|asp)$
 SetHandler perl-script
 PerlInitHandler Apache::Constants::DONE
 /LocationMatch
 
 PerlRequire  /etc/httpd/conf/perl_conf/startup.pl
 PerlFreshRestart On
 PerlWarn On
 
 
 The server appears to have started.
 Should or can I just disreguard these messages.

this is not a problem, but by upgrading you can get rid of these.

_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Apache::DBI usage

[Andrei A. Voropaev]

Hi!

Apache::DBI is great module of course because it makes things transparent. But
it also makes things confusing. In few cases we have to open and close
connection to database on each request (in particular Oracle on NT gives a lot
of trouble with cached connections). 

Currently in such cases I'm using 

my $dbh = DBI-connect($dbs, $user, $pass, {AutoCommit = 0}, undef, 'connect') 

but this is naturally not documented anywhere.  Any chance that this is added
to documentation or some cleaner way of doing this is added to Apache::DBI?

Andrei

clear-1zlib-1sh-utils-2textutils-2crypt-1setuptermcap-20010825-1distributedxp_kircherlambda_calculusgroff-1textutils-2jbigkit-1byacc

[ken.coar]

Ken Coar, virus

[Matt Sergeant]

Please do not open the last email sent by Ken Coar. It contains the Nimda
virus. He has been notified.

Matt.
-- 
:-Get a smart net/:-

_
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.

RE: Apache::DBI usage

[Geoffrey Young]

 -Original Message-
 From: Andrei A. Voropaev [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 15, 2001 6:44 AM
 To: [EMAIL PROTECTED]
 Subject: Apache::DBI usage
 
 
 Hi!
 
 Apache::DBI is great module of course because it makes things 
 transparent. But
 it also makes things confusing. In few cases we have to open and close
 connection to database on each request (in particular Oracle 
 on NT gives a lot
 of trouble with cached connections). 
 
 Currently in such cases I'm using 
 
 my $dbh = DBI-connect($dbs, $user, $pass, {AutoCommit = 0}, 
 undef, 'connect') 
 
 but this is naturally not documented anywhere.  

well, it is in the archives ;)

 Any chance 
 that this is added
 to documentation or some cleaner way of doing this is added 
 to Apache::DBI?

recent versions of DBI support the dbi_connect_method attribute, which is
equivalent to what you have here.  see the DBI docs.

--Geoff

 
 Andrei
 

RE: mod_perl.so not built after building mod_perl

[Rafiq Ismail]

On Wed, 14 Nov 2001, Manjrekar Pratiksha wrote:
 [Wed Nov 14 21:14:05 2001] [error] [Wed Nov 14 21:14:05 2001] null: 
 Undefined subroutine Apache::ROOT::vswap1_2e1_2e5::index_2eeml::my_start 
 called at /apps/vswap1.1.5/index.eml line 13.

I'd guess that you may want to load the module which houses the my_start
function in your server conf.  Use PerlModule/ or Perl use lib
whereeverVSwapstufflives; use WhatEverVSwapModule;/Perl type
stuff.  Although, I'd assume
you read your documentation and did this when setting up your server
right?  You did, didn't you? :)  you WML guys. :)  






-- 
Rafiq Ismail

Software Engineer and Systems Administrator
http://www.codix.net


All the best people in life seem to like Linux. - Steve Wozniak

Re: [challenge] new mod_perl site

[Robin Berjon]

Guys,

there have been several prior fits of new website creation threads on this 
list. And it always seems to bring out the worst out of this list (remember 
the first time, when someone said Stas was a nazi for trying to make the site 
better ?).

This thread hasn't gotten into the worst bits yet. Please, lets try to keep 
it as polite as possible, even when there's disagreement.

-- 
___
Robin Berjon [EMAIL PROTECTED] -- CTO
k n o w s c a p e : // venture knowledge agency www.knowscape.com
---
Windows may be pretty. And easy. But it has no depth or soul. It's 
like the one-night stand of operating systems. You feel cheap after
using it. 
-- Steph, in User Friendly

RE: [challenge] new mod_perl site

[Matt Sergeant]

 -Original Message-
 From: Robin Berjon [mailto:[EMAIL PROTECTED]]
 
 there have been several prior fits of new website creation 
 threads on this 
 list. And it always seems to bring out the worst out of this 
 list (remember 
 the first time, when someone said Stas was a nazi for trying 
 to make the site 
 better ?).
 
 This thread hasn't gotten into the worst bits yet. Please, 
 lets try to keep 
 it as polite as possible, even when there's disagreement.

I disagree.

:-P

_
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.

Re: mod_perl make test fails

[Ged Haywood]

Hi there,

On Wed, 14 Nov 2001 [EMAIL PROTECTED] wrote:

 I'm trying to compile apache_1.3.22+mod_perl-1.26 on a redhat 7.1 
 linux box. I replace the original gcc  2.xx with gcc version 3.0.2 
 and perl 5.6.0 with perl 5.6.1 both compiled in the same box.

Get rid of 5.6.0.  It's probably not the problem, but you don't want it.

 These are the last lines of the output of 'make test'
 [snip]
 Can't locate object method new via package URI::URL (perhaps 
 you forgot to load URI::URL?) at ../blib/lib/Apache/test.pm line 252.
 make: *** [run_tests] Error 255

Can we take it that you have URL.pm somewhere?  What happens if you type

perldoc URI::URL

?

Could be that you just have the wrong paths set up (but you don't seem
to have read mod_perl/SUPPORT so nobody knows... :)

Anyway, it probably doesn't matter unless you're going to go live with a
commercial site on your installation.  I'd guess your server works OK.
Have you done make install?  Can you load the Apache test page from a
browser?

73,
Ged.

RE: [challenge] new mod_perl site

[Joe Breeden]

I disagree with you both. 


--Joe Breeden
---
If it compiles - Ship It!

 -Original Message-
 From: Matt Sergeant [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 15, 2001 7:56 AM
 To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
 Subject: RE: [challenge] new mod_perl site
 
 
  -Original Message-
  From: Robin Berjon [mailto:[EMAIL PROTECTED]]
  
  there have been several prior fits of new website creation 
  threads on this 
  list. And it always seems to bring out the worst out of this 
  list (remember 
  the first time, when someone said Stas was a nazi for trying 
  to make the site 
  better ?).
  
  This thread hasn't gotten into the worst bits yet. Please, 
  lets try to keep 
  it as polite as possible, even when there's disagreement.
 
 I disagree.
 
 :-P
 
 _
 This message has been checked for all known viruses by Star Internet
 delivered through the MessageLabs Virus Scanning Service. For further
 information visit http://www.star.net.uk/stats.asp or 
 alternatively call
 Star Internet for details on the Virus Scanning Service.
 

CVS

[Jonathan M. Hollin]

Hi people,

I am currently developing a content management system under mod_perl, with
data stored in an RDBMS (MySQL at present, but Oracle on the production
server).

I would like to add version control to published documents (read pages) and
wondered if anyone has any experience of this who would be willing to offer
me some advice.  I have a CVS server and am curious as to whether there is
some way this can used (bearing in mind that I want to manage DB data, not
files).  I would like to be able to rollback to any previous version (if
possible), and would also like to document the different versions
themselves.

I'm thinking that I could maybe commit the database files to CVS and then
use a module to communicate with the CVS server (Apache-CVS, VCP, VCS-CVS,
etc).  Is this possible?  Has anyone ever tried anything like this?

I have searched CPAN and used Google to search the web and Usenet but have
so far drawn a blank.

I suspect that I will not be able to use CVS in this manner and that
therefore I am going to have to roll my own.  If this does turn out to be
case - can anyone lend me any guidance as to how I work out what's changed
in a record (between versions)?  Then I can just store the changes in a DB
as required.

Jonathan M. Hollin - WYPUG Co-ordinator
West Yorkshire Perl User Group
http://wypug.pm.org/

Re: CVS

[Ken Y. Clark]

On Thu, 15 Nov 2001, Jonathan M. Hollin wrote:

 Date: Thu, 15 Nov 2001 14:31:57 -
 From: Jonathan M. Hollin [EMAIL PROTECTED]
 To: mod_perl Mailing List [EMAIL PROTECTED]
 Subject: CVS

 Hi people,

 I am currently developing a content management system under mod_perl, with
 data stored in an RDBMS (MySQL at present, but Oracle on the production
 server).

 I would like to add version control to published documents (read pages) and
 wondered if anyone has any experience of this who would be willing to offer
 me some advice.  I have a CVS server and am curious as to whether there is
 some way this can used (bearing in mind that I want to manage DB data, not
 files).  I would like to be able to rollback to any previous version (if
 possible), and would also like to document the different versions
 themselves.

 I'm thinking that I could maybe commit the database files to CVS and then
 use a module to communicate with the CVS server (Apache-CVS, VCP, VCS-CVS,
 etc).  Is this possible?  Has anyone ever tried anything like this?

 I have searched CPAN and used Google to search the web and Usenet but have
 so far drawn a blank.

 I suspect that I will not be able to use CVS in this manner and that
 therefore I am going to have to roll my own.  If this does turn out to be
 case - can anyone lend me any guidance as to how I work out what's changed
 in a record (between versions)?  Then I can just store the changes in a DB
 as required.

