Re: [mp2.0] wrong crypt behavior

[Ask Bjoern Hansen]

On Thu, 10 Oct 2002, Ask Bjoern Hansen wrote:

 On Fri, 6 Sep 2002, [iso-8859-2] Tomá¹ Procházka wrote:

  Problem:  Sometimes, although user entered correct password, is
  authentication rejected. I tried logging values of $real_pass and
  $test_pass and they differed. When I add line

 Did anyone figure this out?

Rick Bradley did, but only posted it on the dev@ list where I didn't
catch it.  It's a bug in glibc 2.2.5 on linux:
  http:[EMAIL PROTECTED]/msg85673.html


 - ask

-- 
ask bjoern hansen, http://www.askbjoernhansen.com/ !try; do();

[OT] Re: Testing mod_perl app on Windows

[Issac Goldstand]

FYI: MS Windows .NET server (which is the XP server equivalent) is available
for beta.  Find out at windowsbeta.microsoft.com

  Issac

- Original Message -
From: Adam Nelson [EMAIL PROTECTED]
To: 'Ken Y. Clark' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Friday, October 11, 2002 4:07 PM
Subject: RE: Testing mod_perl app on Windows


 ME is just windows 98 with some bells and whistles.  If you want server,
 then win2k Server is still the standard (XP is only for
 workstation/desktop).

 I think mod_perl/Apache will run fine on ME,2000,XP,and even 98.  But
 for real server environment, the choice is 2000 Server.

 -Original Message-
 From: Ken Y. Clark [mailto:[EMAIL PROTECTED]]
 Sent: Friday, October 11, 2002 8:32 AM
 To: [EMAIL PROTECTED]
 Subject: Testing mod_perl app on Windows


 My boss has asked me to pick up a Windows box so that I can test my
 application using the standard browsers on that OS.  OK, I can see
 how it is a Good Thing to make sure that those people unfortunate
 enough to use Windows are able to use my application without errors.
 But I also had another idea:  As I'm trying to make sure my code is
 platform-neutral, I'd like to try installing everything on the Windows
 platform as some people who download my app might try to do this.
 Not having touched Windows in about 3 years, all the different
 products really confuse me.  When I go to the local PC store to pick
 up a box, what should I ask for?  Windows 2000, ME, XP?  Is there a
 specific XP server, or can I install Apache/mod_perl on the standard
 desktop OS?

 ky

Re: [OT] migrating from Apache to iPlanet; any mod_perl counterpart?

[Lupe Christoph]

On Wednesday, 2002-10-09 at 18:22:24 -0400, Steve Grazzini wrote:
 On Wed, Oct 09, 2002 at 02:43:18PM -0700, Paul wrote:

  The company is making us migrate (some baloney about being legally
  vulnerable because we're using open source)

 If they won't let you use open-source tools, then the
 answer is definitely yes.  (Perl is open-source.)

As are all modules on CPAN. If they really mean this, you will have to
rewrite in a language that has a closed-source compiler, using only
modules that are not available in source. Do not use any code examples,
too, just to be sure ... =:-|

If you want to be sure you are implementing what *they* want, you better
ask *them* where Open Source stops. Steve's point about perl being
open source may be important for your career ;-) (As in Career-limiting
move)

 And migrating from a relational database to LDAP might
 not be as obvious as... oh well.

Depending on what you do, it may not even be suitable. LDAP organizes
data hierarchically. It hangs attributes off objects. Generally, LDAP
databases are slower than RDBMSes.

HTH,
Lupe Christoph
-- 
| [EMAIL PROTECTED]   |   http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be|
| unsinkable. The designer had a speech impediment. He said: I have |
| thith great unthinkable conthept ...  |

Re: perl script not reloading

[Ged Haywood]

Hi there,

On Sat, 12 Oct 2002, Michael Grant wrote:

 I did this and it still doesn't reload the script.  
 
 I added it just after the LoadModule:
 
 LoadModule perl_modulelibexec/apache/libperl.so
 PerlInitHandler Apache::StatINC
 
 It's a single main script, not a module.

Have you tried

perldoc Apache::StatINC

?

73,
Ged.

CGI parameters appear to be doubled on 8 bit chars...

