cvs commit: modperl-2.0 Changes
dougm 2002/06/14 19:09:26 Modified:.Changes Log: update Changes Revision ChangesPath 1.23 +3 -0 modperl-2.0/Changes Index: Changes === RCS file: /home/cvs/modperl-2.0/Changes,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- Changes 13 Jun 2002 02:59:05 - 1.22 +++ Changes 15 Jun 2002 02:09:26 - 1.23 -10,6 +10,9 =item 1.99_03-dev +win32 fix for the global Apache-request object to make sure it uses +the thread local storage mechanism + add a reference count mechanism to interpreters for use in threaded MPMs, so if APR::Pool cleanups have been registered the interpreter is not putback into the interpreter pool until all cleanups have run.
Re: tutorials (was: Re: rfc Apache::Dynagzip)
From: Igor Sysoev [EMAIL PROTECTED] Here is first part of criticism. 1. You should not mix proxies and browsers. It's a question. I've been thinking about this, and decided to refrain from diving into a long common discussion about features of spiders, content-feeders, general indexing robots, etc. I wouldn't let reader to sink in unhelpful features of specific web clients before giving him a real tool to serve those guys in accordance with his own business requirements (which could be opposite to my own preferences). I firmly believe that we'll have to deal with those guys in future. To make it practically helpful we have to study all possible features of all available web clients on permanent basis, and keep the community informed about current conditions of network clients. To date we have too limited number of practically useful facts to stick with this problem. Even more, we have to double-check some of well-known facts, because the life is going on. New versions of old known web clients are emerging sometimes. Sometimes people can make mistakes. Everything is going to be changed on the earth, including the structure of this tutorial. 2. As I said you MS Proxy has not mask at all. ^1\.1 is not a mask. ^Squid/ is incorrect mask. Here is example of Via header of HTTP/1.1 request that goes though Squid, MS Proxy and Oops: 1.1 proxy1.domain1.com:3128 (Squid/2.4.STABLE2), 1.0 PROXY2, proxy3.domain3.com:3128 (Oops 1.5.22f1) 3. Proxy masks will not help. About 70% of all proxied request are going through Squid and about 15% are going through MS Proxy. So much safe way is to disable proxy requests at all instead of tring to look mask. Besides I suspect that most proxies handle compressed content incorrectly. I had checked only Squid, MS Proxy and Oops but there are many another proxies. So I think you should disable gzip for all proxied request or enable it for all proxied request if you do not care about old broswer. mod_deflate by default disable it. Since Igor fails to explain clearly the features of his secret knowledge in both English and Russian to me, I decided to double-check his information with the source authorities. Indeed, I was lucky to have a short conversation on [EMAIL PROTECTED] mailing list with Henrik Nordstrom, who is developing the Squid proxy. Now I have a real mask for the Apache::CompressClientFixup handler and some new conditions for successful implementation of content compression, serving the requests passed through Squid. I'm going to make the appropriate changes in the text of tutorial as version 0.02 a few days later together with other changes. Just a little fragment of my conversation with Henrik Nordstrom for those who care: From: Henrik Nordstrom X Sent: Thursday, June 13, 2002 7:15 PM Subject: Re: [squid-users] Accept-Encoding header # Squid-2.5 and later supports caching of objects having the Vary # header. # # Squid-2.4 and earlier denies caching of such objects as it cannot # support more than one entity per URL. On Friday 14 June 2002 02:43, Slava Bizyayev wrote: # Should we consider the Squid-2.4 the only version compatible with # content compression (as long as it denies to cache anything # accomplished with Vary header)? # # Please, could you specify the earliest version, which is working # this way? # # Am I understand correctly that we should refrain from # doing the content compression on httpd when the request is coming # through the Squid-2.5 (even we reply with Vary)? From: Henrik Nordstrom X Date: Fri, 14 Jun 2002 02:57:01 +0200 Subject: Re: [squid-users] Accept-Encoding header # Both are fully compatible with all forms of server driven content # negotiation (file type, encoding, compression etc), as long as you # send a proper Vary header indicating such negotiation is taking # place. # # Squid-2.4 and earlier won't be able to cache the reply as Squid-2.4 # and earlier can only support up to one entity version per URL. # # Squid-2.5 will cache the reply if possible, and honors the entity # variance indicated by Vary. # # Squid-2.6 will most likely also support ETag, allowing Squid to ask # the server which if any of the variants it already has is suitable # for satisfying the new request type. In Squid-2.5 each request type # is cached individually. # # The detection of Vary as uncacheable was added very long ago, probably # during the Squid-1.X versions. # # Regards # Henrik Does it make sense? For me it means that every fact which is coming from Igor Sysoev should be double-checked independently prior to practical usage. I guess some significant changes in the next version of the tutorial... On other hand, I feel better, knowing that guys from Squid are caring about our clients, and life goes on. 4. You should not unset Accept-Encoding. Better way is to set $r-note('disable_gzip'). Sometimes it seems like Igor does not really understand what he is speaking about. No comments.