 Jonathan M. Hollin - WYPUG Co-ordinator
 West Yorkshire Perl User Group
 http://wypug.pm.org/


Jonathan,

I worked on a system earlier this year that had a need for revision
control of files.  I decided to use RCS and the Rcs.pm Perl module.
The Rcs.pm module actually had several flaws which I tried to
communicate to the author, but I never heard from him.  However, with
my fixes, I found using RCS to be perfectly adequate for my needs.  I
interacted with a database, as well (MySQL), but only to store the
file's location and some meta-data on the file.  I really enjoyed
using RCS, allowing it to handle the manipulation of the files.
Personally, I didn't feel I could roll anything better than RCS,
though you may feel different about replicating CVS's functionality.

ky

Re: CVS

[Francesco Pasqualini]

it seems that also webdav will have versioning features

www.webdav.org

Francesco

- Original Message -
From: Jonathan M. Hollin [EMAIL PROTECTED]
To: mod_perl Mailing List [EMAIL PROTECTED]
Sent: Thursday, November 15, 2001 3:31 PM
Subject: CVS


 Hi people,

 I am currently developing a content management system under mod_perl, with
 data stored in an RDBMS (MySQL at present, but Oracle on the production
 server).

 I would like to add version control to published documents (read pages)
and
 wondered if anyone has any experience of this who would be willing to
offer
 me some advice.  I have a CVS server and am curious as to whether there is
 some way this can used (bearing in mind that I want to manage DB data, not
 files).  I would like to be able to rollback to any previous version (if
 possible), and would also like to document the different versions
 themselves.

 I'm thinking that I could maybe commit the database files to CVS and then
 use a module to communicate with the CVS server (Apache-CVS, VCP, VCS-CVS,
 etc).  Is this possible?  Has anyone ever tried anything like this?

 I have searched CPAN and used Google to search the web and Usenet but have
 so far drawn a blank.

 I suspect that I will not be able to use CVS in this manner and that
 therefore I am going to have to roll my own.  If this does turn out to
be
 case - can anyone lend me any guidance as to how I work out what's changed
 in a record (between versions)?  Then I can just store the changes in a DB
 as required.

 Jonathan M. Hollin - WYPUG Co-ordinator
 West Yorkshire Perl User Group
 http://wypug.pm.org/

RE: CVS

[Sheth, Niraj]

Ken,

I am using Rcs.pm in production.
Could you give me more details about the flaws you have found and if
possible could you post the patch(or code change)?

Thanks,
-Niraj

-Original Message-
From: Ken Y. Clark [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 9:43 AM
To: Jonathan M. Hollin
Cc: mod_perl Mailing List
Subject: Re: CVS


On Thu, 15 Nov 2001, Jonathan M. Hollin wrote:

 Date: Thu, 15 Nov 2001 14:31:57 -
 From: Jonathan M. Hollin [EMAIL PROTECTED]
 To: mod_perl Mailing List [EMAIL PROTECTED]
 Subject: CVS

 Hi people,

 I am currently developing a content management system under mod_perl, with
 data stored in an RDBMS (MySQL at present, but Oracle on the production
 server).

 I would like to add version control to published documents (read pages)
and
 wondered if anyone has any experience of this who would be willing to
offer
 me some advice.  I have a CVS server and am curious as to whether there is
 some way this can used (bearing in mind that I want to manage DB data, not
 files).  I would like to be able to rollback to any previous version (if
 possible), and would also like to document the different versions
 themselves.

 I'm thinking that I could maybe commit the database files to CVS and then
 use a module to communicate with the CVS server (Apache-CVS, VCP, VCS-CVS,
 etc).  Is this possible?  Has anyone ever tried anything like this?

 I have searched CPAN and used Google to search the web and Usenet but have
 so far drawn a blank.

 I suspect that I will not be able to use CVS in this manner and that
 therefore I am going to have to roll my own.  If this does turn out to
be
 case - can anyone lend me any guidance as to how I work out what's changed
 in a record (between versions)?  Then I can just store the changes in a DB
 as required.

 Jonathan M. Hollin - WYPUG Co-ordinator
 West Yorkshire Perl User Group
 http://wypug.pm.org/


Jonathan,

I worked on a system earlier this year that had a need for revision
control of files.  I decided to use RCS and the Rcs.pm Perl module.
The Rcs.pm module actually had several flaws which I tried to
communicate to the author, but I never heard from him.  However, with
my fixes, I found using RCS to be perfectly adequate for my needs.  I
interacted with a database, as well (MySQL), but only to store the
file's location and some meta-data on the file.  I really enjoyed
using RCS, allowing it to handle the manipulation of the files.
Personally, I didn't feel I could roll anything better than RCS,
though you may feel different about replicating CVS's functionality.

ky


LEGAL NOTICE
Unless expressly stated otherwise, this message is confidential and may be privileged. 
It is intended for the addressee(s) only. Access to this E-mail by anyone else is 
unauthorized. If you are not an addressee, any disclosure or copying of the contents 
of this E-mail or any action taken (or not taken) in reliance on it is unauthorized 
and may be unlawful. If you are not an addressee, please inform the sender immediately.

Re: Ken Coar, virus

[The Doctor]

On Thu, Nov 15, 2001 at 12:04:18PM -, Matt Sergeant wrote:
 Please do not open the last email sent by Ken Coar. It contains the Nimda
 virus. He has been notified.


Thnkfull it only affects Windows and not Unix.
 
 Matt.
 -- 
 :-Get a smart net/:-
 
 _
 This message has been checked for all known viruses by Star Internet
 delivered through the MessageLabs Virus Scanning Service. For further
 information visit http://www.star.net.uk/stats.asp or alternatively call
 Star Internet for details on the Virus Scanning Service.

-- 
Member - Liberal International  On 11 Sept 2001 the WORLD was violated.
This is [EMAIL PROTECTED]   Ici [EMAIL PROTECTED]
Society MUST be saved! Extremists must dissolve.  
Merry Christmas 2001 and Happy New Year 2002.

RE: CVS

[Ken Y. Clark]

On Thu, 15 Nov 2001, Sheth, Niraj  wrote:

 Date: Thu, 15 Nov 2001 10:05:29 -0500
 From: Sheth, Niraj  [EMAIL PROTECTED]
 To: 'Ken Y. Clark' [EMAIL PROTECTED]
 Cc: mod_perl Mailing List [EMAIL PROTECTED]
 Subject: RE: CVS

 Ken,

 I am using Rcs.pm in production.
 Could you give me more details about the flaws you have found and if
 possible could you post the patch(or code change)?

 Thanks,
 -Niraj

Niraj,

Well, I seem to have misplaced my version of the module.  I found
something old, but it doesn't look quite right.  The biggest thing I
can remember is that I couldn't get the original to work well under
mod_perl because errors were reported via Carp::croak.  I changed all
those to die statements which I then caught with my calling module.
I'm continuing to search for what I believe is a more reliable copy of
what I used.  If I find anything, I'll try writing Craig Freter again.
I believe previous e-mails to him bounced or went unanswered, but that
was several months and a couple projects ago, so I don't quite
remember everything too clearly.

ky

[OT] Re: CVS

[Nick Tonkin]

I assume you are not expecting much to change in the database, and that
you are therefore mostly doing selects, so why not continue to use
MySQL? If you do, you can use MySQL's Update Log to take snapshots of the
database whenever you want (and store them somewhere with date-appropriate
names) and use them for versioning.

Rolling back to an earlier version of your data is as simple as creating
a new DB from your table defs, then mysqlbinlog log-file | mysql new-db

