Can't call method is_initial_req without a package or object reference at .........
All, I'm having some problems with Apache giving me grief, or most probably me getting my knickers in a complete twist. I get the following error:- Can't call method is_initial_req without a package or object reference at . It seems to happen when my URL ends like this:- /somepath/16 but not when it ends like this:- /somepath/16/ Below is the code which is where the error occurs. sub handler { my $r = My::Apache::Request-instance(shift); print STDERR Dumper($r); print STDERR \n\n\nBOOOBS\n\n\n\n\n; die $r not defined unless $r; return OK unless $r-is_initial_req();#ERROR OCCURS HERE my $uri = $r-uri; my $log = $r-log; .. } The handler is simply a multiplexer which based upon a database configuration adds the relevant method handler to the handlers queue. The 'instance' routine for My::Apache::Request is inheritted from the Apache::Request class. the 'new' routine for My::Apache::Request is as follows:- sub new { my ($class, $r) = @_; my $length=32; unless ($r-is_main ) { print STDERR Apache::Request is not Main, Getting Main\n; print STDERR Dumper($r); $r=$r-main; print STDERR Main Apache::Request is:-\n; print STDERR Dumper($r); print STDERR DECLINING\n; return DECLINED; } unless ($r) { print STDERR making a new Request object\n; $r = Apache-request; } $r=Apache::Request-new($r); my $self = bless {_r = $r}, $class; my $t=substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, $length); $self-{XX_created_time_XX}=$t; my @params=$self-param(); print STDERR Here's the Parameters for $class\n; print STDERR Dumper(@params); my $lang_id=$self-param('lang_id'); if ($lang_id) { $lh=My::Maketext-get_handle($class,$lang_id); } else { $lh=My::Maketext-get_handle($class,My::Conf::DEFAULT_LANGUAGE_ID); } print STDERR Creating .ref($self). $t\n; #$self-interpret_uri; return $self; }
Re: Can't call method is_initial_req without a package or object reference at .........
Ok, that makes sense, thank you:-) But 'What' should I return, is $r-main the right thing to return? unless ($r-is_main ) { print STDERR Apache::Request is not Main, Getting Main\n; print STDERR Dumper($r); $r=$r-main; print STDERR Main Apache::Request is:-\n; print STDERR Dumper($r); print STDERR DECLINING\n; return DECLINED; } you're not returning an object from your constructor on internal redirects :) HTH --Geoff
Re: Can't call method is_initial_req without a package or object reference at .........
Thanks Geoffrey. Marty - Original Message - From: Geoffrey Young [EMAIL PROTECTED] To: Martin Moss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 4:23 PM Subject: Re: Can't call method is_initial_req without a package or object reference at . Martin Moss wrote: Ok, that makes sense, thank you:-) But 'What' should I return, is $r-main the right thing to return? I've found that it's pretty rare that you want to mess with main vs subrequest logic yourself. instead, I would just make the constructor return an object based on whatever mod_perl passes it which is, in turn, whatever request record Apache deems to be the proper one for the current (sub)request. so new() should probably just be something like sub new { my ($class, $r) = @_; $r = Apache::Request-new($r); my $self = bless {_r = $r}, $class; $self-init(); return $self; } if it is important to insure that you only populate object attributes once, even in the case of internal redirects or lookups, you could hang attributes off of pnotes in the main request sub init { my $self = shift; $t = ubstr(Digest::MD5...); if ($r-main) { $self-{XX_created_time_XX} = $t; $self-{_r}-pnotes(XX_created_time_XX = $t) } else { $t = $self-{_r}-main-pnotes('XX_created_time_XX'); } ... } or somesuch. untested, but you get the idea :) HTH --Geoff
font width to pixel width in perl - but also offtopic in javascript
Hi All, I'm sure this can't be an issue that hasn't been tackled, but I couldn't find anything in the archives so:- I'm trying to find a way in which I can calculate the pixel width of a string in a given font. I'm doing this to feed a javascript file, so I am also looking at doing this in javascript also. currently all I can find is the php 'imagefontwidth' function. Does anybody know of an equivalent in perl? I remember having issues like this in TK, but not sure the solution there would be appropriate. I guess this is fuzzily on topic, but if anybody has any off topic experience I'd be greatful. any approx solutions which can 'guarentee' a 'larger than the minimum space required' would also suffice, e.g. is there an approximation which I can use based upon the maximum character width possible for a font etc... Regards Marty
Re: font width to pixel width in perl - but also offtopic in javascript
Thanks, I may well have found a solution within javascript, which is then user end calculated, so more efficient and reliable, But thanks I'll remember GD for later use:-) Marty - Original Message - From: Ken Y. Clark [EMAIL PROTECTED] To: Martin Moss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 2:55 PM Subject: Re: font width to pixel width in perl - but also offtopic in javascript | On Wed, 4 Jun 2003, Martin Moss wrote: | | Date: Wed, 4 Jun 2003 14:46:52 +0100 | From: Martin Moss [EMAIL PROTECTED] | To: [EMAIL PROTECTED] | Subject: font width to pixel width in perl - but also offtopic in | javascript | | Hi All, | | I'm sure this can't be an issue that hasn't been tackled, but I couldn't | find anything in the archives so:- | | I'm trying to find a way in which I can calculate the pixel width of a | string in a given font. | I'm doing this to feed a javascript file, so I am also looking at doing this | in javascript also. | | currently all I can find is the php 'imagefontwidth' function. Does anybody | know of an equivalent in perl? | I remember having issues like this in TK, but not sure the solution there | would be appropriate. | | I guess this is fuzzily on topic, but if anybody has any off topic | experience I'd be greatful. any approx solutions which can 'guarentee' a | 'larger than the minimum space required' would also suffice, e.g. is there | an approximation which I can use based upon the maximum character width | possible for a font etc... | | Regards | | Marty | | Just a wild guess, but perhaps you could load GD.pm and get various | font widths from there? | | ky |
Re: how to secure perl modules?