[Rob Mueller]

Just wondering if anyone has seen this problem before, or has a general
solution to it. Basically what we see, is that with some submitted forms,
usually with 8 bit data, the POST parameters passed become 'doubled'. The
problem is that we have a loop like this to gather out all the parameters
early on in our handler code.

  foreach my $Key ($R-param) {
my ($UKey, UParam) = ($Key, $R-param($Key));

$CGIState{$UKey} = scalar(UParam)  1 ? \@UParam : $UParam[0];
  }

The result is that we end up with an array reference for every parameter,
instead of a scalar value. And we can't just always take the first value,
because multi-select list boxes also return array values, and we don't know
at this stage in the code what type of form element each param comes from.

In general, the values are the same, except where there is 8 bit data, in
which case the 2 versions are different. Here's an example of what we see:

$VAR1 = {
   'LastScreen' = [
 '/MR-@0,324,',
 '/MR-@0,324,'
   ],
   'Subject' = [
 'Blah blah blah',
 'Blah blah blah'
   ],
   'Message' = [
 '#8216;blah blah#8217; blah blah #8216;blah blah#8217; blah.',
 '91blah blah92 blah blah 91blah blah92blah.'
   ]
}

(The 91 etc are highlighted when using 'less', so I presume that probably
means it's hex code 0x91)

So it seems somewhere the 8 bit data is coming as both HTML entity versions,
and the raw 8 bit data version. I'm not sure if this is IE or mod_perl doing
this, though I'm guessing it's IE.

So in general, my questions are:
1. Have people seen this before, and how do you generally deal with it?
2. Actually how do you handle in general 8 bit data? How do you know which
charset it's coming as?
3. Is there any documentation anywhere on why this is happening? Who is
sending the two versions? How to detect it?

Any help or pointers on dealing with these issues would be appreciated.

Thanks

Rob

Re: OT: Are things really this bad?

[Lupe Christoph]

On Saturday, 2002-10-12 at 11:50:12 +0100, Dave Hodgkinson wrote:
 Todd Finney [EMAIL PROTECTED] writes:

 Over here, the barometer looks like:

For what it's worth, here is the major Freelancer/Professional Services
site in Germany:

  http://www.gulp.de/kb/tools/gulpometer.html

If you want to have some statistics (in German!), go to
  http://www.gulp.de/kb/tools/trend.html

Enter Web and Perl, and set the first oder to und. Click on
Analysieren. You'll get project inquiries, project inquiries by German
zipcode region, Prozentuale Verteilung der Stundensätze (percentage
distribution of hourly rates), some others of less interest, and at the
end age distributions for the two keywords and over all freelancers at
Gulp and all project inquiries at Gulp.

Makes me feel old. I'm 48...

If you don't want to do that, the hourly rates are:

Web 72,22 EUR
Perl69,29 EUR
All Freelancers 72,72 EUR
All Inquiries   75,25 EUR

1 EUR = 0.9860 US$.

The UK site says the going rate overall is 19 Pounds. That is 30 EUR or
US$. No wonder I'm meeting lots of British people when I visit clients.

Lupe Christoph
-- 
| [EMAIL PROTECTED]   |   http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be|
| unsinkable. The designer had a speech impediment. He said: I have |
| thith great unthinkable conthept ...  |

Re: Apache::DBI and CGI::Application with lots of modules.

[Eric Frazier]

Hi,

Here is the kind of thing that is driving me nuts. Please see: 
http://perl.apache.org/docs/general/perl_reference/perl_reference.html#Remed
ies_for_Inner_Subroutines

If what this says is true, then either I don't have a closure type problem,
or else what is says isn't true. It says that 
if I have this situation, I will get a warning. I am not getting any
warnings, but I am getting this behaviour with my search queries getting stuck


The only thing I do is again, copied from the perltoot 


package Searches;

use strict;
use Carp;
use vars qw($dbh);
use gentimeid; # generate time id based
use Calc_Price; # get totals  
use warnings;
# use DBIx::XHTML_Table;  # maybe later
use QueryPrint;

#use Data::Dumper;



# These searches are restricted to user level searches, there will be a
admin level search for 
# managment reports 

$dbh = db_connect();


# requires a $q query object to be init.



sub new {
my $self  = {};
my $proto = shift;
my $class = ref($proto) || $proto;
$self-{queryobject}   = undef;
$self-{isDomestic} = undef;
$self-{isInternational} = undef;
$self-{isShippingSame} = undef;
$self-{CustIsInserted} = undef;
$self-{OrderIsInserted} = undef;
$self-{CustNum} = undef;
$self-{OrderNum} = undef;
bless ($self, $class);
return $self;
}


sub queryobject {
  
  my $self = shift;
  if (_) { $self-{queryobject} = shift }
  return $self-{queryobject};
}


 Other stuff not used yet



sub LookupOrder {

my $self = shift;
my $q = $self-{queryobject};
my $output = '';
my $hasparameter = 0;



... Build a query from CGI.pm vars passed in though queryobject





... 