Re: SEGV in bleadperl@17165 under mod_perl
Jarkko Hietaniemi [EMAIL PROTECTED] writes: I'm grasping at straws, and I really don't know much about PerlIO... but try this: //depot/perl/perlio.c#179 - /u/vieraat/vieraat/jhi/pp4/perl/perlio.c Index: perl/perlio.c --- perl/perlio.c.~1~ Thu Jun 13 20:05:05 2002 +++ perl/perlio.c Thu Jun 13 20:05:05 2002 @@ -2734,7 +2734,7 @@ PerlIOStdio_flush(pTHX_ PerlIO *f) { FILE *stdio = PerlIOSelf(f, PerlIOStdio)-stdio; -if (PerlIOBase(f)-flags PERLIO_F_CANWRITE) { +if (stdio PerlIOBase(f)-flags PERLIO_F_CANWRITE) { return PerlSIO_fflush(stdio); } else { End of Patch. NI-S will probably find this patch very wrong :-) Should be harmless. A :stdio layer without a FILE * should never happen. Your patch prevents it doing fflush(NULL) if it does. -- Nick Ing-Simmons http://www.ni-s.u-net.com/
Re: SEGV in bleadperl@17165 under mod_perl
Doug Maceachern [EMAIL PROTECTED] writes: patch below also cures (when calling system() with Apache::Upload handles still alive). seems PerlIO_importFILE() should have a mode argument, It did but nobody used it and now we have legacy. The thing that world passes as 0 was suppoed to be O_READ style mode. I think it it too late to start honouring that but will gladly do so if that is considered 5.8 worthy. in this case we only want to allow reading on the given FILE* --- Request/Request.xs~Sun Jan 20 09:27:35 2002 +++ Request/Request.xs Thu Jun 13 15:07:28 2002 @@ -38,6 +38,7 @@ #undef __attribute__ #include mod_perl.h +#include perliol.h #ifdef WIN32 @@ -494,6 +495,7 @@ CODE: if ( ( RETVAL = PerlIO_importFILE(ApacheUpload_fh(upload),0) ) == NULL ) XSRETURN_UNDEF; +PerlIOBase((PerlIO*)RETVAL)-flags = ~PERLIO_F_CANWRITE; OUTPUT: RETVAL Import attempts to find out how FD that FILE * is using is open but that really isn't sufficient. -- Nick Ing-Simmons http://www.ni-s.u-net.com/
Re: separating C from V in MVC
A) a ridiculously flexible interface that looks sort of like SQL, except where it is SQL, except where it's only sort of like SQL, etc. B) a ridiculous profusion of classes, methods, or both. SQL has its place, and Alzabo merely provides a thin layer on top of it. Trying to jam a thick layer of OO-goodness over relational data is asking for a mess. OO has its place, but if your application is primarily about the database, I don't think that a heavy OO layer on top of that will do HI Dave, Totally agree. My general motto is tiers eq tears ... I've never seen a really comfortable OO/SQL bridge. The OO part almost always dumbs down or hobbles the database. Group bys, order bys, multi-table selects, locking, SQL query plans and index optimisation all rightfully belong to the database but are an anathema to a simple OO/SQL bridge. While disks need to seek and spin ... relational databases will have their place. I sometimes think of a world with unlimited RAM. It's here that OO dreams really come true --- vast pools of objects with hash/array look up speed etc. Until that time though ... I personally code with the database foremost in my mind - and disk seeks a close second - for me the SQL comes first and so I have no problem with large HEREDOCs of SQL in my code. Generally I try to minimise the layers/tiers/abstraction between the front-end and the database - for me OO/SQL abstraction is something akin to 'GOTO considered harmful'. Nige Nigel Hamilton Turbo10 Metasearch Engine email: [EMAIL PROTECTED] tel:+44 (0) 207 987 5460 fax:+44 (0) 207 987 5468 http://turbo10.com Search Deeper. Browse Faster.
Re: tutorials (was: Re: rfc Apache::Dynagzip)
On Fri, 14 Jun 2002, Slava Bizyayev wrote: Does it make sense? For me it means that every fact which is coming from Igor Sysoev should be double-checked independently prior to practical usage. OK. It's your right. I guess some significant changes in the next version of the tutorial... On other hand, I feel better, knowing that guys from Squid are caring about our clients, and life goes on. I did not check how Squid work with Vary header because any value in this header simply disables caching in MSIE. I prefer client caching to compression. 4. You should not unset Accept-Encoding. Better way is to set $r-note('disable_gzip'). Sometimes it seems like Igor does not really understand what he is speaking about. No comments. I mean that that you should not change any incoming header. Igor Sysoev http://sysoev.ru
Re: URL
On Thu, 13 Jun 2002, Rasoul Hajikhani wrote: Is there a way to read the actual URL typed in the location box of the browser? What's actually typed into the location bar on a browser isn't sent in the HTTP headers, and thus mod_perl cannot access it. For example, you may be able to type in your browser cnn but your browser will munge that to be a request for http://www.cnn.com/; and that's what it will send in the HTTP headers not the orignal cnn If you're happy getting that level of detail then there are many ways to do it which are covered in the guide. For a certain platform (browser) you *may* be able to access the urlbar though a plugin, though javascript or though using a keyword system. Methods for doing this however are offtopic for this list and I wish you luck in finding solutions. Mark. -- s'' Mark Fowler London.pm Bath.pm http://www.twoshortplanks.com/ [EMAIL PROTECTED] ';use Term'Cap;$t=Tgetent Term'Cap{};print$t-Tputs(cl);for$w(split/ +/ ){for(0..30){$|=print$t-Tgoto(cm,$_,$y). $w;select$k,$k,$k,.03}$y+=2}
Re: separating C from V in MVC
On Fri, 14 Jun 2002, Nigel Hamilton wrote: A) a ridiculously flexible interface that looks sort of like SQL, except where it is SQL, except where it's only sort of like SQL, etc. B) a ridiculous profusion of classes, methods, or both. SQL has its place, and Alzabo merely provides a thin layer on top of it. Trying to jam a thick layer of OO-goodness over relational data is asking for a mess. OO has its place, but if your application is primarily about the database, I don't think that a heavy OO layer on top of that will do HI Dave, Totally agree. My general motto is tiers eq tears ... I've never seen a really comfortable OO/SQL bridge. The OO part almost always dumbs down or hobbles the database. Group bys, order bys, multi-table selects, locking, SQL query plans and index optimisation all rightfully belong to the database but are an anathema to a simple OO/SQL bridge. While disks need to seek and spin ... relational databases will have their place. I sometimes think of a world with unlimited RAM. It's here that OO dreams really come true --- vast pools of objects with hash/array look up speed etc. I feel pretty much the same, and so gave a talk about this (and other things) at last year's perl conference. Slides are at http://axkit.org/docs/presentations/tpc2001/anydbd.axp/a.pdf -- !-- Matt -- :-Get a smart net/:-
Re: tutorials (was: Re: rfc Apache::Dynagzip)