Hi All, Just to throw a spanner in the works, a little while ago I came across the following Article on the Net. http://www.perl.com/pub/a/2002/10/15/radiator.html From what I can tell The author of the 'radiator' product claims to have successfully shipped 'encrypted' code. I've been pondering how to do this for ages anyay, I realise it's not completely foolproof, but I'm trying to find a mechanism that would stop anybody but a perl litterate hacker from getting at my code. Marty - Original Message - From: Thomas Klausner [EMAIL PROTECTED] To: modperl [EMAIL PROTECTED] Sent: Friday, May 30, 2003 8:58 AM Subject: Re: how to secure perl modules? Hi! On Thu, May 29, 2003 at 10:27:54AM -0700, iCap wrote: i have a collection of perl modules (running under the mod_perl umbrella) and would like to distribute the application to several different sources (clients with open internet web servers). but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. what options do i have (if any) to secure the code so that it can't be 'easily' stolen? 'easily' being the operative word here, as i realize it wont be 100% safe no matter what i do. the ideal would be to perhaps encrypt some of the code, maybe a few of the base configuration modules, maybe even the startup.pl file, others? If you want to make it hard to read the code, use an Obfuscator (eg. Acme::EyeDrops) If want to really secure your code: it's not possible, see this thread on perlmonks: http://www.perlmonks.org/index.pl?node_id=243011 or search in the mailinglist archives. This questions was discussed here a few times. -- #!/usr/bin/perl http://domm.zsi.at for(ref bless{},just'another'perl'hacker){s-:+-$-gprint$_.$/}
Subclassed Apache::Request Objects and their creation/destruction
All,I'm looking for some help with understanding how the Apache::Request objectsare created and destroyed.I have the following params set in my httpd.confKeepAlive OffPerlChildInitHandler Bficient::Apache::DBloadWhich as I understand it should mean that an apache::Request object iscreated for each request, and is destroyed at the end of a request.So if I add 'CREATION and DESTROY' warnings to my Apache::Request code tolog when a request is being created and destroyed I should see the objectsbeing created and destroyed as they are used.This would lead me to believe that when I stop apache, the only DESTROYmessages I should see are those belonging to the childInitHandler, e.g. Ishould see my database handles being destroyed.I'm just trying to get an understanding of what 'should' happen, so that Ican work out If I have a problem with my code.I have subclassed Apache::Request and I'm seeing my subclassedApache::Request objects being'DESTROYED' under an apache stop. AS WELL as after the Request completes,e.g.after the request completes I see this:-$VAR1 = bless( { 'r' = bless( do{\(my $o = 145326836)}, 'Apache::Request' ) }, 'Bficient::Apache::Request' );DESTROYING Bficient::Apache::RequestBut when I stop apache I see this:-$VAR1 = bless( { 'r' = undef }, 'Bficient::Apache::Request' );DESTROYING Bficient::Apache::RequestThis doesn't look 'right', but I'm not sure.Attached is my Bficient::Apache::Request object, If that helps.Any help, or pointers would be greatly appreciated,kind regardsMarty # #Module to sublass Apache to provide Custom Authorisation mechanisms #Using the Apache::Session objects for each user. # package Bficient::Apache::Request; use