See http://www.mysql.com/doc/B/i/Binary_log.html for more info.

~~~
Nick Tonkin

On Thu, 15 Nov 2001, Jonathan M. Hollin wrote:

 Hi people,
 
 I am currently developing a content management system under mod_perl, with
 data stored in an RDBMS (MySQL at present, but Oracle on the production
 server).
 
 I would like to add version control to published documents (read pages) and
 wondered if anyone has any experience of this who would be willing to offer
 me some advice.  I have a CVS server and am curious as to whether there is
 some way this can used (bearing in mind that I want to manage DB data, not
 files).  I would like to be able to rollback to any previous version (if
 possible), and would also like to document the different versions
 themselves.
 
 I'm thinking that I could maybe commit the database files to CVS and then
 use a module to communicate with the CVS server (Apache-CVS, VCP, VCS-CVS,
 etc).  Is this possible?  Has anyone ever tried anything like this?
 
 I have searched CPAN and used Google to search the web and Usenet but have
 so far drawn a blank.
 
 I suspect that I will not be able to use CVS in this manner and that
 therefore I am going to have to roll my own.  If this does turn out to be
 case - can anyone lend me any guidance as to how I work out what's changed
 in a record (between versions)?  Then I can just store the changes in a DB
 as required.
 
 Jonathan M. Hollin - WYPUG Co-ordinator
 West Yorkshire Perl User Group
 http://wypug.pm.org/
 
 

[Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Scott Chapman]

I'm very interested in making a modular site design but haven't 
found the tools yet to allow this with the twist I'm looking for.

Say I have a page that encapsulates some functionality, such as 
sending a form then validating the contents that are returned. I'd 
call that PageB.

PageB could be more than one page or a page calling itself, etc.

When PageA calls PageB, as soon as PageB finishes presenting 
the form it doesn't stop but drops out the bottom and returns 
immediately to PageA.  There are commands in some of the tools 
(Mason and soon Embperl - maybe others) to force it to stop there 
but this doesn't make for the modularity I have in mind.

PageB then gets submitted by the user and it either calls itself 
(using conditionals to then do the data validation) or another page.  
After things are validated Ok, I'd like to have it return right back to 
PageA, just where it left off using a Return statement. Thus, 
PageA could call a PageB and have it do all it's processing then 
return, just like calling a regular subroutine.

This would allow for much more modular/object oriented web site 
design. The stateless nature of this beast may preclude this type 
of functionality.  My perl skills are medium at best and C is not in 
my scope.  I'm wondering:

1) is this possible?  I expect that someone would have already 
implemented this if it were possible because it is so much like 
regular modular programming with abstraction layers.

2) are there any tools (preferrably perl) out there that support this 
cleanly.  I've worked with Embperl and glanced through the docs of 
Mason, AxKit and TT and didn't see anything looking like this.

Cordially,
Scott

Re: [Maybe OT] Modular design - calling pages like a subroutine witha twist.

[Matt Sergeant]

On Thu, 15 Nov 2001, Scott Chapman wrote:

 1) is this possible?  I expect that someone would have already
 implemented this if it were possible because it is so much like
 regular modular programming with abstraction layers.

Sure it's possible. Have a look at SmartWorker, it may be close to what
you're after. Or...

 2) are there any tools (preferrably perl) out there that support this
 cleanly.  I've worked with Embperl and glanced through the docs of
 Mason, AxKit and TT and didn't see anything looking like this.

As far as AxKit goes, look at the CPAN docs for AxKit::XSP::PerForm, which
is how we do this kind of thing.

-- 
Matt/

/||** Founder and CTO  **  **   http://axkit.com/ **
   //||**  AxKit.com Ltd   **  ** XML Application Serving **
  // ||** http://axkit.org **  ** XSLT, XPathScript, XSP  **
 // \\| // ** mod_perl news and resources: http://take23.org  **
 \\//
 //\\
//  \\

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Kyle Dawkins]

Scott

There is a system that exists that is very similar to what you describe.
It's called WebObjects and was developed by NeXT... it's now offered by
Apple.  The latest release is (unfortunately) Java only but previous
releases (still available) were (Objective) C.  Once you scratch the surface
of WO, your head almost explodes because it's so astonishingly brilliant and
far better than anything else available for rapid (web-based) application
development.  It is also very very firmly built on real OO theory, which
cannot be said for most other web app environments.  You build entirely
self-contained web components that have no dependency on anything and can be
reused in any app anywhere.  Components are (well, by default) stateful.  In
other words, any objects and variables in your component are still there,
living and breathing, when a form is submitted or a link is clicked on.

Unfortunately it's not free. $699.  And deploying it is quite complex...

You could check out smartworker (if you can find it these days...), which
has a vaguely similar philosophy.  It's mod_perl and free. It was originally
developed by me and two others... we got it into a rough shape and then it
was taken over by a team of very talented developers who have managed to do
some great things with it.  Try http://www.smartworker.org to see if there's
anything going on.

Kyle
Systems Engineer
Central Park Software
http://www.centralparksoftware.com

- Original Message -
From: Scott Chapman [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 15, 2001 11:42
Subject: [Maybe OT] Modular design - calling pages like a subroutine with a
twist.


 I'm very interested in making a modular site design but haven't
 found the tools yet to allow this with the twist I'm looking for.

 Say I have a page that encapsulates some functionality, such as
 sending a form then validating the contents that are returned. I'd
 call that PageB.

 PageB could be more than one page or a page calling itself, etc.

 When PageA calls PageB, as soon as PageB finishes presenting
 the form it doesn't stop but drops out the bottom and returns
 immediately to PageA.  There are commands in some of the tools
 (Mason and soon Embperl - maybe others) to force it to stop there
 but this doesn't make for the modularity I have in mind.

 PageB then gets submitted by the user and it either calls itself
 (using conditionals to then do the data validation) or another page.
 After things are validated Ok, I'd like to have it return right back to
 PageA, just where it left off using a Return statement. Thus,
 PageA could call a PageB and have it do all it's processing then
 return, just like calling a regular subroutine.

 This would allow for much more modular/object oriented web site
 design. The stateless nature of this beast may preclude this type
 of functionality.  My perl skills are medium at best and C is not in
 my scope.  I'm wondering:

 1) is this possible?  I expect that someone would have already
 implemented this if it were possible because it is so much like
 regular modular programming with abstraction layers.

 2) are there any tools (preferrably perl) out there that support this
 cleanly.  I've worked with Embperl and glanced through the docs of
 Mason, AxKit and TT and didn't see anything looking like this.

 Cordially,
 Scott

RE: Re: mod_perl make test fails

[mod]

Thanks Very Much!

That works

Jose Albert


we had this same problem.

make test expects 3 pre-loaded perl modules to be present
in order to execute.  One of them is LWP::UserAgent (part of 
libwww-perl)

The problem you specify only occurs if you have installed a 
version of
libwww-perl that is  5.53 (probably v. 5.6)

If you don't want to downgrade, you can install 5.53 to a local 
directory,
set $PERL5LIB to include it, then rerun make test.

Marcus Taylor
Semantico
http://www.semantico.com/

[EMAIL PROTECTED] wrote:

Hi there!

I'm trying to compile apache_1.3.22+mod_perl-1.26 on a redhat 7.1 
linux box. I replace the original gcc  2.xx with gcc version 
3.0.2 
and perl 5.6.0 with perl 5.6.1 both compiled in the same box.

Any help will be highly appreciated

_ Jose Albert

These are the last lines of the output of 'make test'

../apache_1.3.22/src/httpd -f `pwd`/t/conf/httpd.conf -X -d 
`pwd`/t 

httpd listening on port 8529
will write error_log to: t/logs/error_log
letting apache warm up...\c
done
/usr/bin/perl t/TEST 0
Can't locate object method new via package URI::URL (perhaps 
you forgot to load URI::URL?) at ../blib/lib/Apache/test.pm 
line 
252.
make: *** [run_tests] Error 255

* This is the error log **
[root@lancelot mod_perl-1.26]# cat t/logs/error_log  
[notice] Destruction-DESTROY called for $global_object
[Wed Nov 14 12:41:28 2001] [warn] [notice] child_init for process 
4115, report any problems to [no address given]

Re: Doing Authorization using mod_perl from a programmers perspective

[Jon Robison]

Jonathon,

I am doing exactly this also.  What works is this:

Get a copy of Writing Apache modules with perl and C and read it.

The most relevant section for you is the Ticket system he describes. (I
believe the section header says something about Cookies, but you'll know
you have the right one when you see TicketAccess.pm, TicketTools.pm, and
TicketMaster.pm. One nice addition is the ability to add encryption to
the Ticket, and the fact that the author used an MD5 hash (of an MD5
hash!) in the cookie, so verification of the authenticity of the user is
pretty solid so long as you leave in things like ip address, etc. which
he uses in the cookie by default. (Although AOL and some proxy systems
might cause this to be trouble).  AND, he also uses a mysql db for the
passwords, etc.  All in all, a VERY usefull section of the book.

As for pushing content after authorization, take a very close look at
the $r-push_handler() function.  I use it like this:

my $input = $r-args (or however you want to get input - Apache::Request
is a good way)
if (defined $input-{some_param}) {
  $r-push_handler( PerlHandler = MyActionModule );
} else {
  $r-push_handler(PerlHandler = MyErrorModule );
}

Because the request object (usually $r) exists in it's same state when
the new PerlHandler is called, grabbing $input again (via whatever