From: Igor Sysoev [EMAIL PROTECTED] Sent: Friday, June 14, 2002 3:53 AM Subject: Re: tutorials (was: Re: rfc Apache::Dynagzip) I did not check how Squid work with Vary header because any value in this header simply disables caching in MSIE. I prefer client caching to compression. It's not the truth again. I'm using Vary accomplished with Expires to control MSIE local cache about half a year. Works fine. 4. You should not unset Accept-Encoding. Better way is to set $r-note('disable_gzip'). Sometimes it seems like Igor does not really understand what he is speaking about. No comments. I mean that that you should not change any incoming header. ?! No comments. Thanks, Slava
Re: separating C from V in MVC
On Fri, 14 Jun 2002, Nigel Hamilton wrote: Generally I try to minimise the layers/tiers/abstraction between the front-end and the database - for me OO/SQL abstraction is something akin to 'GOTO considered harmful'. I think there's room for middle ground here between mapping OO directly to SQL and having SQL in heredocs in your code. What we tend to use is a object that works almost as a SQL factory. We never have SQL directly in our code, but rather all this is placed inside a seperate module.that knows a few things about itself - e,g, what database and table we're using for this run. This can be then used to spit out SQL or run the query and return the results. The key aspect is that anytime you feel you need to write some SQL you should feel free to add more SQL to this module - not limit yourself to waht's already avalible. The advantage of this is that we get better reuse in out of our SQL when we need the same function called from many places, and we can reuse the same SQL on similar tables/databases for different runs. Another advantage is that should we ever want to change the database all our SQL is in a few modules and we can make sure that we change all our SQL. Mark. -- s'' Mark Fowler London.pm Bath.pm http://www.twoshortplanks.com/ [EMAIL PROTECTED] ';use Term'Cap;$t=Tgetent Term'Cap{};print$t-Tputs(cl);for$w(split/ +/ ){for(0..30){$|=print$t-Tgoto(cm,$_,$y). $w;select$k,$k,$k,.03}$y+=2}
Re: separating C from V in MVC
On Fri, 14 Jun 2002 10:34:47 +0100 (BST) Mark Fowler [EMAIL PROTECTED] wrote: : On Fri, 14 Jun 2002, Nigel Hamilton wrote: : : Generally I try to minimise the layers/tiers/abstraction between : the front-end and the database - for me OO/SQL abstraction is something : akin to 'GOTO considered harmful'. : : The advantage of this is that we get better reuse in out of our SQL when : we need the same function called from many places, and we can reuse the : same SQL on similar tables/databases for different runs. Another : advantage is that should we ever want to change the database all our SQL : is in a few modules and we can make sure that we change all our SQL. Another useful thing is that you can implement some cache mechanism there, in one place, and this is transparent to clients who just keep on calling, say, $category_factory-read_category_tree(), no matter whether the tree is actually fetched from the database or from shared memory. -- fxn
Re: tutorials (was: Re: rfc Apache::Dynagzip)
On Fri, 14 Jun 2002, Slava Bizyayev wrote: I did not check how Squid work with Vary header because any value in this header simply disables caching in MSIE. I prefer client caching to compression. It's not the truth again. I'm using Vary accomplished with Expires to control MSIE local cache about half a year. Works fine. I have just checked 3 MSIE: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461) All of them had recevied responses like this: HTTP/1.1 200 OK Date: Fri, 14 Jun 2002 09:51:59 GMT Server: Apache/1.3.22 (Unix) Vary: Content-Encoding Cache-Control: max-age=86400 Expires: Sat, 15 Jun 2002 09:51:59 GMT Last-Modified: Tue, 09 Apr 2002 14:15:31 GMT ETag: 1d3a9-65d-3cb2f783 Accept-Ranges: bytes Content-Length: 1629 Connection: close Content-Type: text/html; charset=koi8-r All of MSIE do not cache responses. They even do not send If-Modified-Since header. Can you show me URL with Vary and Expires that MSIE would cache. 4. You should not unset Accept-Encoding. Better way is to set $r-note('disable_gzip'). Sometimes it seems like Igor does not really understand what he is speaking about. No comments. I mean that that you should not change any incoming header. ?! No comments. How can I log a real Accept-Encoding header if you unset it ? Igor Sysoev http://sysoev.ru
Re: separating C from V in MVC
Generally I try to minimise the layers/tiers/abstraction between the front-end and the database - for me OO/SQL abstraction is something akin to 'GOTO considered harmful'. HI Mark, I'm not sure about a monolithic SQL factory module like the one you describe. Generally, each SQL statement is unique so I've never been able to find re-use benefits here. Also passing parameters to SQL Factory methods involves another change of scope/layer which I think is not necessary. In our system, a programmer maintaining the system will look to the object first and find the SQL bang in the middle - which I think has better re-use/maintenance implications than hidden away in a back closet that's packed full of stuff (i.e., all the SQL). One way I minimise the layers between DB and the front-end is to make sure all fields share the same name as in the database - someone has already mentioned this technique. This follows the design tenet - a unit of data should have only one name throughout the entire system. Perl has a great feature: 'slippery typing' (as opposed to Java's strong). This enables me to pass a database row hash - to an object constructor - to a controller - to a view. In my case the view is typically a HTML template holding tokens of the form: {{database-field-name}}. For example, when a search occurs on Turbo10 the following happens: * Engine Object - contains SQL - returns a DBI row hash * Hit Object - is constructed with this DBI row hash * BrowserMessenger Object - formats Hit in Javascript for tranmission to browser using a Template * Template Object - uses the same field names from the DBI row hash to replace tokens In this way, I try to minimise the interfaces going from the database to the browser - and the SQL stays inside the objects that use it. Does anybody else want to confess to something similar? (-; Nigel I think there's room for middle ground here between mapping OO directly to SQL and having SQL in heredocs in your code. What we tend to use is a object that works almost as a SQL factory. We never have SQL directly in our code, but rather all this is placed inside a seperate module.that knows a few things about itself - e,g, what database and table we're using for this run. This can be then used to spit out SQL or run the query and return the results. The key aspect is that anytime you feel you need to write some SQL you should feel free to add more SQL to this module - not limit yourself to waht's already avalible. The advantage of this is that we get better reuse in out of our SQL when we need the same function called from many places, and we can reuse the same SQL on similar tables/databases for different runs. Another advantage is that should we ever want to change the database all our SQL is in a few modules and we can make sure that we change all our SQL. Mark. -- Nigel Hamilton Turbo10 Metasearch Engine email: [EMAIL PROTECTED] tel:+44 (0) 207 987 5460 fax:+44 (0) 207 987 5468 http://turbo10.com Search Deeper. Browse Faster.
Re: which handler?