Bficient::Conf; use lib qw(Bficient::Conf::PERL_LIB_DIR); use Apache::Constants qw(OK REDIRECT SERVER_ERROR DECLINED FORBIDDEN); use Apache::Cookie; use Carp; use Apache::Reload; use Apache::Request; use Bficient::Maketext; use Data::Dumper; use base 'Exporter'; use Bficient::DBI; use Bficient::Apache::DBload qw($bdbh); use MIME::Base64 qw(encode_base64 decode_base64); use strict; @Bficient::Apache::Request::ISA = qw(Apache::Request); my $lh; sub new { my ($class, $r) = @_; #unless ($r) #{ #print STDERR making a new Request object\n; #$r = Apache::Request-new; #} my $self = bless {r = Apache::Request-new($r)}, $class; my @params=$self-param(); print STDERR Here's the Parameters for $class\n; print STDERR Dumper(@params); my $lang_id=$self-param('lang_id'); if ($lang_id) { #print STDERR Using language_id of $lang_id\n; $lh=Bficient::Maketext-get_handle($class,$lang_id); } else { #print STDERR Using Default language_id of Bficient::Conf::DEFAULT_LANGUAGE_ID\nXX\n; $lh=Bficient::Maketext-get_handle($class,Bficient::Conf::DEFAULT_LANGUAGE_ID); } #print STDERR Creating .ref($self).\n; #$self-interpret_uri; return $self; } sub DESTROY { my $self=shift; print STDERR Dumper($self); print STDERR DESTROYING .ref($self).\n; #$self-SUPER-DESTROY(); } sub current_db_id { my $self=shift; my $db_id; if($self-param('db_id')) { $db_id=$self-param('db_id'); die $self-lh-maketext(Empty database ID string Used in Parameters\n) unless $db_id; } else { my $current_plugin=$self-current_plugin; #print STDERR Dumper($current_plugin); my $current_plugin_id=$current_plugin-id; #print STDERR PluginID='$current_plugin_id'\n; my $database=Bficient::Database-new({_load_default_plugin_database=$current_plugin_id,dbh=$bdbh,lang_id=$self-lang_id}); $db_id=$database-id; } return $db_id; } #sub make_plugin_html #{ #my $self=shift; #my $tt_href=shift; # #my $html=''; # #my $db_id=$self-current_db_id; # #my $tt_file = Bficient::Conf::FRAMEWORK_TOPBAR_TEMPLATE; #$tt_file=~s/\/\//\//; #my $template = Template-new(Bficient::Conf::TT2_CONFIG); #my @[EMAIL PROTECTED]::Plugin-all({dbh=$bdbh})}; ##print STDERR Dumper (@plugins); #my @non_admin=(); #foreach my $plugin (@plugins) #{ #if ($plugin-Name eq Bficient::Conf::ADMIN_PLUGIN_NAME ) #{ #$tt_href-{admin_plugin}=$plugin; #} #else #{ #push @non_admin, $plugin; #} #} # #$tt_href-{r}=$self; #$tt_href-[EMAIL PROTECTED]; #$tt_href-{plugin_count}=scalar(@non_admin); #$tt_href-{current_uri}=$self-uri;; # ##print STDERR tt_VARS=\n; ##print STDERR Dumper(%tt_vars); # #my $tt_out=$self-process_template($tt_file, $tt_href); # #return $tt_out; #} sub user_object { my $self=shift; my $session_id=shift; my $uh; if ($uh) { my $un=$uh-UserName; #print STDERR HERE IS MY UH for '$un'\n; #print STDERR Dumper($uh); print STDERR $lh-maketext(Using Previously Cached user_object for
checking what values have been set using pnotes/notes
All, Is there a way to work out what values have been set using pnotes/notes, So that a cleanup Handler can dynamically clear the values, rather than only clear ones pre-programmed? Marty
Can anyone Rcommend a good Apache mailing list
All, I'm having issues with conflicts between using Port and Listen directives for access via LAN and ssh tunnel (or proxy). Can anyone recommend a mailing list I can post my problem to? Kind Regards Marty From les Rosbeufs to les Grenuoilles, Standing up to a bully bigger than you is bravery in motion. (Me.)