$order_name_qu .=  ORDER BY $orderby ; # the query string is here


if ($hasparameter == 1) {  # if something was filled in the search form

my $sth = $dbh-prepare($order_name_qu) or confess(Main search
failed $order_name_qu);
$sth-execute() or confess(Main search failed $order_name_qu);  

my $headers = $sth-{'NAME'};   

my rows= $sth-fetchall_arrayref();

my $resulthtml = new QueryPrint(ResultSet = rows,
Action = 'customer',
ColumnList = $headers);

my $html = $resulthtml-SetAction();  # sets a template type in the
QueryPrint module
$output = $resulthtml-QueryPrint();  
$sth-finish();
#warn QUERY - $order_name_qu;
undef rows;
undef $resulthtml;
undef $order_name_qu;
return $output;

} else {


return no query to do;

}


Then this is all called from my CGI::Application module

sub customer_display{

my $self = shift;
my $q = $self-query();

my $customersearch = new Searches();
$customersearch-queryobject($q); # set the query

my $header = parse_header($self);
return $header . $customersearch-LookupCustName(); 

}


So going nuts now, where is the problem?  My QueryPrint module is pretty
much the same, so if this is ok, it should be as well. 


Thanks,

Eric 



Are you using any modules that have subs with sub ref prototypes, like 
Error.pm?  That can do it.

All I have read says that because I am using oop
modules and use strict along with use vars that should not happen.


It's actually really easy to create closures.  Here is a closure:

my $holdtype = $q-param('holdstate');
display_holdtype();

sub display_holdtype {
print holdtype: $holdtype in process $$\n;
}

This will always print whatever the value was the first time, no matter 
what you change it to later.  (The first time for that process, that 
is.)  Watch out for things like that.  You should always pass params 
explicitly.

4. I know the way I have done these db connects is sloppy. But I can't seem
to find a better way. Could I make one db_connect sub,and inherite it all
though my modules? 


Make one sub that returns a database handle and use it from everywhere. 
 Doesn't need to be inherited, you can just stick it in a module that 
all the other modules call.

Hope some of that was helpful,
Perrin


(250) 655 - 9513 (PST Time Zone)

Inquiry is fatal to certainty. -- Will Durant 

Re: CGI parameters appear to be doubled on 8 bit chars...

[Steven Lembark]

 $VAR1 = {
'LastScreen' = [
  '/MR-@0,324,',
  '/MR-@0,324,'
],
'Subject' = [
  'Blah blah blah',
  'Blah blah blah'
],
'Message' = [
  '#8216;blah blah#8217; blah blah #8216;blah blah#8217; blah.',
  '91blah blah92 blah blah 91blah blah92blah.'
]
 }

If you know the fields that are supposed to have select
lists on them (e.g., select_list{qw(field field field)} = 1)
then you can walk down the list and compare ref $contents with
$select_list{$name}. If both are true then it's a list, else
it's 8 bit junk in two fields; both false gives you a normal
field.




--
Steven Lembark   2930 W. Palmer
Workhorse Computing   Chicago, IL 60647
+1 800 762 1582

serving large files with access controls

[Erik Rantapaa]

Suppose I have a typical proxied mod-perl setup and I
have a large (~ 650 MB) file I'd like to provide
authenticated access to. The mod-perl server will be
doing the authentication, but for performance
considerations I'd like the proxy server to serve the
file directly instead of having the mod-perl server
first forward the file to the proxy.

Is there a way to do this so that access to the file
would be _impossible_ unless the user is authenticated
by the mod-perl server? I am looking for a solution
that can guarantee that there is no way to circumvent
the authentication process. I can think of solutions
where the probability that users can access the file
without authenticating can be made very small, but I
am looking for an absolute guarantee.

Regards,

Erik Rantapaa
[EMAIL PROTECTED]


__
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos  More
http://faith.yahoo.com

Re: serving large files with access controls

[Steven Lembark]

 Is there a way to do this so that access to the file
 would be _impossible_ unless the user is authenticated
 by the mod-perl server? I am looking for a solution
 that can guarantee that there is no way to circumvent
 the authentication process. I can think of solutions
 where the probability that users can access the file
 without authenticating can be made very small, but I
 am looking for an absolute guarantee.