Gabriel C Millerd wrote: On Thu, 13 Jun 2002, Geoffrey Young wrote: sounds like a job for a PerlTransHandler... if ($not_ok) { $r-uri('/not_ok_page.html'); return DECLINED; } this works great until i run into an Alias or a mod_rewite rule it seems. that's odd. the above code essentially acts as though the user entered /not_ok_page.html in their browser all by themselves. maybe I incorrectly assumed that's what you were looking for? what is the proper way to indicate success here? ora's writing apache modules has this method and the method omitting '$r-filename()' line - which i have not been able to get to work. Apache only gives handlers one shot at translating the URI to a filename. So, you can either trick apache by changing the URI and returning DECLINED, which lets Apache handle the translation for you, or map the filename yourself (as you do below) and return OK. one step away from this .. perhaps a set of logic to act differently is needed for different requests. sub handler { my $r=shift; if(Apache::MonDiag($r) { $r-filename($r-document_root . $r-uri); return OK; } else { $r-warn(Apache::MonDiag($state)); my $url=$r-dir_config('MonDiagRedirect'); $r-content_type('text/html'); $r-header_out(Location=$url); return REDIRECT; } } it's early here, and I haven't had my coffee yet, but what you're written should be essentially the same as the short snipped I provided (save the possibility of redirecting to an offsite URL). HTH --Geoff
location of LoginScript in Apache::AuthCookie* modules
Hi I 'm trying to use the Apache::AuthCoookieLDAP module to authenticate my web users using my ldap server. With the defaut configuration it works quite well. Right now i would like to make user authenticate throug a SSL page. In order to do that i modify the configuration script to use PerlSetVar WhatEverLoginScript https://corbeau/perl/login.pl it work almost ok ( the cookie is set ) but in the login.pl script i didn't get where i caome from. Therefore i can't set the destination parameter. has someone already done what i try to do before i m trying to reinvent the wheel? Thanks in advance for any help -- Eric Doutreleau I.N.T | Tel : +33 (0) 160764687 9 rue Charles Fourier | Fax : +33 (0) 160764321 91011 Evry France | email : [EMAIL PROTECTED]
Re: which handler?
On Fri, 14 Jun 2002, Geoffrey Young wrote: that's odd. the above code essentially acts as though the user entered /not_ok_page.html in their browser all by themselves. maybe I incorrectly assumed that's what you were looking for? well the problem with a onsite url is that the handler would have to process that as well (unless i checked $r-uri for that specific uri. of failure or DECLINED aspect works 100% perfect. its the non-DECLINE that doesnt work Apache only gives handlers one shot at translating the URI to a does this mean 'apache only gives one and only one shot shot a translating a url' or 'apache gives each handler one shot at translating a url'? i assumed that after 'PerlTransHandler ModuleName' is done mod_rewrite can still take a stab at the url. filename. So, you can either trick apache by changing the URI and returning DECLINED, which lets Apache handle the translation for you, or map the filename yourself (as you do below) and return OK. if I use this peice of code (solely as a way of trying to find the problem) ... sub handler { my $r=shift; $r-filename($r-document_root . $r-uri); return OK; } ... i will get this for all requests [date/time] [error] [client ip] File does not exist: / it's early here, and I haven't had my coffee yet, but what you're written should be essentially the same as the short snipped I provided (save the possibility of redirecting to an offsite URL). your part (the DECLINED) works perfecto ... thanks again sub handler { my $r=shift; if(sysdiag($r)) { ## ## somethng wrong here ## $r-filename($r-document_root . $r-uri); return OK; } else { ## ## this works perfect ## $r-warn(Apache::Kosher($state)); my $url=$r-dir_config('KosherRedirect'); $r-content_type('text/html'); $r-header_out(Location=$url); return REDIRECT; } } --- Gabriel C. Millerd |Real Men don't make backups. They upload it via ftp Super Plumber | and let the world mirror it. -- Linus Torvalds |
Thread bug in 5.8RC1 Win32
Greetings. Running NT4SP6, 5.8RC1 compiled debug. The following session: D:\Apache2perl -d -e 42 Loading DB routines from perl5db.pl version 1.19 Editor support available. Enter h or `h h' for help, or `perldoc perldebug' for more help. main::(-e:1): 42 DB1 ;{use threads;my $var=1;threads-create(sub{$var++})-join();} Crashes the intepreter, in perl.c: /* Destroy the main CV and syntax tree */ if (PL_main_root) { PL_curpad = AvARRAY(PL_comppad); =BLAM! op_free(PL_main_root); PL_main_root = Nullop; } Stack trace: perl_destruct(interpreter * 0x01cf138c) line 445 + 9 bytes Perl_ithread_destruct(interpreter * 0x015d6d7c, ithread_s * 0x01e9c6cc, const char * 0x1000650c `string') line 130 + 12 bytes ithread_mg_free(interpreter * 0x015d6d7c, sv * 0x01ce6098, magic * 0x02029e7c) line 200 + 18 bytes Perl_sv_unmagic(interpreter * 0x015d6d7c, sv * 0x01ce6098, int 110) line 4687 + 18 bytes Perl_ithread_join(interpreter * 0x015d6d7c, sv * 0x01ce6080) line 519 + 19 bytes XS_threads_join(interpreter * 0x015d6d7c, cv * 0x01ce5f90) line 592 + 13 bytes Perl_pp_entersub(interpreter * 0x015d6d7c) line 2758 + 16 bytes Perl_runops_debug(interpreter * 0x015d6d7c) line 1398 + 13 bytes S_run_body(interpreter * 0x015d6d7c, long 1) line 1670 + 13 bytes perl_run(interpreter * 0x015d6d7c) line 1594 + 13 bytes RunPerl(int 4, char * * 0x015e0210, char * * 0x015e0c70) line 202 + 12 bytes main(int 4, char * * 0x015e0210, char * * 0x015e0c70) line 18 + 18 bytes PERL! mainCRTStartup + 227 bytes KERNEL32! 77f1b9ea() Output of perl -V: Summary of my perl5 (revision 5 version 8 subversion 0) configuration: Platform: osname=MSWin32, osvers=4.0, archname=MSWin32-x86-multi-thread uname='' config_args='undef' hint=recommended, useposix=true, d_sigaction=undef usethreads=undef use5005threads=undef useithreads=define usemultiplicity=define useperlio=define d_sfio=undef uselargefiles=undef usesocks=undef use64bitint=undef use64bitall=undef uselongdouble=undef usemymalloc=n, bincompat5005=undef Compiler: cc='cl', ccflags ='-nologo -Gf -W3 -Od -MD -Zi -DDEBUGGING -DWIN32 -D_CONSOLE -DNO_STRICT -DHAVE_DES_FCRYPT -DPERL_IMPLICIT_CONTEXT -DPERL_IMPLICIT_SYS -DUSE_PERLIO -DPERL_MSVCRT_READFIX', optimize='-Od -MD -Zi -DDEBUGGING', cppflags='-DWIN32' ccversion='', gccversion='', gccosandvers='' intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=1234 d_longlong=undef, longlongsize=8, d_longdbl=define, longdblsize=10 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=4 alignbytes=8, prototype=define Linker and Libraries: ld='link', ldflags ='-nologo -nodefaultlib -debug -libpath:D:\perl58\lib\CORE -machine:x86' libpth=MSVCDir=C:\PROGRA~1\MICROS~4\VC98\lib libs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib wsock32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib perllibs= oldnames.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib netapi32.lib uuid.lib wsock32.lib mpr.lib winmm.lib version.lib odbc32.lib odbccp32.lib msvcrt.lib libc=msvcrt.lib, so=dll, useshrplib=yes, libperl=perl58.lib Dynamic Linking: dlsrc=dl_win32.xs, dlext=dll, d_dlsymun=undef, ccdlflags=' ' cccdlflags=' ', lddlflags='-dll -nologo -nodefaultlib -debug -libpath:D:\perl58\lib\CORE -machine:x86' Characteristics of this binary (from libperl): Compile-time options: DEBUGGING MULTIPLICITY USE_ITHREADS PERL_IMPLICIT_CONTEXT PERL_IMPLICIT_SYS Built under MSWin32 Compiled at Jun 4 2002 09:08:01 INC: D:/perl58/lib D:/perl58/site/lib .