Re: [error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106
Is Apache::Session::DB_type Faster than Apache::Session::File? I already use a lot of DB connections and I used Apache::Session::File to reduce this, Marty - Original Message - From: Cees Hek [EMAIL PROTECTED] To: Martin Moss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, February 28, 2003 5:39 AM Subject: Re: [error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106 Quoting Martin Moss [EMAIL PROTECTED]: All, Can Anybody see what I'm doing wrong here? I have the following error :- [error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106. The problem is not with your code, it is that Apache::Session::File does not work in Taint mode. Apache::Session::Store::File gets the session ID from a file (which means session_is is tainted), and then uses the tainted session_id to delete a file (hence the unlink error). A quick fix for this is for you to untaint the session ID yourself after the session has been unserialized. Put the following two lines right after you tie the session: $session{_session_id} =~ /^([a-zA-Z0-9]+)$/; $session{_session_id} = $1; This probably should be fixed in Apache::Session itself as I am sure other people will run into it. By the way, you really shouldn't be using Apache::Session::File anyway for performance reasons. At least use Apache::Session::DB_File which most likely doesn't suffer from this taint problem and will be much quicker. Cees When I run the following subroutine:- sub delete_session { my $self=shift; my $session_id=shift; if ($session_id =~ /^(\w\w*)$/) { $session_id = $1; # $data now untainted } else { die Bad Tainted data in $session_id;# log this somewhere } die $self-{lh}-maketext(No Session_id given) unless ($session_id); my $t=time; my %session; my $Directory = My::Conf::APACHE_SESSIONS_TMPDIR; my $LockDirectory = My::Conf::APACHE_SESSIONS_LOCKDIR; $Directory=XX_GR_XX$Directory.XX_GR_XX; #e.g. '/path/to/dir/' $LockDirectory=XX_GR_XX$LockDirectory.XX_GR_XX; #e.g. '/path/to/dir/' if ($Directory =~ /^XX_GR_XX(.*)XX_GR_XX$/) { $Directory = $1; # $data now untainted } else { die Bad Tainted data in $Directory;# log this somewhere } if ($LockDirectory =~ /^XX_GR_XX(.*)XX_GR_XX$/) { $LockDirectory = $1; # $data now untainted } else { die Bad Tainted data in $LockDirectory;# log this somewhere } #Load an existing session eval { tie %session, 'Apache::Session::File',$session_id, { Directory = Bficient::Conf::APACHE_SESSIONS_TMPDIR, LockDirectory = Bficient::Conf::APACHE_SESSIONS_LOCKDIR, }; }; if ($@) { die $self-{lh}-maketext(Couldn't Load Apache::Session - \[_1]\ For '\[_2]\',$@,$self-UserName); } print STDERR Just about to unlink\n; tied(%session)-delete; return 1; }
Re: [error] Insecure dependency in unlink while running with -Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line106
heheheh, I can't use Apache::DBI. I have multiple database connections.which are authenticated for different users. Am wondering whether to bother with the persistance at all, I can retrieve all the data I need out of the database anyway, I just wanted to reduce the database lookups. Especially as I could be operating on 100's of records. I was using Apache::Session to generate session IDs and allow me to timeout users etc... Marty - Original Message - From: Perrin Harkins [EMAIL PROTECTED] To: Martin Moss [EMAIL PROTECTED] Cc: Cees Hek [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, February 28, 2003 2:03 PM Subject: Re: [error] Insecure dependency in unlink while running with -Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line106 On Fri, 2003-02-28 at 08:47, Martin Moss wrote: Is Apache::Session::DB_type Faster than Apache::Session::File? It depends on your disk, OS, and filesystem. It stores all the files in one directory, which is quite slow on some systems and not a problem on others. I already use a lot of DB connections and I used Apache::Session::File to reduce this, Apache::Session::MySQL (or Oracle, etc.) do not require separate database connections. If you already have a connection (which you would if you use Apache::DBI), you just pass it to Apache::Session. - Perrin
Re: [error] Insecure dependency in unlink while running with-Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pmline106
Thanks mate, Will re-examine the drawing board.. Marty - Original Message - From: Perrin Harkins [EMAIL PROTECTED] To: Martin Moss [EMAIL PROTECTED] Cc: Cees Hek [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, February 28, 2003 2:52 PM Subject: Re: [error] Insecure dependency in unlink while running with-Tswitch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pmline106 On Fri, 2003-02-28 at 09:10, Martin Moss wrote: I can't use Apache::DBI. I have multiple database connections.which are authenticated for different users. You're pretty much screwed then on the database front. I just wanted to reduce the database lookups. If you just want to cache data, don't use Apache::Session for that. Use IPC::MM, Cache::Mmap, Cache::FileCache, or MLDBM::Sync. - Perrin
[error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106