Impossible, no. If the proxy server can handle FTP
then one way is to have the source directory mods
at 0711. That requires knowing the file name to
get it; no listings w/o read access. After that you
can have the web server, say, symlink a file with
some temp name and redirect the user to the ftp
server.

Net result is that the proxy handles an ftp request
for a name that is temporary to the download and hard
to guess.



--
Steven Lembark   2930 W. Palmer
Workhorse Computing   Chicago, IL 60647
+1 800 762 1582

Re: [OT] migrating from Apache to iPlanet; any mod_perl counterpart?

[Paul]

*They* don't know what they mean, but we're getting a variance for Perl
(supposedly). No such luck for mysql or apache


--- Lupe Christoph [EMAIL PROTECTED] wrote:
 On Wednesday, 2002-10-09 at 18:22:24 -0400, Steve Grazzini wrote:
  On Wed, Oct 09, 2002 at 02:43:18PM -0700, Paul wrote:
 
   The company is making us migrate (some baloney about being
 legally
   vulnerable because we're using open source)
 
  If they won't let you use open-source tools, then the
  answer is definitely yes.  (Perl is open-source.)
 
 As are all modules on CPAN. If they really mean this, you will have
 to
 rewrite in a language that has a closed-source compiler, using only
 modules that are not available in source. Do not use any code
 examples,
 too, just to be sure ... =:-|
 
 If you want to be sure you are implementing what *they* want, you
 better
 ask *them* where Open Source stops. Steve's point about perl being
 open source may be important for your career ;-) (As in
 Career-limiting
 move)
 
  And migrating from a relational database to LDAP might
  not be as obvious as... oh well.
 
 Depending on what you do, it may not even be suitable. LDAP organizes
 data hierarchically. It hangs attributes off objects. Generally, LDAP
 databases are slower than RDBMSes.
 
 HTH,
 Lupe Christoph
 -- 
 | [EMAIL PROTECTED]   |  
 http://www.lupe-christoph.de/ |
 | Big Misunderstandings #6398: The Titanic was not supposed to be
|
 | unsinkable. The designer had a speech impediment. He said: I have 
|
 | thith great unthinkable conthept ...  
|


__
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos  More
http://faith.yahoo.com

Apache::Reload - patch - fixes problems with using dynamic @INC

[Randy Harmon]

I started using a dynamic INC (set up in a TransHandler), and discovered
that Apache::Reload (v0.07) was not doing its job correctly in that case.
Note, changing INC in a transhandler won't have the desired Apache::Reload
effects unless the PerlInitHandler for Apache::Reload is placed in a
Location section of httpd.conf.

The following patch corrects this, though it adds a few extra stat() calls
if the module is found at the end of INC instead of near the beginning (as
mine are).  You could make this behavior an optional one for strange folks
like me :).  Oh, I just added that to the patch manually:

   PerlSetVar ReloadDynamicInc 1

...will enable this INC-scanning behavior.  I think I hacked the patch
correctly :)

Note, if a module is loaded with one INC, then on a subsequent request,
INC changes such that the module would be not-found, the module is not
removed from memory.  If you do that and use it from a script (served when
INC doesn't have the module), you'll get erratic behavior - it'll work fine
sometimes and error out other times.  So don't do that., as a wise man
said.  Instead, make sure INC always has the right libs for your script -
test from a freshly-started server to be sure.

Separate from this strange Dynamic-@INC use case, there's another bug in the
release version of the module: if you moved a module from one INC dir to
another, the INC loop at the top of handler() would not find the file, as
it was looking for inc-dir/full-path-name instead of
inc-dir/relative-path-name.  This patch should fix this too, whether
ReloadDynamicInc is used or not.

I haven't tested this with wildcard settings or ReloadAll.