O-R mapping vs. R-O mapping (was Re: separating C from V in MVC)
At 12:22 AM -0500 6/14/02, Dave Rolsky wrote: An Object-Relational mapper takes objects and stores them in a relational database, as transparently as possible. I think the most pure example of this I've seen in the Perl world is Tangram (www.tangram-persistence.org). SPOPS is also an O-R mapper (actually, its a generic Object persistence mechanism but it seems to most feature-rich when used with an RDBMS). A Relational-Object takes a relational database, and provides access to it (select, insert, update, delete) via objects. Class::DBI, Alzabo, and DBIx::RecordSet are examples of such a beast. I think what it comes down to is how do you start thinking your project? Well said, Dave. I don't think one approach is strictly better than the other. It depends what you need to accomplish. I wouldn't be surprised to find that the majority of the folks on the modperl list would favor an R-O approach to an O-R one, but that's because probably the vast majority of web apps are primarily about the data. This happens to not be the case for me and I find my O-R mapper to be enormously helpful, exactly what I need most of the time. I'm using ESPOPS, a package built on top of SPOPS to handle objects with inherited attributes spread across multiple tables. Granted, when I do need to fetch my objects based on complicated criteria involving joining of lots of tables, it's not as clean as I'd like. It requires passing SQL fragments into the fetch methods. To me this just means that my O-R mapper has abstracted things nicely to the point where I don't have to touch any SQL 90% of the time, but for those cases where I do need more complicated SQL, it lets me directly at the SQL and doesn't pretend that it's going to be able to do everything I might want. This seems like a good tradeoff to me. One possible improvement (with emphasis on possible) might be to build the O-R mapper on top of something like Alzabo or some other R-O mapper which does a more complete job of abstracting me away from the actual SQL. Then when I want to pass some more explicit query specs through the O-R mapper it would be in Alzabo instead of SQL. My gut feeling is that the extra layer probably wouldn't be worth it. Anyway, my main point is O-R and R-O are different tools for different jobs. A hammer is not better than a saw until you know you're trying to drive a nail as opposed to cut wood. BTW, this thread should probably be moved to the poop list ... -- Ray Zimmerman / e-mail: [EMAIL PROTECTED] / 428-B Phillips Hall Sr Research / phone: (607) 255-9645 / Cornell University Associate / FAX: (815) 377-3932 / Ithaca, NY 14853
Re: which handler?
Gabriel C Millerd wrote: On Fri, 14 Jun 2002, Geoffrey Young wrote: that's odd. the above code essentially acts as though the user entered /not_ok_page.html in their browser all by themselves. maybe I incorrectly assumed that's what you were looking for? well the problem with a onsite url is that the handler would have to process that as well (unless i checked $r-uri for that specific uri. of failure or DECLINED aspect works 100% perfect. its the non-DECLINE that doesnt work right. sorry. that should have been $r-uri('/not_ok_page.html') if $not_ok; return DECLINED; you pretty much want to return DECLINED all the time. only return OK if you alter $r-filename. if you want to display not_ok_page.html no matter what (even if the user enters it directly), then stick return DECLINED if $r-uri =~ m!^/not_ok_page.html!i; at the top of your trans handler (or something similar) Apache only gives handlers one shot at translating the URI to a does this mean 'apache only gives one and only one shot shot a translating a url' yes. the first handler (mod_perl or otherwise) to return OK wins, and it's winner take all. that's why you return DECLINED - mod_perl will run first (before any other Apache modules), alter the URI, then Apache will move along as if nothing happened. and don't forget that apache errors such as REDIRECT will terminate translation as well :) or 'apache gives each handler one shot at translating a url'? i assumed that after 'PerlTransHandler ModuleName' is done mod_rewrite can still take a stab at the url. it can if you return DECLINED no matter what. returning OK subverts mod_rewrite as well as the default Apache translation engine. does that help? --Geoff
Re: [OT] Q:MVC and FuseBox methodology A?