All, Can Anybody see what I'm doing wrong here? I have the following error :- [error] Insecure dependency in unlink while running with -T switch at /usr/lib/perl5/site_perl/5.6.0/Apache/Session/Store/File.pm line 106. When I run the following subroutine:- sub delete_session { my $self=shift; my $session_id=shift; if ($session_id =~ /^(\w\w*)$/) { $session_id = $1; # $data now untainted } else { die Bad Tainted data in $session_id;# log this somewhere } die $self-{lh}-maketext(No Session_id given) unless ($session_id); my $t=time; my %session; my $Directory = My::Conf::APACHE_SESSIONS_TMPDIR; my $LockDirectory = My::Conf::APACHE_SESSIONS_LOCKDIR; $Directory=XX_GR_XX$Directory.XX_GR_XX; #e.g. '/path/to/dir/' $LockDirectory=XX_GR_XX$LockDirectory.XX_GR_XX; #e.g. '/path/to/dir/' if ($Directory =~ /^XX_GR_XX(.*)XX_GR_XX$/) { $Directory = $1; # $data now untainted } else { die Bad Tainted data in $Directory;# log this somewhere } if ($LockDirectory =~ /^XX_GR_XX(.*)XX_GR_XX$/) { $LockDirectory = $1; # $data now untainted } else { die Bad Tainted data in $LockDirectory;# log this somewhere } #Load an existing session eval { tie %session, 'Apache::Session::File',$session_id, { Directory = Bficient::Conf::APACHE_SESSIONS_TMPDIR, LockDirectory = Bficient::Conf::APACHE_SESSIONS_LOCKDIR, }; }; if ($@) { die $self-{lh}-maketext(Couldn't Load Apache::Session - \[_1]\ For '\[_2]\',$@,$self-UserName); } print STDERR Just about to unlink\n; tied(%session)-delete; return 1; }
Browser doesn't stop loading a page
All, Not much to go on I know, but has anybody ever had this problem? When I load one of my webpages the browser never stops loading, e.g. the page loads ok and I can see and interact with it, but the ie spinning globe still keeps spinning and the status bar at the bottom of the page still shows the page is loading something.. The process does seem to run and exit normally in my logs. I'm at a loss as to what is causing it. This only happens on one specific page on my server. Any ideas would be appreciated. Regards Marty
Re: Browser doesn't stop loading a page
Yes I think you're right, When I click on a link that takes me to the page in question the page simply stays loading, but it Iclick into the URL Address bar and press enter to reload the page the page loads fine without continuing to spin the globe. I've tried making the changes you suggested below, but I think I'm missing something else as the problem still occurs. I've just managed to kill my dev machine with out of memory errors so I think perhaps there is something else I'm doing wrong, Marty - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 2:03 PM Subject: RE: Browser doesn't stop loading a page We had this same problem a while back. One of our developers pecked at it for a couple of weeks off and on, and in our case it turned out to be Javascript. We had some links to the pages that would spin infinitely that looked like: a href=javscript:Foo();Link/a we changed them to this: a href= onclick=javscript:Foo(); return false;Link/a and the problems went away. Just thought I'd toss that out there. It's almost definitely not a mod_perl-related problem. -Fran -Original Message- From: Chris Winters [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 8:22 AM To: Martin Moss Cc: Apache mod_perl Subject: Re: Browser doesn't stop loading a page Martin Moss wrote: Not much to go on I know, but has anybody ever had this problem? When I load one of my webpages the browser never stops loading, e.g. the page loads ok and I can see and interact with it, but the ie spinning globe still keeps spinning and the status bar at the bottom of the page still shows the page is loading something.. The process does seem to run and exit normally in my logs. I'm at a loss as to what is causing it. This only happens on one specific page on my server. Any ideas would be appreciated. IME this means you have an external resource (e.g., image, script, etc.) in the page that's not being loaded because the site is inaccessible or it's overloaded. Generally nothing to do with mod_perl :-) Chris -- Chris Winters ([EMAIL PROTECTED]) Building enterprise-capable snack solutions since 1988.
Re: Please wait Handler
Thanks for all your help guys, Will have a think about it, Marty - Original Message - From: Randal L. Schwartz [EMAIL PROTECTED] To: Perrin Harkins [EMAIL PROTECTED] Cc: Andrew Ho [EMAIL PROTECTED]; Martin Moss [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, February 16, 2003 7:43 AM Subject: Re: Please wait Handler Perrin == Perrin Harkins [EMAIL PROTECTED] writes: Perrin Andrew Ho wrote: Make an HTML page which does a form submit to pleasewait.pl. pleasewait.pl just displays an HTML page with an animated please wait image on it, and its headers include the following header: Refresh: 1; url=http://www.example.com/getresults.pl?args... Perrin That's what Randal does in the article that I posted (although his Perrin puts it in a META tag). It's called client pull, and was introduced Perrin by Netscape at the same time as server push. There's a later better example of that (self-cleaning, etc) at http://www.stonehenge.com/merlyn/LinuxMag/col39.html. I usually don't recycle ideas unless I can put a new slant on it. Check out the new slant. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 [EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/ Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Please wait Handler
All, I was wondering if it is possible to Create a Handler that points a user at a page with an animated gif saying something like "Please wait", and then when my other handlers have finisheddisplay the page results I want from my mod perl handlers. I guess in a nutshell I'm wondering if there is a way to send HTML headers to a browser which tells it to scrap the html it has already received and display the new HTML I am passing it. If this isn't possible, can somebody point me in the direction of a 'please wait' mechanism that is possible - Is there one? Kind regards Marty