Enjoy,

Randy


--- Reload.pm   Sat Oct 12 16:22:02 2002
+++ Reload.pm.new   Sat Oct 12 17:08:07 2002
 -108,35 +108,40 

 while (my($key, $file) = each %Apache::Reload::INCS) {
 local $^W;
 warn Apache::Reload: Checking mtime of $key\n if $DEBUG;

 my $mtime = (stat $file)[9];

-unless (defined($mtime)  $mtime) {
-for (INC) {
-$mtime = (stat $_/$file)[9];
-last if defined($mtime)  $mtime;
-}
-}
+
+my $found = $file;
+if( $r-dir_config(ReloadDynamicInc) || !$mtime ) {
+# seek out the file in INC.
+my $mt;
+for (INC) {
+$mt = (stat $_/$key)[9];
+$mtime = $mt, $found = $_/$key, last if defined($mt) 
$mt;
+}
+}
+
 warn(Apache::Reload: Can't locate $file\n),next
 unless defined $mtime and $mtime;

 unless (defined $Stat{$file}) {
 $Stat{$file} = $^T;
 }

-if ($mtime  $Stat{$file}) {
+if( $found ne $file || $mtime  $Stat{$file} ) {
 delete $INC{$key};
 if (my $symref = $UndefFields{$key}) {
 #warn undeffing fields\n;
 no strict 'refs';
 undef %{$symref};

Re: serving large files with access controls

[Peter Bi]

We talked about this limiation of the dual setup before. There is no
solution publically available. But you can try this:
1) check http://modperl.home.att.net or similar cookie-based ticketing
system.
2) write a ticket-client module in C and load it into the proxy server (I
have one based on libapreqs).
3) you can use the same ticket issuer mod_Perl module in the server
machine, or any language as far as it can generate a valid cookie.
4) then serve the large file directly via the proxy server.

Peter

- Original Message -
From: Erik Rantapaa [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, October 13, 2002 12:54 PM
Subject: serving large files with access controls



 Suppose I have a typical proxied mod-perl setup and I
 have a large (~ 650 MB) file I'd like to provide
 authenticated access to. The mod-perl server will be
 doing the authentication, but for performance
 considerations I'd like the proxy server to serve the
 file directly instead of having the mod-perl server
 first forward the file to the proxy.

 Is there a way to do this so that access to the file
 would be _impossible_ unless the user is authenticated
 by the mod-perl server? I am looking for a solution
 that can guarantee that there is no way to circumvent
 the authentication process. I can think of solutions
 where the probability that users can access the file
 without authenticating can be made very small, but I
 am looking for an absolute guarantee.

 Regards,

 Erik Rantapaa
 [EMAIL PROTECTED]


 __
 Do you Yahoo!?
 Faith Hill - Exclusive Performances, Videos  More
 http://faith.yahoo.com

ANNOUNCE: Mason 1.15

[Dave Rolsky]

This release is all about bug fixes.  Basically, %filter blocks have
been a bit borked in various ways (different in different releases) since
1.10, and now they should be in good shape.

There were a number of test failures reported over the past several
releases, almost of which were actually problems with the tests, and we
think we've now taken care of those too (although I'm sure someone using
Win32 will find some new weird bug for us ;)

Finally, the docs in 1.14 had a number of bad links in the HTML versions,
as well as some buglets in the POD.  This should also be resolved.

The goal for 1.1x is now to become as stable and well-documented as
possible.  We will not be adding any new large features, and small ones
will have to either extremely well-contained or extremely well-justified.
The next couple releases will aim to A) improve the docs, particularly
focusing on a revamp of the Admin guide in regards to configuring Masona
and B) improve performance wherever possible, and of course C) fix any
remaining bugs.

Eventually, we'll fork the code base again and start breaking things in
preparation for an eventual 1.20 (or maybe some other version number cause
we might get to 1.20 just by small bugfix/doc/performance releases), which
will incorporate new features such as .NET compliance, full support for
_all_ XML specs, and a special NP-problem solving module, plus a brand
new set of ginsu knives.


1.15  October 14, 2002

[ BUG FIXES ]

- Fixed a number of problems with filters:
-- They didn't see changes made to %ARGS (they were seeing a copy).
-- They couldn't see any variables declared in %args blocks.
-- The presence of a filter caused a call to $m-flush_buffer,
breaking redirects.
- Added a number of tests for filters (*cough*).
- Fixed broken links and other bugs in the POD and HTML versions of
the docs.
- Fixed test failures when running as root.  These failures were not
reflective of bugs in Mason, simply problems in the tests or test
setup.  Now we skip the tests for end user installs (we still run them
during development, never fear).
- HTML::Mason::Request contained code that caused an error when using
the CPAN shell's r command.



-dave (whose mind is apparently blown after several hours too many of
Dance Dance Revolution earlier this evening)


/*==
www.urth.org
we await the New Sun
==*/