method) can be used to determine what action the module takes.

This isn't precise, so please read the manual before using this, but you
get the idea.  One thing to keep in mind is that perl_handlers
(PerlHandler) is a stack that will draw from the top, so it is FILO, not
FIFO.

Hope this helps.

Jonathon Robison
Uniphied Thought, LLC.


Jonathan E. Paton wrote:
 
 I am trying to create a website with predominantly dynamic
 content (mod_perl + DBI + mySQL) for an online community.
 I can manage Perl and mySQL fairly proficently, however
 I've no idea how to successfully create what I want using
 mod_perl and Apache (actually, I know next to nothing about
 them).
 
 --- Background information ---
 
 The website shall be split into a public and private
 section, and will share a common layout and appearance
 (although I might add little visual clues to indicate which
 section they are in).  When members wish to login I want
 them to do so via the public section (from that page), and
 then be able to access the additional links/features of the
 private section.
 
 I wish to handle all the database actions in my own code,
 unless something fits perfectly.  When members try to
 login, my aims are:
 
 1. Check login name, and password.
 2. Check member hasn't been suspended.
 3. Return the membership ID number for the next stage.
 
 The membership ID number will be used to decide what access
 level the members have (what forums, tools etc they can see
 and use).  The SQL table is specified as:
 
 CREATE TABLE access (
   member_id int(10) unsigned NOT NULL,
   account_name varchar(16) NOT NULL,
   account_password varchar(16) NOT NULL,
   state enum('A', 'S') DEFAULT 'A' NOT NULL,
 
 PRIMARY KEY (account_name)
 );
 
 Imagine I now create an object to wrap around this, with
 the following method:
 
 my $permission =  $access-check($account_name,
 $account_password);
 
 which returns the membership number if valid,
 or the value -1 for a suspended account,
 or undef for no account.
 
 --- Questions ---
 
 1. Can this be done (nicely) as a
 authentication/authorization handlier?
 
 2. Do most hosting companies allow
 authentication/authorization handlers?  (Using HostRocket
 at the moment).
 
 3. What is the most appropriate session management system?
 I'm thinking of using cookies (client side) to store a
 session key, rather than resubmitting the password data.
 The server side stores this session key in the database.
 
 4. How does the membership ID get passed to the next stage?
 
 5. What is the time to do additional access checking (for
 senior/admin users)?  I was planning to do it a little
 later on, but it is probably better to do it once (i.e.
 with this).
 
 6. What is a realistic time to expect all this to happen
 in?
 
 I'm sure I've missed a few questions...
 
 Any help appriecated, especially links to relevent
 documentation.
 
 Jonathan Paton
 
 NB - Whilst my preferred answer to these questions is a
 coded solution, I have a restriction (self imposed) - I'd
 prefer to have full copyright on the final code, thus I ask
 any major ideas/code includes permission to use it freely -
 or else be good enough to be worth adding your name provide
 I use it :)
 
 __
 Do You Yahoo!?
 Everything you'll ever need on one web page from News and Sport to Email and Music 
Charts
 http://uk.my.yahoo.com

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Rob Nagler]

 When PageA calls PageB, as soon as PageB finishes presenting 
 the form it doesn't stop but drops out the bottom and returns 
 immediately to PageA.

In bOP http://www.bivio.net/hm/download-bOP we use FormContext to
solve this problem.  PageB requires context and bOP knows how to
return to PageA through the saved context.  We call this unwinding.
You can nest the stack as deep as you like.  The context is saved in
the URL if PageA isn't a form, or in the called form's hidden fields,
if it is.  The entire form state is saved in the latter case.

PageB and PageA are FormModels in bOP.  If you visit our Pet Shop demo
http://petshop.bivio.net, you'll form context this used in the
LoginForm, OrderConfirmationForm, and ShippingAddressForm.  Here's all
the business logic in our ShippingAddressForm:

sub execute_ok {
my($self) = @_;
# copy the current values into the OrderForm context
$self-put_context_fields(%{$self-internal_get});
return;
}

sub internal_initialize {
my($self) = @_;
my($info) = {
require_context = 1,
version = 1,
visible = [
'Order.ship_to_first_name',
'Order.ship_to_last_name',
'EntityAddress_2.addr1',
'EntityAddress_2.addr2',
'EntityAddress_2.city',
'EntityAddress_2.state',
'EntityAddress_2.zip',
'EntityAddress_2.country',
'EntityPhone_2.phone',
],
};
return $self-merge_initialize_info(
$self-SUPER::internal_initialize, $info);
}

In this case, we get the shipping address from the user, execute_ok is
called which stuffs the forms values into the calling form's context.
The infrastructure automatically unwinds to the OrderForm with the
newly filled in values.

The OrderForm doesn't know about the ShippingAddressForm.
Technically, the ShippingAddressForm doesn't know about the OrderForm.
It only requires the calling form to have fields with the same name.

The relationship between the pages (tasks in bOP) is not specified
by the forms.  That's handled by the control logic.  If a task has a
form, it can specify the next and cancel tasks.  This way you can
reuse the business logic quite easily.  Tasks can control the use of
context.  FormModels specify whether they can accept it or not.

Hope this helps.

Rob

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Joachim Zobel]

At 08:42 15.11.01 -0800, you wrote:
Say I have a page that encapsulates some functionality, such as
sending a form then validating the contents that are returned. I'd
call that PageB.

PageB could be more than one page or a page calling itself, etc.

When PageA calls PageB, as soon as PageB finishes presenting
the form it doesn't stop but drops out the bottom and returns
immediately to PageA.  There are commands in some of the tools
(Mason and soon Embperl - maybe others) to force it to stop there
but this doesn't make for the modularity I have in mind.

PageB then gets submitted by the user and it either calls itself
(using conditionals to then do the data validation) or another page.
After things are validated Ok, I'd like to have it return right back to
PageA, just where it left off using a Return statement. Thus,
PageA could call a PageB and have it do all it's processing then
return, just like calling a regular subroutine.

I'm using what I call the post2redirect pattern 
(http://www.catstep.de/zobel/post2redirect.html): Every POST request 
(normally a request that changes server state) must end up doing a 
redirect. This way I get two kinds of scripts: pages (GETs) and actions 
(POST).

The point is that the action scripts decide which page is to be displayed 
next (eg. same form with error messages or data written page)

Well, the aproach has some problems (302 is not allowed by RFC 2616 to 
change from POST to GET but works, 303 is not implemented by browsers yet) 
but it gives a good design with a very simple principle.

Hth,
Joachim

--
... ein Geschlecht erfinderischer Zwerge, die fuer alles gemietet werden
koennen.- Bertolt Brecht - Leben des Galilei

Cookie authentication

[John Michael]

This may seem off subject but, If you bare with me, 
I don't think it is. I am interested in using the cookie based system 
referred to in the programming the apache api book but oftend wonder 
this.
Can you count on everyone to use cookies. It 
seems that some surfers are afraid of cookes are that maybe some browsers don't 
even handle them. I wrote a mod perl script to do member traking in my 
members site to see what pages were being viewed the most and used cookies also 
to make sure that more than one person was not using a particular username and 
find that some people either arn't using a browser that uses cookies or do not 
have them turned on.
What are your thoughts on this because I thought of 
implementing the token cookie system but did not because I was afraid I would 
loose members that did not have or use this feature.
Can you legimately require surfers to have cookies 
turned on and do you know of many sites that do this successfully without 
loosing members.
Thanks

John Michael

RE: Cookie authentication

[Charles Day]

John,

We 
rolled out cookie authentication (Auth::Cookie)for our secured support 
website around Jan 2001and we never received one complaint (and our people 
complain about everything:)

It 
seems you can't do anything online without having cookies turned on ( yahoo, 
bankone, huntington, ebay, etrade ) and I think internet users have accepted 
this.

AlthoughMicrosoft is doing it's best to screw this 
up:

http://abcnews.go.com/sections/scitech/TechTV/TechTV_IEflaw011109.html

fix:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-055.asp

Charles





  -Original Message-From: John Michael 
  [mailto:[EMAIL PROTECTED]]Sent: Thursday, November 15, 2001 3:02 
  PMTo: [EMAIL PROTECTED]Subject: Cookie 
  authentication
  This may seem off subject but, If you bare with 
  me, I don't think it is. I am interested in using the cookie based 
  system referred to in the programming the apache api book but oftend wonder 
  this.
  Can you count on everyone to use cookies. 
  It seems that some surfers are afraid of cookes are that maybe some browsers 
  don't even handle them. I wrote a mod perl script to do member traking 
  in my members site to see what pages were being viewed the most and used 
  cookies also to make sure that more than one person was not using a particular 
  username and find that some people either arn't using a browser that uses 
  cookies or do not have them turned on.
  What are your thoughts on this because I thought 
  of implementing the token cookie system but did not because I was afraid I 
  would loose members that did not have or use this feature.
  Can you legimately require surfers to have 
  cookies turned on and do you know of many sites that do this successfully 
  without loosing members.
  Thanks
  
  John Michael
  

Re: Cookie authentication

[Ken Y. Clark]

On Thu, 15 Nov 2001, John Michael wrote:

 Date: Thu, 15 Nov 2001 14:02:04 -0600
 From: John Michael [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Cookie authentication

 This may seem off subject but, If you bare with me, I don't think it
 is. I am interested in using the cookie based system referred to in