Re: mysql password encryption
Cheers for all your help, I realised that I didn't need to worry about decrypting the passwords as I can use the encrypted password with GRANT. so it solved my problem. I guess I'll have to group my grants by table rather than permission though. Regards Marty - Original Message - From: Joe Palladino [EMAIL PROTECTED] To: Cees Hek [EMAIL PROTECTED]; Martin Moss [EMAIL PROTECTED] Cc: Modperl [EMAIL PROTECTED] Sent: Thursday, January 23, 2003 3:44 PM Subject: RE: mysql password encryption Are the databases under the same database engine instance? If they are its not a problem as the password is the system table users and you can grant access for that user to various databases in the system table database. To use the encrypted password field, use the password('password') function supplied by the MySQL library. It only encrypts your password string, but it will let you do a compare of the strings. Hope this helps. Joe -Original Message- From: Cees Hek [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 11:29 AM To: Martin Moss Cc: Modperl Subject: Re: mysql password encryption Quoting Martin Moss [EMAIL PROTECTED]: All, I wish to let a user use the same password for them to authenticate to a multitude of mysql Databases AND to authenticate themselves on my modperl site. the problem I have is that I store the password in the database as a Password field. However when I wish to use DBI to connect to another mysql database I cannot use the Password stored in the database as it comes out encrypted. I really don't want to store the unencrypted password anywhere on the system. Is there a way to let DBI/mysql know that the password I am giving them is ALREADY encrypted? A feature like that would defeat the purpose of encrypting the password in the first place. The point of encrypting the password is so that if someone gets their hands on the password list, they can not use the encrypted password to access the system. They would have to crack the passwords first before using them to access the system. By allowing someone to access the system with an already encrypted password, then your passwords might as well not be encrypted at all. Since you are using MySQL, have you looked at using the mysql_read_default_file option to store your password in a config file? Using a DSN like the following allows you to keep the username and password in a config file. Check the DBD::mysql perldocs for more info, and the MySQL docs for all the parameters you can put in such a file. DBI:mysql:test;mysql_read_default_file=/etc/mysql/test.my.conf and in /etc/mysql/test.my.conf [client] user = www password = thebigsecretpassword Then protect the file: chown www /etc/mysql/test.my.conf chmod 400 /etc/mysql/test.my.conf You still have the password in plain text, but it is readable only by root and the user that runs the webserver. You can use this to connect to multiple MySQL servers as long as the access tokens are the same on all servers. Cees --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
Re: mysql question
oooh handbags! Apologies to the group this is my last email on this topic. You're all assuming I posted a question about mysql at random. Please see my previous post which is to do with encryption of mysql passwords so that the password for Apache Authentication and multiple other mysql database can be one and the same. I realised I'd attacked it from the wrong angle, and some people were kind enough to help out, I did not think it therefore too big a deal to post a specific question related to the previous post, which if anybody puts both posts together will make sense. I would suggest that reading one post out of context, and then assuming I'm just randomly posting a mysql question 'out of the blue', is a little naive. Marty - Original Message - From: Perrin Harkins [EMAIL PROTECTED] To: Nick Tonkin [EMAIL PROTECTED]; Martin Moss [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 23, 2003 6:40 PM Subject: Re: mysql question Calm down folks. Anyone can make a mistake. This is a diverse list with many different levels of Internet experience represented, and one off-topic post is not a big enough problem to merit banning people. General list etiquette is discussed here: http://perl.apache.org/maillist/email-etiquette.html Please take care to choose the right place to ask this sort of question in the future. Thanks, Perrin
mysql password encryption
All, I wish to let a user use the same password for them to authenticate to a multitude of mysql Databases AND to authenticate themselves on my modperl site. the problem I have is that I store the password in the database as a Password field. However when I wish to use DBI to connect to another mysql database I cannot use the Password stored in the database as it comes out encrypted. I really don't want to store the unencrypted password anywhere on the system. Is there a way to let DBI/mysql know that the password I am giving them is ALREADY encrypted? Has anybody else solved a problem like this? Regards Marty
modperl ttssh and port forwarding