I think fusebox does not really apply very well to mod_perl or PHP. It really developed out of the fact that coldfusion (pre 5.0) had no functions and still has no real objects. Since there is no real practical way to separate code except into separate files that can be included (cf_include) or called as a sort of function (cf_module) it became very easy to mix your controller code with your view code, etc. So fusbox was developed as a methodology for separating what we are calling here MVC into separate chunks, in separate files that could either be included (cf_include) or called (cf_module) as a sort of function. The ideas are right and all it really is, is MVC, but stated from a coldfusion perspective. Ron On Wed, 12 Jun 2002, Jim Helm wrote: Does anyone know how MVC maps to the fusebox methodology? I haven't used it under PHP, but the adaptation to ASP applies almost directly to Apache::ASP, and at least seems like it's well thought out and practical. Maybe it's really just the Controller aspect of MVC. I'm still trying to wrap my head around this too. Wonderful knowledge transfer going on, BTW! --Jim --
Re: separating C from V in MVC
The Pet Shop has a grand total of 13 tables. How well does this approach work with 90 tables? How does it handle arbitrary queries that may join 1-6 tables, with conditionals and sorting of arbitrary complexity? Where I work we have over 90 tables and it works fine. We don't run a ticketing system or a huge e-commerce site but our servers are pretty busy and we have no performance problems. Our application layer does not contain a single line of SQL. The entire system is OO Perl and uses an OR-mapping system that entirely abstracts the tables and relationships between them. It works for us. Maybe it wouldn't for a bigger system, but I would also caution people to say that if you find yourself doing joins across up to 6 tables, you're almost certainly doing something wrong from the start and, basically, you're fooked because of shitty design, and O/R or R/O won't help you. We've found the O/R mapping to be an indispensable part of the system. Since all data is contained in objects, the views/widgets don't need to how the data is populated. They access all data through a single interface. This is how our system works too. Less code, fewer bugs (we hope!), faster development time. For us it's awesome; your mileage may vary. As for people claiming never to have seen an OR system that works, I suggest you check out EOF from NeXT/Apple. That puppy runs banks and insurance companies, and usually without needing a line of SQL. It's not perfect, but it's pretty friggin amazing. Each to his/her own. Kyle Dawkins Central Park Software
[OT] WebObjects [Was: Re: separating C from V in MVC]
At 10:59 AM 6/14/02 -0400, kyle dawkins wrote: As for people claiming never to have seen an OR system that works, I suggest you check out EOF from NeXT/Apple. For those of you (like me) who didn't know what EOF is, it stands for Enterprise Object Framework and is part of Apple's WebObjects app server. Which has moved on to Java, and thus is OT. :-) But I've heard many good things about WebObjects, so it's on my wish list of technologies to investigate. Drew == Drew Taylor | Freelance web development using http://www.drewtaylor.com/ | perl/mod_perl/MySQL/postgresql/DBI mailto:[EMAIL PROTECTED] | Email jobs at drewtaylor.com -- Speakeasy.net: A DSL provider with a clue. Sign up today. http://www.speakeasy.net/refer/29655 ==
Re: [OT] WebObjects [Was: Re: separating C from V in MVC]
Drew is correct, EOF stands for Enterprise Object Framework. However, it's not part of the WebObjects app server... it predates WO by a long time (I think it's about 9 or 10 years old) happens to come with WO but is completely separate from it. On Friday 14 June 2002 11:27, Drew Taylor wrote: For those of you (like me) who didn't know what EOF is, it stands for Enterprise Object Framework and is part of Apple's WebObjects app server. Which has moved on to Java, and thus is OT. :-) But I've heard many good things about WebObjects, so it's on my wish list of technologies to investigate. WO is amazing, no two ways about it. Once you use it, everything else sucks. There are no exceptions. Kyle Dawkins Central Park Software
Re: separating C from V in MVC
On Fri, 14 Jun 2002, kyle dawkins wrote: bigger system, but I would also caution people to say that if you find yourself doing joins across up to 6 tables, you're almost certainly doing something wrong from the start and, basically, you're fooked because of shitty design, and O/R or R/O won't help you. This is one of the sillier statements I've seen on this list. If you have complex data with many entities (and thus many tables) and you have complex queries then you can easily find yourself joining many tables. This is hardly a sign of bad design. In fact, it may be a sign of good (normalized) design. If _all_ of your queries are against 1 table at a time, that seems a lot more worrisome to me (because it suggests insufficient or non-existent normalization). -dave /*== www.urth.org we await the New Sun ==*/
Re: separating C from V in MVC
Fran, I think the key here is taking care of the 80% easily. This has been mentioned in this thread several times, and in previous threads. No, I don't think there will ever be an (efficient) wrapper that can handle ALL the cases and ALL the possible SQL queries. But if you can handle the majority of them easily with a wrapper, and that wrapper also provides a way to get at the SQL directly (I heard SPOPS as being good for this), then that is a lot of work saved. Work saved = money time saved = you look better to your boss. Both approaches have merit, so the trick is to determine which one is best for your situation. At my day job, the tables are relatively denormalized, ie. very wide, so a wrapper can easily work. At a previous job I was working to encapsulate all the SQL calls into a single module. The ability to find the approach that works best for you is the difference between a grunt and a good software engineer. :-) Drew At 01:30 AM 6/14/02 -0400, Fran Fabrizio wrote: I don't typically find apps that just mirror some subset of one of the db tables to be all that interesting. After all, it's the relationships between the data that make the data interesting, and by necessity this means your queries will be complex. And looking over the stuff outlined at poop.sourceforge.net, there's not too many models/frameworks out there that can accurately abstract ALL of SQL, and if it only does a subset, I feel like that's shooting myself in the foot. == Drew Taylor | Freelance web development using http://www.drewtaylor.com/ | perl/mod_perl/MySQL/postgresql/DBI mailto:[EMAIL PROTECTED] | Email jobs at drewtaylor.com -- Speakeasy.net: A DSL provider with a clue. Sign up today. http://www.speakeasy.net/refer/29655 ==
Re: tutorials (was: Re: rfc Apache::Dynagzip)
From: Igor Sysoev [EMAIL PROTECTED] Can you show me URL with Vary and Expires that MSIE would cache. You have this combination when you access my preview with your MSIE by HTTP/1.1 with no proxy (it's still old version of Apache::CompressClientFixup installed over there). The lifetime of local cache is 5 minutes, defined by my Expires. Within this time the browser will not even try to access the server when you try to reach the same URL. Instead, it restarts the page from the local cache. It's important to point out that all initial JavaScripts will be restarted indeed, so you can rotate your advertisements and dynamic content when needed. The second important point should be mentioned here: when you click the Refresh button, the browser will reload the page from the server unconditionally. It's right, because it is exactly what the end-user expects from the Refresh button. It was tested several times on my commercial handlers. It works fine anywhere (I mean no problem is reported to date). The only issue was mentioned by our testers: the lifetime depends on time accuracy of client side. If your local client's clock is running 1 hour back, the cached copy of my preview will be alive 65 minutes on that machine... 4. You should not unset Accept-Encoding. Better way is to set $r-note('disable_gzip'). Sometimes it seems like Igor does not really understand what he is speaking about. No comments. I mean that that you should not change any incoming header. ?! No comments. How can I log a real Accept-Encoding header if you unset it ? There is more than one way to do this, using mod_perl. Thanks, Slava
Re: PerlSetVar WhatEverSecure
On Thu, Jun 13, 2002 at 09:42:41PM -0700, Jim Helm wrote: It's not the prettiest in the world, but try this (see attached file). Thanks for the pointers; I'll give it a look-over... -- Brian 'you Bastard' Reichert[EMAIL PROTECTED] 37 Crystal Ave. #303Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path
Re: mod_perl/passing session information (MVC related, maybe...)