 the programming the apache api book but oftend wonder this. Can you
 count on everyone to use cookies. It seems that some surfers are
 afraid of cookes are that maybe some browsers don't even handle them.
 I wrote a mod perl script to do member traking in my members site to
 see what pages were being viewed the most and used cookies also to
 make sure that more than one person was not using a particular
 username and find that some people either arn't using a browser that
 uses cookies or do not have them turned on. What are your thoughts on
 this because I thought of implementing the token cookie system but did
 not because I was afraid I would loose members that did not have or
 use this feature. Can you legimately require surfers to have cookies
 turned on and do you know of many sites that do this successfully
 without loosing members. Thanks

 John Michael

John,

For what might be called premium services, I believe it is justified
to require user's to accept cookies.  I've used cookie-based
authentication on several sites that offer some special to the user,
like a private view of data or something else that requires they
identify themselves.  That being the *only* thing I've ever required
of users (e.g, I *never* require something like JavaScript, only using
it to enhance the UI but always with alternatives), I think it's OK.
If they don't want to use cookies, they don't have to use the service
I'm providing.

That being said, some people might not accept frivolous cookies myself
just for reading a web page, but I'd imagine most don't even monitor
such things.

ky

Re: Cookie authentication

[Andrew Ho]

Hello,

CDIt seems you can't do anything online without having cookies turned on
CD(yahoo, bankone, huntington, ebay, etrade ) and I think internet users
CDhave accepted this.

Not those clever European governmental folks, though.

http://www.vnunet.com/News/107416
http://news.zdnet.co.uk/story/0,,t269-s2099128,00.html
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1653000/1653907.stm
http://www.cnn.com/2001/TECH/internet/11/14/eu.spam.cookies.idg/

Methinks there is a need to write a transparent store cookies on URL
module. I seem to recall at least one major Apache module having an option
to use URL-based authentication instead of cookie-based... but I can't
seem to find that from a cursory perusal of CPAN.

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Re: Cookie authentication

[Perrin Harkins]

 I seem to recall at least one major Apache module having an option
 to use URL-based authentication instead of cookie-based... but I can't
 seem to find that from a cursory perusal of CPAN.

Apache::ASP does this.
- Perrin

RE: Cookie authentication

[Joe Breeden]

Before I read an article about the European Union POV of cookies I hadn't
really thought of myself as someone who would violate basic human rights. I
guess this goes to show that one has to be ever vigilant in today's society.
The resolution banning cookies did not pass the EU Parliament, this time. A
ban on unsolicited SMS messages like those sent via a cell phone was
approved
(http://www.cnn.com/2001/TECH/internet/11/14/eu.spam.cookies.idg/index.html)
.

We use cookies to track session state here and have had no complaints. I
don't think it is wrong to require the use of cookies. Of course to make
everyone happy you could backup cookies with some sort of non-cookie based
state management, like a URL encoded sessionid or a hidden form field passed
in every page. Like everything, your mileage will vary with any
implementation you choose to use.


--Joe Breeden
---
If it compiles - Ship It!

 -Original Message-
 From: Andrew Ho [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 15, 2001 2:17 PM
 To: Charles Day
 Cc: John Michael; mod_perl List
 Subject: Re: Cookie authentication
 
 
 Hello,
 
 CDIt seems you can't do anything online without having 
 cookies turned on
 CD(yahoo, bankone, huntington, ebay, etrade ) and I think 
 internet users
 CDhave accepted this.
 
 Not those clever European governmental folks, though.
 
 http://www.vnunet.com/News/107416
 http://news.zdnet.co.uk/story/0,,t269-s2099128,00.html
 
 http://news.bbc.co.uk/hi/english/sci/tech/newsid_1653000/1653907.stm
 http://www.cnn.com/2001/TECH/internet/11/14/eu.spam.cookies.idg/
 
 Methinks there is a need to write a transparent store cookies on URL
 module. I seem to recall at least one major Apache module 
 having an option
 to use URL-based authentication instead of cookie-based... but I can't
 seem to find that from a cursory perusal of CPAN.
 
 Humbly,
 
 Andrew
 
 --
 Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
 Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
 Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
 --
 

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Rob Nagler]

 In my opinion, trying to abstract that stuff away in a web application
 causes to more problems than it solves, especially where back buttons and
 bookmarks are concerned.

We haven't found this to be the case.  Our servers are sessionless,
so bookmarks work fine.   Back buttons aren't any more or less of a
problem.  I actually haven't heard of any problems with our sub-forms
and back buttons.  People do bookmark URLs with form context, but
that's a good thing.  It usually is the login page and they login and
it automatically restores the page which they thought they
bookmarked (which redirected to login in the first place).

 I think it's easier to take a state machine
 approach, the way CGI::MxScreen or Apache::PageKit do.

I don't think this works.  The state machine can manage states going
forward, but not backward.  Consider the problem of a Symbol Lookup on
our site (www.bivio.com).  We come into it from just about any
accounting page having to do with a stock transaction.  It's a single
task, which looks up the ticker and fills it in in the Calling form.
You need to stack the state or you have to introduce N new states
(for entry from forms A, B, C, D, ...).

It did take about two years to come up with a decent implementation of
FormContext.  It's a non-trivial problem, but it can be generalized
and it solves the problem we had.

Rob

Re: Cookie authentication

[peter]

On 15 Nov 2001, at 12:16, Andrew Ho wrote:

 CDIt seems you can't do anything online without having cookies turned on
 CD(yahoo, bankone, huntington, ebay, etrade ) and I think internet users
 CDhave accepted this.

 Methinks there is a need to write a transparent store cookies on URL
 module. I seem to recall at least one major Apache module having an option
 to use URL-based authentication instead of cookie-based... but I can't
 seem to find that from a cursory perusal of CPAN.

http://perl.apache.org/guide/modules.html#Apache_Session_Maintain_sessi

I used Apache::Session and HTML::Template to embed the 
session_id in the url in a recent job site.I planned this before I built 
the site (all templates built according to the plan :). No problems 
there. There were no static pages.

I find cookies are used when one has a site static/dynamic pages.  
How do you keep a user if they click to a static page?  I don't 
know. 

But one should always check if a user has cookies turned on.  I 
recall an internal site I did for FedEx a few years back and I used 
cookies for it as it was before my mod_perl use. Well it turned out 
that the vice-president had cookies turned off. He was not a 
customer we wanted to ignore:)

Peter
A government that robs Peter to pay Paul can always depend upon the
support of Paul. -- George Bernard Shaw

RE: Cookie authentication

[Joe Breeden]

Here we insert a session id on all requests, with Apache::Session whether
the request is for a static or dynamic page and have a TransHandler to strip
the session id and insert it into %ENV which seems to work for us. With this
approach  we don't necessarily need cookies, but verifying if a user is who
the session was originally assigned to without a cookie is really
impossible. At least to me with the limited amount of brain time I have put
into it. Using some algorithm consisting of the end-users IP and some random
number is OK until users behind the same NAT device try to steal each others
session. Using the cookie is a way to verify that a user is the owner of the
session id. 

I hope this doesn't sound like the ramblings of a mad man, but in general I
think SESSION cookies are ok and you should feel ok using them.

I hope this helps a little. 

--Joe Breeden
---
If it compiles - Ship It!
Aranea Texo

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 15, 2001 4:25 PM
 To: mod_perl List
 Subject: Re: Cookie authentication
 
 
 On 15 Nov 2001, at 12:16, Andrew Ho wrote:
 
  CDIt seems you can't do anything online without having 
 cookies turned on
  CD(yahoo, bankone, huntington, ebay, etrade ) and I think 
 internet users
  CDhave accepted this.
 
  Methinks there is a need to write a transparent store 
 cookies on URL
  module. I seem to recall at least one major Apache module 
 having an option
  to use URL-based authentication instead of cookie-based... 
 but I can't
  seem to find that from a cursory perusal of CPAN.
 
 http://perl.apache.org/guide/modules.html#Apache_Session_Maint
 ain_sessi
 
 I used Apache::Session and HTML::Template to embed the 
 session_id in the url in a recent job site.I planned this 
 before I built 
 the site (all templates built according to the plan :). No problems 
 there. There were no static pages.
 
 I find cookies are used when one has a site static/dynamic pages.  
 How do you keep a user if they click to a static page?  I don't 
 know. 
 
 But one should always check if a user has cookies turned on.  I 
 recall an internal site I did for FedEx a few years back and I used 
 cookies for it as it was before my mod_perl use. Well it turned out 
 that the vice-president had cookies turned off. He was not a 
 customer we wanted to ignore:)
 
 Peter
 A government that robs Peter to pay Paul can always depend upon the
 support of Paul. -- George Bernard Shaw
 

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Perrin Harkins]

  In my opinion, trying to abstract that stuff away in a web application
  causes to more problems than it solves, especially where back buttons
and
  bookmarks are concerned.

 We haven't found this to be the case.  Our servers are sessionless,
 so bookmarks work fine.

These are different (though related) concepts.  The original poster was
looking for a way to structure web programs without thinking about the