All, I have a configuration issue, and I was wondering if anybody has had the same problem? I have an adsl gateway (192.168.0.1 external IP) and a seperate webserver (192.168.0.10) on my home network. I want to allow a user on the internet access to my webserver. I have once before configured ttssh (Tera term with ssh extension) to talk to a machine on an internal LAN of another network that was already configured to allow ssh forwarding, so I know there is a way to do this, however I can't seem to get it to work, and I suspect the problem is my Apache webserver running on port 8088 is refusing the connections. I have my IE browser on the external machine set to use a proxy server of localhost:999 and my ttssh is set to forward localhost:999 to 192.168.0.10:8088 and I have succesffully logged into my router. When I try to browse a webpage in my browser I get an error in my apache webservers access.log logfile:- 192.168.0.1 - - [08/Dec/2002:19:29:28 +] GET /private/ 403 192.168.0.1 - - [08/Dec/2002:19:29:28 +] www.google.com 403 this tells me that my port forwarding has been successful, but my apache is issuing a 403 forbidden message. So How do I configure my apache to allow this connection. I have my own custom authentication mechanism, which covers /private/ but this isn't being run, apache is refusing the connection before running my access control. Can anybody provide me with any help or advice? Kind regards Marty
Re: modperl ttssh and port forwarding - SOLVED
All, sorry for the trouble, I finally worked out the problem, I didn't have libproxy.so loaded on my 192.168.0.10 machine and the directive ProxyRequests On set. Now that I do it works fine, Regards Marty - Original Message - From: Martin Moss [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 08, 2002 5:53 PM Subject: modperl ttssh and port forwarding All, I have a configuration issue, and I was wondering if anybody has had the same problem? I have an adsl gateway (192.168.0.1 external IP) and a seperate webserver (192.168.0.10) on my home network. I want to allow a user on the internet access to my webserver. I have once before configured ttssh (Tera term with ssh extension) to talk to a machine on an internal LAN of another network that was already configured to allow ssh forwarding, so I know there is a way to do this, however I can't seem to get it to work, and I suspect the problem is my Apache webserver running on port 8088 is refusing the connections. I have my IE browser on the external machine set to use a proxy server of localhost:999 and my ttssh is set to forward localhost:999 to 192.168.0.10:8088 and I have succesffully logged into my router. When I try to browse a webpage in my browser I get an error in my apache webservers access.log logfile:- 192.168.0.1 - - [08/Dec/2002:19:29:28 +] GET /private/ 403 192.168.0.1 - - [08/Dec/2002:19:29:28 +] www.google.com 403 this tells me that my port forwarding has been successful, but my apache is issuing a 403 forbidden message. So How do I configure my apache to allow this connection. I have my own custom authentication mechanism, which covers /private/ but this isn't being run, apache is refusing the connection before running my access control. Can anybody provide me with any help or advice? Kind regards Marty
identifying a unique browser session
All, How would I go about identifying if a user logs in from 2 different browsers? I Have a Session object, but I want to hold data within that session object that identifies which browser a user is using. So I can confirm that a user who provides a session key in their cookie, is checked and that that session key matches that browser. The issue is, that an ip address isn't always unique:-( Any ideas, Marty
Daft question - preventing the username password box from appearing.
All, How do I change the behaviour of get_basic_auth_passwd() I do not wish to have the prompt box appear, I want to have a dynamically produced login form which when submitted carries out the users previous command (I have an authentication system which 'times out' a user) the problem I have is that this doesn't work:- my $response=timedout($r); #returns a string of html to display $r-custom_response(AUTH_REQUIRED,$response); return AUTH_REQUIRED; The problem is this still prompts the user for his username and password, and only displays the html is the user presses cancel. How do I ditch the login box completely? Regards Marty
Re: Daft question - preventing the username password box from appearing.
thanks to everyone, Geoff's post made me re-examine AuthCookie and I realised I wasn't supposed to use the get_basic_auth_pw method at all. Thanks I understand whats going on now. Cheers Marty - Original Message - From: Lupe Christoph [EMAIL PROTECTED] To: Martin Moss [EMAIL PROTECTED] Cc: modperl [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 3:06 PM Subject: Re: Daft question - preventing the username password box from appearing. On Tuesday, 2002-10-01 at 14:16:47 +0100, Martin Moss wrote: I do not wish to have the prompt box appear, I want to have a dynamically produced login form which when submitted carries out the users previous command (I have an authentication system which 'times out' a user) You can't in mod_perl. When you use Basic Authentication, the *browser* pops up the prompt box. To change this, you have to ditch Basic Auth and implement something else. You best start by looking at the various auth packages in Apache and those in in Perl (Apache::.*Auth). Then consider doing this in Javascript or in HTML. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | Big Misunderstandings #6398: The Titanic was not supposed to be| | unsinkable. The designer had a speech impediment. He said: I have | | thith great unthinkable conthept ... |