To Ward's first post: I think one may even doesn't need server cookie. Using a client-site cookie fits exactly the need. Peter - Original Message - From: Rob Nagler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 7:49 PM Subject: Re: mod_perl/passing session information (MVC related, maybe...) Perrin Harkins writes: My preferred design for this is to set one cookie that lasts forever and serves as a browser ID. I like this. It's clean and simple. In this sense, a browser is not really a session. The only thing I don't like is garbage collection. unique browser ID (or session ID, if you prefer to give out a new one each time someone comes to the site) lets you track this for unregistered users. We call this a visitor id. In the PetShop we have a cart id, but we're not too happy with the abstraction. I don't see that as a big deal. You'd have to delete lots of other data associated with a user too. Actually deleting a user is something I've never seen happen anywhere. We do. Especially when we went from free to fee. :-( The big issue I have with session data is that it is often a BLOB which you can't query. Well, eToys handled more than 2.5 million pages per hour, but caching can be important for much smaller sites in some situations. I'd like numbers on smaller and some. :) Here's a situation where a small site could need caching: We cache, too. An interesting query is the club count on bivio.com's home page. The count of clubs is a fast query, but the count of the members is not (about 4 seconds). We compute a ratio when the server starts of the members to clubs. We then run the club count query and use the ratio to compute the member count. We restart the servers nightly, so the ratio is computed once a day. Maybe I just have bad luck, but I always seem to end up at companies where they give me requirements like these. It's the real world. Denormalization is necessary, but only after you test the normal case. One of the reasons I got involved in this discussion is that I saw a lot of messages about solutions and very few with numbers identifying the problem. Rob
Re: tutorials (was: Re: rfc Apache::Dynagzip)
On Fri, 14 Jun 2002, Slava Bizyayev wrote: From: Igor Sysoev [EMAIL PROTECTED] Can you show me URL with Vary and Expires that MSIE would cache. You have this combination when you access my preview with your MSIE by HTTP/1.1 with no proxy (it's still old version of Yes, your response is really cached at least in MSIE 5.5. I have just investigate this. Responses with Vary: Accept-Encoding and Content-Encoding: gzip are cached by MSIE. The Expires header is not needed. Responses with Vary: Accept-Encoding but without Content-Encoding: gzip are not cached by MSIE. Furthermore, responses with Vary: Any,dummy,words and Content-Encoding: gzip are also cached by MSIE. And as I said before responses with Vary: Any,dummy,words and without Content-Encoding: gzip are not cached by MSIE. All these was tested with MSIE 5.5 only. 4. You should not unset Accept-Encoding. Better way is to set $r-note('disable_gzip'). Sometimes it seems like Igor does not really understand what he is speaking about. No comments. I mean that that you should not change any incoming header. ?! No comments. How can I log a real Accept-Encoding header if you unset it ? There is more than one way to do this, using mod_perl. I mean that handler can do following: if ($r-headers_in(Accept-Encoding) =~ /gzip/ and not $r-note(disable_gzip)) { do gzipping } Igor Sysoev http://sysoev.ru
Re: location of LoginScript in Apache::AuthCookie* modules
ED == Eric Doutreleau [EMAIL PROTECTED] writes: ED Right now i would like to make user authenticate throug a SSL ED page. ED In order to do that i modify the configuration script to use ED PerlSetVar WhatEverLoginScript https://corbeau/perl/login.pl Well, in order to be able to get the original location, this has to be done via an internal redirect. When you switch protocols (ie, from http to https) you cannot do internal redirect. But really, your login page doesn't need to be ssl secured as there is no information in it. What you want is the target of the from in that page to be aimed at an SSL URL. That's the transaction you want secured, since that's where the id/password are sent. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D.Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Re: tutorials (was: Re: rfc Apache::Dynagzip)
On Sat, 15 Jun 2002, Igor Sysoev wrote: I mean that handler can do following: if ($r-headers_in(Accept-Encoding) =~ /gzip/ and not $r-note(disable_gzip)) { do gzipping } I understand your point of view, even I prefer Slava's approach. I'm asking myself why you will need to log that particular header. It is not a provocation, I don't understand the usefulness of logging the status of an header that can be deduced undoubtedly from the signature of browser issuing the request. Ciao, Valerio Valerio Paolini, http://130.136.3.200/~paolini -- what is open-source about? Learn, and then give back
Re: tutorials (was: Re: rfc Apache::Dynagzip)
From: Igor Sysoev [EMAIL PROTECTED] Yes, your response is really cached at least in MSIE 5.5. Thanks. ... I mean that handler can do following: if ($r-headers_in(Accept-Encoding) =~ /gzip/ and not $r-note(disable_gzip)) { do gzipping } Should we consider this the only possible way to write compression handlers? Folks used to implement some different approach (clear and simple), common to all mod_perl compressors listed in the tutorial. It works fine. See sources for details. Thanks, Slava
[1.27] Tests don't pass on Cygwin