breaks caused by the request model of HTTP, and that's what I was commenting
on.  You're talking about a way to preserve data across multiple page
requests.

  I think it's easier to take a state machine
  approach, the way CGI::MxScreen or Apache::PageKit do.

 I don't think this works.  The state machine can manage states going
 forward, but not backward.

You can code a state machine that defines legal transitions from one state
to another, and that could include stepping backward.  There's no real
concept of forward and backward in what I had in mind, just a collection of
states and legal transitions between them.

If you hit the back button, you're still okay as long as the form's data is
stored in the URL or hidden fields rather than in a global session, i.e.
going back will return you to the state you were in correctly.

Most people instinctively code a state machine when they start using CGI,
but they do it in the form of a bunch of statements like if $form_action eq
'save'.  The frameworks I mentioned just pull it out and make it more
explicit.

If I understand your FormContext approach correctly, you are storing the
state of the current application in URLs or hidden fields.  This is what we
used at eToys as well, and I think it's a pretty common solution.  It's the
only way to safely handle possibilities like multiple browser windows using
the same application.  There are some CPAN modules that help with this kind
of thing, like CGI::EncryptForm.

- Perrin

no_cache()

[Rasoul Hajikhani]

Hello folks,
I am using $request_object-no_cache(1) with no success. Isn't it
supported any more? Can some one shed some light on this for me...

 #set the content type
$big_r-content_type('text/html');
$big_r-no_cache(1);

# some more code

return OK;

thanks in advance.
-r

Re: Doing Authorization using mod_perl from a programmers perspective

[fliptop]

Jon Robison wrote:
 
 The most relevant section for you is the Ticket system he describes. (I
 believe the section header says something about Cookies, but you'll know
 you have the right one when you see TicketAccess.pm, TicketTools.pm, and
 TicketMaster.pm. One nice addition is the ability to add encryption to
 the Ticket, and the fact that the author used an MD5 hash (of an MD5
 hash!) in the cookie, so verification of the authenticity of the user is
 pretty solid so long as you leave in things like ip address, etc. which
 he uses in the cookie by default. (Although AOL and some proxy systems
 might cause this to be trouble).  AND, he also uses a mysql db for the

i have found that using the HTTP_USER_AGENT environment variable instead
of ip address solves the problem with proxy servers and the md5 hash. 
anyone ever tried this as a simple workaround?

Re: Cookie authentication

[Perrin Harkins]

 Here we insert a session id on all requests, with Apache::Session whether
 the request is for a static or dynamic page and have a TransHandler to
strip
 the session id and insert it into %ENV which seems to work for us. With
this
 approach  we don't necessarily need cookies, but verifying if a user is
who
 the session was originally assigned to without a cookie is really
 impossible. At least to me with the limited amount of brain time I have
put
 into it. Using some algorithm consisting of the end-users IP and some
random
 number is OK until users behind the same NAT device try to steal each
others
 session. Using the cookie is a way to verify that a user is the owner of
the
 session id.

Cookies are very easy to fake and modify on the client side.  If you want to
verify that a user is returning a session ID you sent him without modifying
it you should use a MAC, like the ticket access stuff in the Eagle book.

- Perrin

RE: Doing Authorization using mod_perl from a programmers perspective

[Joe Breeden]

How does this work in an environment with two (or more) computers with the
exact same configuration, and probably the same HTTP_USER_AGENT behind the
same proxy? How do you know that one user isn't using another users session?



--Joe Breeden
---
If it compiles - Ship It!
Aranea Texo

 -Original Message-
 From: fliptop [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 15, 2001 4:50 PM
 To: Jon Robison
 Cc: Jonathan E. Paton; [EMAIL PROTECTED]
 Subject: Re: Doing Authorization using mod_perl from a programmers
 perspective
 
 
 Jon Robison wrote:
  
  The most relevant section for you is the Ticket system he 
 describes. (I
  believe the section header says something about Cookies, 
 but you'll know
  you have the right one when you see TicketAccess.pm, 
 TicketTools.pm, and
  TicketMaster.pm. One nice addition is the ability to add 
 encryption to
  the Ticket, and the fact that the author used an MD5 hash (of an MD5
  hash!) in the cookie, so verification of the authenticity 
 of the user is
  pretty solid so long as you leave in things like ip 
 address, etc. which
  he uses in the cookie by default. (Although AOL and some 
 proxy systems
  might cause this to be trouble).  AND, he also uses a mysql 
 db for the
 
 i have found that using the HTTP_USER_AGENT environment 
 variable instead
 of ip address solves the problem with proxy servers and the md5 hash. 
 anyone ever tried this as a simple workaround?
 

Re: Cookie authentication

[Bill Moseley]

At 02:02 PM 11/15/01 -0600, John Michael wrote: 

This may seem off subject but, If you bare with me, I don't think it is.  I am interested in using the cookie based system referred to in the programming the apache api book but oftend wonder this.
Can you count on everyone to use cookies.


Sometime back I wrote a module based on Apache::AuthCookie called Apache::AuthCookieURL that uses cookies, or falls back to munged URLs if cookies were not enabled.  It's on CPAN.

I wrote it for a site where people come in from public libraries.  The requirement was that it had to do sessions even if cookies were disabled (as it was common for the public libraries to have cookies disabled). 

It's been a while since I looked at it.  I had added a way to disable the authen requirement for areas of the site (or everywhere), so it could be used just for dealing with sessions.

Do be careful about session hijacking.





Bill Moseley
mailto:[EMAIL PROTECTED] 

Re: Cookie authentication

[John Michael]

Thanks.
I did not know that you could verify that someone has cookies turned on.
Can you point me to where i can find out how to do this?  Is there a
variable that you can check?


JM

- Original Message -
From: [EMAIL PROTECTED]
To: mod_perl List [EMAIL PROTECTED]
Sent: Thursday, November 15, 2001 4:24 PM
Subject: Re: Cookie authentication


 On 15 Nov 2001, at 12:16, Andrew Ho wrote:

  CDIt seems you can't do anything online without having cookies turned
on
  CD(yahoo, bankone, huntington, ebay, etrade ) and I think internet
users
  CDhave accepted this.

  Methinks there is a need to write a transparent store cookies on URL
  module. I seem to recall at least one major Apache module having an
option
  to use URL-based authentication instead of cookie-based... but I can't
  seem to find that from a cursory perusal of CPAN.

 http://perl.apache.org/guide/modules.html#Apache_Session_Maintain_sessi

 I used Apache::Session and HTML::Template to embed the
 session_id in the url in a recent job site.I planned this before I built
 the site (all templates built according to the plan :). No problems
 there. There were no static pages.

 I find cookies are used when one has a site static/dynamic pages.
 How do you keep a user if they click to a static page?  I don't
 know.

 But one should always check if a user has cookies turned on.  I
 recall an internal site I did for FedEx a few years back and I used
 cookies for it as it was before my mod_perl use. Well it turned out
 that the vice-president had cookies turned off. He was not a
 customer we wanted to ignore:)

 Peter
 A government that robs Peter to pay Paul can always depend upon the
 support of Paul. -- George Bernard Shaw

RE: Cookie authentication

[Joe Breeden]

See it always pays to read the Eagle book several times - in this case pages
213-218.  Excuse my question if it seems dumb I'm not 100% on NAT and
proxies, but the Eagle book says to 1 Choose a secret, 2 Select fields to be
user for the MAC. It also suggests to use the remote IP address as one of
those fields. 3 Compute the MAC via a MD5 hash and store in the clients
browser. 4 On subsequent visits recompute the MAC and verify it matches the
original stored MAC. How is this reliable in a situation where many
similarly configured computers are behind a NAT/Proxy and one of the users
try to steal someone else's session by getting their cookie/session_id info?

Thanks for the help,

--Joe Breeden
---
If it compiles - Ship It!
Aranea Texo

 -Original Message-
 From: Perrin Harkins [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, November 15, 2001 4:52 PM
 To: Joe Breeden; mod_perl List
 Subject: Re: Cookie authentication
 
 
  Here we insert a session id on all requests, with 
 Apache::Session whether
  the request is for a static or dynamic page and have a 
 TransHandler to
 strip
  the session id and insert it into %ENV which seems to work 
 for us. With
 this
  approach  we don't necessarily need cookies, but verifying 
 if a user is
 who
  the session was originally assigned to without a cookie is really
  impossible. At least to me with the limited amount of brain 
 time I have
 put
  into it. Using some algorithm consisting of the end-users 
 IP and some
 random
  number is OK until users behind the same NAT device try to 
 steal each
 others
  session. Using the cookie is a way to verify that a user is 
 the owner of
 the
  session id.
 
 Cookies are very easy to fake and modify on the client side.  
 If you want to
 verify that a user is returning a session ID you sent him 
 without modifying
 it you should use a MAC, like the ticket access stuff in the 
 Eagle book.
 
 - Perrin
 

Re: Cookie authentication

[Bill Moseley]

At 05:20 PM 11/15/01 -0600, John Michael wrote:
Thanks.
I did not know that you could verify that someone has cookies turned on.
Can you point me to where i can find out how to do this?  Is there a
variable that you can check?

You set a cookie and do a redirect (if you need the cookie right away).  If
it comes back with a cookie then they are enabled.



Bill Moseley
mailto:[EMAIL PROTECTED]

Re: Cookie authentication

[Perrin Harkins]

 Excuse my question if it seems dumb I'm not 100% on NAT and
 proxies, but the Eagle book says to 1 Choose a secret, 2 Select fields to
be
 user for the MAC. It also suggests to use the remote IP address as one of
 those fields. 3 Compute the MAC via a MD5 hash and store in the clients
 browser. 4 On subsequent visits recompute the MAC and verify it matches
the
 original stored MAC. How is this reliable in a situation where many
 similarly configured computers are behind a NAT/Proxy and one of the users
 try to steal someone else's session by getting their cookie/session_id
info?

Don't use the IP address in the cookie, just generate a unique ID of your
own.  I suggest using mod_unique_id.
- Perrin

Re: Cookie authentication

[David Young]

I don't think that really solves Joe's proposed problem. Joe wants to ensure
that the cookie is coming back from the client he sent it to. If you
generate a unique ID, someone can sniff the network, grab the cookie, and
send it as their own. The Eagle book does half-heartedly suggest IP address
as being a way to ensure the cookie's source, but that's not reliable in
these days of proxies and NAT.

The only answer, I think, is to only send the cookie over an SSL connection,
so that it can not be sniffed. Remember that there is an attribute you can
set on the cookie that tells the browser to only send the cookie over an SSL
connection.

Spend some time playing with Amazon and see how they handle cookies. They
appear to have cookies that get sent over every connection which they use to
personalize your web pages (not necessarily sensitive info). However, as
soon as you try to purchase something or go to a sensitive area, you are
asked to sign-in and sent a cookie over https.


 From: Perrin Harkins [EMAIL PROTECTED]
 Date: Thu, 15 Nov 2001 18:40:03 -0500
 To: Joe Breeden [EMAIL PROTECTED], mod_perl List [EMAIL PROTECTED]
 Subject: Re: Cookie authentication
 
 Excuse my question if it seems dumb I'm not 100% on NAT and
 proxies, but the Eagle book says to 1 Choose a secret, 2 Select fields to
 be
 user for the MAC. It also suggests to use the remote IP address as one of
 those fields. 3 Compute the MAC via a MD5 hash and store in the clients
 browser. 4 On subsequent visits recompute the MAC and verify it matches
 the
 original stored MAC. How is this reliable in a situation where many
 similarly configured computers are behind a NAT/Proxy and one of the users
 try to steal someone else's session by getting their cookie/session_id
 info?
 
 Don't use the IP address in the cookie, just generate a unique ID of your
 own.  I suggest using mod_unique_id.
 - Perrin
 
 

Re: Cookie authentication

[Tom Bille]

The aim of the cookie example in the eagle book is a bit more than just 
authentication. Most of the answers here to use a 
session ID here are quite right for most purposes, but the code in the eagle book 
offers to store information on the client side 
with the security of a signature. Its NOT just authentication.
This has some advantages for applications which are on more than one server, which 
have to use an expensive central DB 
lookup and/or are not connected at all, since the only thing to share is the secret.

This is quite perfect of a decentral intranet.
In my last project i did a LARGE single sign on implementation over loads of 
applications which used those cookies for 
authentication and for getting the DN and preferred language out of the cookie, all 
w/o any need of further DB lookups or LDAP 
requests. 
Since the logic is quite simple its also possible to parse/check the cookie in tomcat 
or any other web application and leave 
the logon to a central server. The secret is then shared over an https connection.
By rotating the secret one gets a certain level of security (and automated logout).

More or less the eagle book offers the full implementation of a single sign on 
solution with some nice features already 
implemented, missing is the secret rotation with more than one secret and some 
intelligent caching of it (just retrieve anew on 
a failed signature check e.g. which is in some other cookie module on CPAN?). 
What its not in my opinion is a simple authentication, its to complicated for that. A 
simple session ID suffices - and with 
session IDs there are all those nice things to play as putting them into the DNS, 
doing some url rewriting with mod_rewrite or 
just putting them in every URL automagically with some class.

I did not know that you could verify that someone has cookies turned on.
Can you point me to where i can find out how to do this?  Is there a
variable that you can check?

The ticketlogin example in the eagle book does this by setting a redirect_url cookie 
before redirecting you to the login page, if 
this cookie is missing there the - sorry youve no cookies please enable them - page is 
shown.

[EMAIL PROTECTED]

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Rob Nagler]

Perrin Harkins writes:
 breaks caused by the request model of HTTP, and that's what I was commenting
 on.  You're talking about a way to preserve data across multiple page
 requests.

FormContext maintains an HTTP call stack, which holds the parameters
(form, query, path_info) and return address (calling Task).  Tasks are
work units (server subroutines).  URIs are UI elements, which is why
we don't store them in the FormContext.

 If I understand your FormContext approach correctly, you are storing the
 state of the current application in URLs or hidden fields.  This is what we
 used at eToys as well, and I think it's a pretty common solution.

FormContext is a formal stack architecture.  The callee can reach into
the stack to get or to modify caller's form data as in the
ShippingAddressForm case.  It also handles the case of a call from a
non-form Task, e.g. if you bookmark your private home page on a site,
the LoginForm requires context so it knows where to return to after
successful authentication.  The Login task needs no knowledge of who
called it; it just returns to the Task specified in its FormContext.
If there is no FormContext, it returns to its next task specified by
the state machine.

The reason I brought up sessions is that the above mechanism wouldn't
work if there were sessions.  Sessions might time out or go away for
bookmarked pages.  FormContext survives server restarts and renaming
of the calling page's URI.

Rob

[JOB WANTED] looking for a job!

[brian moseley]

hiya. after almost a year off for good behavior in
australia, i'm moving back to the states. anybody want to
hire me? :)

preferred locations include the sf bay area (but not the
south bay), portland, and seattle. i'd also consider
vancouver and toronto, visa issues permitting.

i'm looking for a full-time senior position with
responsibilities equally weighted towards architecture,
design and implementation, working on large, sophisticated
web application projects in any industry. a bonus would be
work directly related to the p5ee project, including the
proposed web application specification and api. i'm also
interested in non-web-related network applications and
services.

my resume is located at http://www.maz.org/bcm/resume.pdf.
html version also available.

thanks!

Re: no_cache()

[Ask Bjoern Hansen]

On Thu, 15 Nov 2001, Rasoul Hajikhani wrote:

 I am using $request_object-no_cache(1) with no success. Isn't it
 supported any more? Can some one shed some light on this for me...

What do you mean with no success?  What are you trying to do?

-- 
ask bjoern hansen, http://ask.netcetera.dk/ !try; do();
more than a billion impressions per week, http://valueclick.com

Re: CVS

[Ask Bjoern Hansen]

On Thu, 15 Nov 2001, Jonathan M. Hollin wrote:

 I am currently developing a content management system under mod_perl, with
 data stored in an RDBMS (MySQL at present, but Oracle on the production
 server).
 
 I would like to add version control to published documents (read pages) and
 wondered if anyone has any experience of this who would be willing to offer
 me some advice. 

In a previous life I made something like that.  I just used an extra
table where I stored the RCS data with the revision history.


 - ask

-- 
ask bjoern hansen, http://ask.netcetera.dk/ !try; do();
more than a billion impressions per week, http://valueclick.com

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Joshua Chamas]

Scott Chapman wrote:
 
 I'm very interested in making a modular site design but haven't
 found the tools yet to allow this with the twist I'm looking for.
 

I'll try to show how Apache::ASP could help here.  In Apache::ASP,
scripts can be executed as subroutines, even with return values,
and I think this goes to the heart of what you need here.

I would probably break abstract headers  footers out of 
each page, to be called automatically in global.asa.  This allows
all pages to not need to know about HTML headers  footers being sent:

# global.asa
sub Script_OnStart { $Response-Include('header.inc'); }
sub Script_OnEnd   { $Response-Include('footer.inc'); }

 Say I have a page that encapsulates some functionality, such as
 sending a form then validating the contents that are returned. I'd
 call that PageB.
 
 PageB could be more than one page or a page calling itself, etc.
 

Right ... PageB is just form logic/rendering, headers  footers
are called automatically via events in global.asa.

 When PageA calls PageB, as soon as PageB finishes presenting
 the form it doesn't stop but drops out the bottom and returns
 immediately to PageA.  There are commands in some of the tools
 (Mason and soon Embperl - maybe others) to force it to stop there
 but this doesn't make for the modularity I have in mind.
 
#PageA
% my @rv = $Response-Include('PageB', @args); %
!-- Rest of PageA --

$Response-Include() just calls another page as a perl subroutine
is called with @args passed in as @_ in the script, and @rv returned
if return(@rv) is used in the script too.

 PageB then gets submitted by the user and it either calls itself
 (using conditionals to then do the data validation) or another page.
 After things are validated Ok, I'd like to have it return right back to
 PageA, just where it left off using a Return statement. Thus,
 PageA could call a PageB and have it do all it's processing then
 return, just like calling a regular subroutine.
 

PageA can execute PageB, and PageB can execute PageA, but this
could cause a loop, so I am not sure what you really want here,
but hope the above showed how one might achieve this.

 2) are there any tools (preferrably perl) out there that support this
 cleanly.  I've worked with Embperl and glanced through the docs of