Hi, In trying to figure out how to get mod_perl to work on Cygwin (I'm convinced it's possible.. I've been able to compile and make install with some help, and got Apache::Status working), now i want to get the tests passing (it makes me feel much better). Here's the make test output: cp t/conf/mod_perl_srm.conf t/conf/srm.conf ../apache_1.3.24/src/httpd -f `pwd`/t/conf/httpd.conf -X -d `pwd`/t httpd listening on port 8529 will write error_log to: t/logs/error_log letting apache warm up...\c done /usr/bin/perl t/TEST 0 still waiting for server to warm up...not ok server failed to start! (please examine t/logs/error_log) at t/TEST line 95. make: *** [run_tests] Error 9 Error log: [notice] Destruction-DESTROY called for $global_object Prototype mismatch: sub Socket::INADDR_ANY vs () at /usr/lib/perl5/5.6.1/cygwin-multi/Socket.pm line 329. Prototype mismatch: sub Socket::INADDR_BROADCAST vs () at /usr/lib/perl5/5.6.1/cygwin-multi/Socket.pm line 330. Prototype mismatch: sub Socket::INADDR_LOOPBACK vs () at /usr/lib/perl5/5.6.1/cygwin-multi/Socket.pm line 331. Prototype mismatch: sub Socket::INADDR_LOOPBACK vs () at /usr/lib/perl5/5.6.1/cygwin-multi/Socket.pm line 332. Subroutine fileparse_set_fstype redefined at /usr/lib/perl5/5.6.1/cygwin-multi/File/Basename.pm line 153. Subroutine fileparse redefined at /usr/lib/perl5/5.6.1/cygwin-multi/File/Basename.pm line 167. Subroutine basename redefined at /usr/lib/perl5/5.6.1/cygwin-multi/File/Basename.pm line 224. Subroutine dirname redefined at /usr/lib/perl5/5.6.1/cygwin-multi/File/Basename.pm line 237. [Sat Jun 15 00:08:55 2002] [warn] [notice] child_init for process 1372, report any problems to [no address given] [Sat Jun 15 00:08:55 2002] [error] [client 127.0.0.1] File does not exist: ./t/docs/test.html [Sat Jun 15 00:08:56 2002] [error] [client 127.0.0.1] File does not exist: ./t/docs/test.html [Sat Jun 15 00:08:58 2002] [error] [client 127.0.0.1] File does not exist: ./t/docs/test.html [Sat Jun 15 00:09:01 2002] [error] [client 127.0.0.1] File does not exist: ./t/docs/test.html [Sat Jun 15 00:09:05 2002] [error] [client 127.0.0.1] File does not exist: ./t/docs/test.html [Sat Jun 15 00:09:05 2002] [error] [client 127.0.0.1] File does not exist: ./t/docs/test.html Atfer this, I find httpd hanging. mod_perl was build with Apache 1.3.24, with these options (makepl_args.mod_perl): APACHE_SRC=../apache_1.3.24/src USE_APACI=1 EVERYTHING=1 PERL_EXTRA_CFLAGS=-DUSEIMPORTLIB DO_HTTPD=1 APACI_ARGS=--enable-rule=SHARED_CORE APACI_ARGS=--enable-module=so Furthermore, I have this patch applied (this one's for 1.26, but passes cleanly for 1.27), which curent the mod_perl build process for me (for those having problems building on Cygwin, yu should apply this patch): diff -ru mod_perl-1.26/Makefile.PL mod_perl-1.26-new/Makefile.PL --- mod_perl-1.26/Makefile.PL Thu Jul 12 04:42:04 2001 +++ mod_perl-1.26-new/Makefile.PL Thu Apr 18 13:06:03 2002 @@ -999,7 +999,7 @@ if($USE_APACI and not $PREP_HTTPD and not $USE_APXS) { my $shrpenv = $Config{shrpenv} || ; $shrpenv .= ' ' if $shrpenv; - my $cmd = CC=\${shrpenv}$Config{cc}\ ; + my $cmd = CC=\$Config{cc}\ ; if($PERL_EXTRA_CFLAGS) { $cmd .= qq(CFLAGS=$PERL_EXTRA_CFLAGS ); diff -ru mod_perl-1.26/apaci/libperl.module mod_perl-1.26-new/apaci/libperl.module --- mod_perl-1.26/apaci/libperl.module Wed Aug 4 04:00:11 1999 +++ mod_perl-1.26-new/apaci/libperl.module Sat Feb 16 00:27:44 2002 @@ -49,6 +49,7 @@ if [ .$my_buildtype = .OBJ ]; then my_perl_libs=`egrep '^PERL_LIBS=' $my_outfile | tail -1 | cut -d= -f2-` LIBS=$LIBS $my_perl_libs +LD_SHCORE_LIBS=$LD_SHCORE_LIBS $my_perl_libs fi # Perl support for SSI (mod_include) diff -ru mod_perl-1.26/apaci/mod_perl.config.sh mod_perl-1.26-new/apaci/mod_perl.config.sh --- mod_perl-1.26/apaci/mod_perl.config.sh Fri Jul 6 22:41:03 2001 +++ mod_perl-1.26-new/apaci/mod_perl.config.sh Thu Apr 18 13:06:03 2002 @@ -1,3 +1,4 @@ +#!/bin/sh ## ## mod_perl.config.sh -- mod_perl configuration transformation script ## Written by Ralf S. Engelschall [EMAIL PROTECTED] diff -ru mod_perl-1.26/src/modules/perl/mod_perl.h mod_perl-1.26-new/src/modules/perl/mod_perl.h --- mod_perl-1.26/src/modules/perl/mod_perl.h Wed Jul 11 05:36:16 2001 +++ mod_perl-1.26-new/src/modules/perl/mod_perl.h Thu Apr 18 13:06:03 2002 @@ -67,9 +67,6 @@ #ifndef IS_MODULE #define IS_MODULE #endif -#ifndef SHARED_MODULE -#define SHARED_MODULE -#endif #ifdef PERL_THREADS #define _INCLUDE_APACHE_FIRST perl -V: Summary of my perl5 (revision 5.0 version 6 subversion 1) configuration: Platform: osname=cygwin, osvers=1.3.2(0.3932), archname=cygwin-multi uname='cygwin_nt-4.0 loreley 1.3.2(0.3932) 2001-05-20 23:28 i686 unknown ' config_args='-de -Dusemultiplicity' hint=recommended, useposix=true, d_sigaction=define
Re: PerlSetVar WhatEverSecure
On Thu, 13 Jun 2002, Brian Reichert wrote: Apache::AuthTicket says: Finally, by using the Secure mode of Apache::AuthCookie, the ticket is not passed over unencrypted connections. Passed in what direction? Client - server. rfc2109 says: Secure Optional. The Secure attribute (with no value) directs the user agent to use only (unspecified) secure means to contact the origin server whenever it sends back this cookie. The user agent (possibly under the user's control) may determine what level of security it considers appropriate for secure cookies. The Secure attribute should be considered security advice from the server to the user agent, indicating that it is in the session's interest to protect the cookie contents. see http://www.ietf.org/rfc/rfc2109.txt It would only go server-client if the client made a SSL request. No. Your browser should not return the cookie to the server if the connection is not secure (meaning encrypted via SSL in practicality). The converse is not true. The cookie *WILL* be sent from server to your browser. If your browser misbehaves with it by returning it over a non-ssl connection, then your browser is broken and theres nothing AuthCookie can do to prevent that. I suppose my real question is: How can I intercept a unencrypted request for a protected document, but have the login form be submitted over an encrypted channel? THere are lots of ways to do this. One way that comes to mind is using mod_rewrite to check of the user is in HTTPS mode or not, and if not, then redirect them to HTTPS. Mike