 Mason, AxKit and TT and didn't see anything looking like this.
 

The $Response-Include() mechanism is very powerful, turning pages
into subroutines, and always returns to the original caller.  
To transfer control to another page without returning, 
use $Server-Transfer().  This differs from $Response-Redirect()
in that all the globals like $Session/$Application/$Request remain
the same.  If the ASP syntax is too ugly for you, you could turn 
this into an XMLSub used like:

  page:include file=PageB arg1=... arg2=... /

where you would define:

# global.asa or page.pm or any perl module that gets loaded
sub page::include {
  my($args) = @_;
  $Response-Include($args-{'file'}, $args);
}

-- Josh
_
Joshua Chamas   Chamas Enterprises Inc.
NodeWorks Founder   Huntington Beach, CA  USA 
http://www.nodeworks.com1-714-625-4051

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Perrin Harkins]

 I'll try to show how Apache::ASP could help here.  In Apache::ASP,
 scripts can be executed as subroutines, even with return values,
 and I think this goes to the heart of what you need here.

The original e-mail was confusing, but I think what he's after is not so
much the ability to call pages as subs but rather the ability to abstract
away the fact that a sub might actually involve multiple user interactions
(present a form, get a response, present another form, etc.) with breaks in
actual execution.  In other words, he wants to think of program execution in
terms of a linear user session (as you would with a GUI app) rather than a
series of separate requests.

In my opinion, trying to abstract that stuff away in a web application
causes to more problems than it solves, especially where back buttons and
bookmarks are concerned.  I think it's easier to take a state machine
approach, the way CGI::MxScreen or Apache::PageKit do.  (CGI::Application
sort of does, but it doesn't capture the relationships of states to each
other.)  With Apache::ASP, I think people would generally embed the state
transition logic in the pages, although this could probably be separated out
if you were careful about it.

- Perrin

Re: [Maybe OT] Modular design - calling pages like a subroutine with a twist.

[Scott Chapman]

On 15 Nov 2001, at 15:33, Perrin Harkins wrote:

 The original e-mail was confusing, but I think what he's after is not so
 much the ability to call pages as subs but rather the ability to abstract
 away the fact that a sub might actually involve multiple user interactions
 (present a form, get a response, present another form, etc.) with breaks in
 actual execution.  In other words, he wants to think of program execution in
 terms of a linear user session (as you would with a GUI app) rather than a
 series of separate requests.

I'm sorry the original email was confusing. You've stated it exactly 
right.  I want an abstraction layer here so that web pages work like 
calling a subroutine in a regular programming language works.
 
 In my opinion, trying to abstract that stuff away in a web application
 causes to more problems than it solves, especially where back buttons and
 bookmarks are concerned.  I think it's easier to take a state machine
 approach, the way CGI::MxScreen or Apache::PageKit do.  (CGI::Application
 sort of does, but it doesn't capture the relationships of states to each
 other.)  With Apache::ASP, I think people would generally embed the state
 transition logic in the pages, although this could probably be separated out
 if you were careful about it.

Back buttons and bookmarks already cause plenty of problems, 
not really having to do with this abstraction layer idea.  The people 
who do the work with an abstraction layer will have to keep 
bookmarks and back buttons in mind just like you have to today.  It 
would be worth it to have the abstraction layer in my opinion.  I'd 
love to be able to deal with these problems!

Scott
 
 - Perrin
 

cvs commit: modperl INSTALL.apaci Changes

[stas]

stas01/11/15 00:23:40

  Modified:.INSTALL.apaci Changes
  Log:
  - explain how perl has to be built in order to use DSO without problems
  (copied from the guide) based on email from Doug.
  
  Revision  ChangesPath
  1.8   +36 -0 modperl/INSTALL.apaci
  
  Index: INSTALL.apaci
  ===
  RCS file: /home/cvs/modperl/INSTALL.apaci,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -r1.7 -r1.8
  --- INSTALL.apaci 1999/04/19 20:29:17 1.7
  +++ INSTALL.apaci 2001/11/15 08:23:40 1.8
  @@ -200,6 +200,42 @@
   Objects (DSO).  So there is support for DSO in mod_perl now, too.  IBUT THIS
   IS STILL EXPERIMENTAL, SO BE WARNED!
   
  +=head2 When DSO can be used
  +
  +If you want to build Cmod_perl as DSO you must make sure that Perl
  +was built with system's native malloc(). If Perl was built with its
  +own malloc() and C-Dbincompat5005, it pollutes the main Chttpd
  +program with Ifree and Imalloc symbols.  When Chttpd restarts
  +(happens at startup too), any references in the main program to
  +Ifree and Imalloc become invalid, and this causes memory leaks and
  +segfaults.
  +
  +Notice that mod_perl's build system warns about this problem.
  +
  +With Perl 5.6.0+ this pollution can be prevented with
  +C-Ubincompat5005.  or C-Uusemymalloc for any version of Perl, but
  +there's a chance that might hurt performance depending on platform, so
  +C-Ubincompat5005 is likely a better choice.
  +
  +If you get the following reports with Perl version 5.6.0+:
  +
  +  % perl -V:usemymalloc
  +  usemymalloc='y';
  +  % perl -V:bincompat5005
  +  bincompat5005='define';
  +
  +rebuild Perl with C-Ubincompat5005.
  +
  +For Perl versions pre-5.6.x, if you get:
  +
  +  % perl -V:usemymalloc
  +  usemymalloc='y';
  +
  +rebuild Perl with C-Uusemymalloc.
  +
  +now rebuild mod_perl.
  +
  +
   =head2 Build mod_perl as DSO inside Apache source tree via APACI
   
   We already said that the new mod_perl build environment is a hybrid one. What
  
  
  
  1.623 +4 -0  modperl/Changes
  
  Index: Changes
  ===
  RCS file: /home/cvs/modperl/Changes,v
  retrieving revision 1.622
  retrieving revision 1.623
  diff -u -r1.622 -r1.623
  --- Changes   2001/09/09 21:56:46 1.622
  +++ Changes   2001/11/15 08:23:40 1.623
  @@ -10,6 +10,10 @@
   
   =item 1.26_01-dev
   
  +INSTALL.apaci: added an explanation of how perl has to be built in
  +order to use DSO without problems (copied from the guide) based on
  +email from Doug.  [Stas Bekman [EMAIL PROTECTED]]
  +
   warn if Perl is configured with -Duseshrplib and a libperl.so is found
   in a place where it should not be, example: /lib /usr/lib or /usr/local/lib
   
  
  
  

cvs commit: modperl-2.0/xs/tables/current/ModPerl FunctionTable.pm

[dougm]

dougm   01/11/15 09:52:00

  Modified:xs/tables/current/Apache ConstantsTable.pm FunctionTable.pm
StructureTable.pm
   xs/tables/current/ModPerl FunctionTable.pm
  Log:
  sync
  
  Revision  ChangesPath
  1.17  +1 -1  modperl-2.0/xs/tables/current/Apache/ConstantsTable.pm
  
  Index: ConstantsTable.pm
  ===
  RCS file: /home/cvs/modperl-2.0/xs/tables/current/Apache/ConstantsTable.pm,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- ConstantsTable.pm 2001/11/12 22:17:02 1.16
  +++ ConstantsTable.pm 2001/11/15 17:52:00 1.17
  @@ -2,7 +2,7 @@
   
   # !!
   # ! WARNING: generated by Apache::ParseSource/0.02
  -# !  Mon Nov 12 14:22:14 2001
  +# !  Thu Nov 15 09:53:52 2001
   # !  do NOT edit, any changes will be lost !
   # !!
   
  
  
  
  1.26  +119 -1modperl-2.0/xs/tables/current/Apache/FunctionTable.pm
  
  Index: FunctionTable.pm
  ===
  RCS file: /home/cvs/modperl-2.0/xs/tables/current/Apache/FunctionTable.pm,v
  retrieving revision 1.25
  retrieving revision 1.26
  diff -u -r1.25 -r1.26
  --- FunctionTable.pm  2001/11/12 22:17:02 1.25
  +++ FunctionTable.pm  2001/11/15 17:52:00 1.26
  @@ -2,7 +2,7 @@
   
   # !!
   # ! WARNING: generated by Apache::ParseSource/0.02
  -# !  Mon Nov 12 14:22:23 2001
  +# !  Thu Nov 15 09:45:53 2001
   # !  do NOT edit, any changes will be lost !
   # !!
   
  @@ -1463,6 +1463,28 @@
 },
 {
   'return_type' = 'void',
  +'name' = 'ap_hook_create_connection',
  +'args' = [
  +  {
  +'type' = 'ap_HOOK_create_connection_t *',
  +'name' = 'pf'
  +  },
  +  {
  +'type' = 'const char * const *',
  +'name' = 'aszPre'
  +  },
  +  {
  +'type' = 'const char * const *',
  +'name' = 'aszSucc'
  +  },
  +  {
  +'type' = 'int',
  +'name' = 'nOrder'
  +  }
  +]
  +  },
  +  {
  +'return_type' = 'void',
   'name' = 'ap_hook_create_request',
   'args' = [
 {
  @@ -1571,6 +1593,11 @@
 },
 {
   'return_type' = 'apr_array_header_t *',
  +'name' = 'ap_hook_get_create_connection',
  +'args' = []
  +  },
  +  {
  +'return_type' = 'apr_array_header_t *',
   'name' = 'ap_hook_get_create_request',
   'args' = []
 },
  @@ -2323,6 +2350,11 @@
   ]
 },
 {
  +'return_type' = 'void',
  +'name' = 'ap_listen_pre_config',
  +'args' = []
  +  },
  +  {
   'return_type' = 'int',
   'name' = 'ap_location_walk',
   'args' = [
  @@ -3789,6 +3821,28 @@
   ]
 },
 {
  +'return_type' = 'conn_rec *',
  +'name' = 'ap_run_create_connection',
  +'args' = [
  +  {
  +'type' = 'apr_pool_t *',
  +'name' = 'p'
  +  },
  +  {
  +'type' = 'server_rec *',
  +'name' = 'server'
  +  },
  +  {
  +'type' = 'apr_socket_t *',
  +'name' = 'csd'
  +  },
  +  {
  +'type' = 'int',
  +'name' = 'conn_id'
  +  }
  +]
  +  },
  +  {
   'return_type' = 'int',
   'name' = 'ap_run_create_request',
   'args' = [
  @@ -4449,6 +4503,42 @@
 },
 {
   'return_type' = 'const char *',
  +'name' = 'ap_set_listenbacklog',
  +'args' = [
  +  {
  +'type' = 'cmd_parms *',
  +'name' = 'cmd'
  +  },
  +  {
  +'type' = 'void *',
  +'name' = 'dummy'
  +  },
  +  {
  +'type' = 'const char *',
  +'name' = 'arg'
  +  }
  +]
  +  },
  +  {
  +'return_type' = 'const char *',
  +'name' = 'ap_set_listener',
  +'args' = [
  +  {
  +'type' = 'cmd_parms *',
  +'name' = 'cmd'
  +  },
  +  {
  +'type' = 'void *',
  +'name' = 'dummy'
  +  },
  +  {
  +'type' = 'const char *',
  +'name' = 'ips'
  +  }
  +]
  +  },
  +  {
  +'return_type' = 'const char *',
   'name' = 'ap_set_name_virtual_host',
   'args' = [
 {
  @@ -4467,6 +4557,24 @@
 },
 {
   'return_type' = 'const char *',
  +'name' = 'ap_set_send_buffer_size',
  +'args' = [
  +  {
  +'type' = 'cmd_parms *',
  +'name' = 'cmd'
  +  },
  +  {
  +'type' = 'void *',
  +'name' = 'dummy'
  +  },
  +  {
  +'type' = 'const char *',
  +'name' = 'arg'
  +  }
  +]
  +  },
  +  {
  +'return_type' = 'const char *',
   'name' = 'ap_set_string_slot',
   'args' = [
 {
  @@ -4526,6 +4634,16 @@