Re: problem with $r-push_handlers()
I have traced my problem to the following subroutine which populates the Hash I use to keep track of mappings of URL's to Modules (handlers)to use. As you will see, at the very end of my parse_file subroutine I have two lines commented out. IF I uncomment these lines out, I end up overwriting the data in my hash with the clean data I supply. When I do this my Apache Multiplexer (the thing which does the $r-push_handlers($handler_bf)) works fine and all is fine. However if I leave the line commented out - as is here - I get the following error:- [Tue Sep 17 22:41:35 2002] [error] Undefined subroutine MyMod::Apache::Test1 called, GEN2 line 2. So I'm at a loss, any further help you could give would be useful, Marty Here is a sample file:- /test1/ = MyMod::Apache::Test1/test2/ = MyMod::Apache::Test2 Here is a file parsing subroutine I use to read the above file and populate a hash, which I export to another routine.:- our (%HANDLERS); sub _is_tainted{ not eval { join("",@_), kill 0; 1; };} sub parse_file{ my $file=shift; print STDERR "Parsing file $file\n"; open (FILE,"$file") or die "Cannot open file for reading $file"; while (my $line=FILE) { chomp $line; if ($line=~/^\#/) { next; } else { my ($keyname,$varname)=split/\=/,$line; print STDERR "Initial $keyname = $varname\n"; $keyname=~s/^\s*//; $varname=~s/^\s*//; $keyname=~s/\s*$//; $varname=~s/\s*$//; $keyname=~s/'//g; $varname=~s/'//g; $keyname=~s/"//g; $varname=~s/"//g; $keyname=~s/^\///; $keyname=~s/\/$//; my @tmp=split /\//, $keyname; my $untainted_keyname; while (@tmp) { my $tainted_var=shift @tmp; if ($tainted_var =~/^([\w-]+)$/) { $tainted_var=$1; die "$tainted_var is Tainted" if (_is_tainted($tainted_var)); $untainted_keyname.='/'.$tainted_var; die "$untainted_keyname is Tainted" if (_is_tainted($untainted_keyname)); } else { die "Taint Check failed for $tainted_var\n"; } } $untainted_keyname.='/'; if ($varname=~/^([-:\w]+)$/) { $varname=$1; die "$varname is Tainted" if (_is_tainted($varname)); } else { die "Taint Check failed for $varname\n"; } $HANDLERS{$untainted_keyname}=$varname; print STDERR "Added $keyname = $varname\n"; } } #$HANDLERS{'/test1/'}='MyMod::Apache::Test1'; #$HANDLERS{'/test2/'} = 'MyMod::Apache::Test2'; close (FILE);} - Original Message - From: Martin Moss To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 2:13 AM Subject: problem with $r-push_handlers() All, can anybody provide any help with this problem - and maybe explain why I get the following anomoly? I've been trying to find the cause of the issue but to no avail:-( I have MyMod::Apache::Test pre-loaded in my httpd.conf file. Here is an extract of code:- ($handler is defined from a Hash defined within this Code) ($handler_bf is defined from a hash exported by a module used in this code. to get to the stage in the code where the following lines commence, I already have read the value from the exported hash and it is held in the variable $handler_bf) #$r-push_handlers(PerlHandler = $handler);$r-push_handlers(PerlHandler = $handler_bf); print STDERR "They match\n ($handler) = ($handler_bf)\n" if ($handler eq $handler_bf); When I run the code I get the following error:- MyMod::Apache::Multiplex Matched /test/ to MyMod::Apache::Test (MyMod::Apache::Test) for /mod_perl_push_handlers: Not a subroutine name or CODE reference! at /usr/local/lib/perl//MyMod/Apache/Multiplex.pm line 101.They match(MyMod::Apache::Test) = (MyMod::Apache::Test) WHEREAS if I use the following code:- #$r-push_handlers(PerlHandler = $handler);$r-push_handlers(PerlHandler = $handler_bf); print STDERR "They match\n ($handler) = ($handler_bf)\n" if ($handler eq $handler_bf); It works and I get this output :- MyMod::Apache::Multiplex Matched /reconciler/test/ to MyMod::Apache::Test (MyMod::Apache::Test) for /They match(MyMod::Apache::Test) = (MyMod::Apache::Test) So I'm still at a loss. I've tried checking for tainted variables as the handler hash which fails is populated by reading the contents of files, whereas the other is simply defined in the script. I'm guessing this is something more subtle like a configuration problem. I've tried stopping a starting apache after making each change to the script. so each test is run on a fresh server. Anyway, Answers on a Postcard please:-) Regards Marty
Re: problem with $r-push_handlers()
You are a star!!! I ammended your syntax slightly and did this:- my $sub_string='sub { '.$handler_bf.'($r) };'; $r-push_handlers(PerlHandler = eval $sub_string); Otherwise The handler routine of my handler module doesn't get passed the Apache object as it's first argument. It seems to work fine. Thank you. One point to ask, Is this less efficient, as I'm passing an anonynmous subroutine around rather than a code reference? I can finally go to bed :-) Kind regards Marty - Original Message - From: Marcin Kasperski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 12:55 AM Subject: Re: problem with $r-push_handlers() MyMod::Apache::Multiplex Matched /test/ to MyMod::Apache::Test (MyMod::Apache::Test) for / mod_perl_push_handlers: Not a subroutine name or CODE reference! at /usr/local/lib/perl//MyMod/Apache/Multiplex.pm line 101. They match (MyMod::Apache::Test) = (MyMod::Apache::Test) I have observed similar problem myself. I got the same error when I wrote in my startup.pl Apache-push_handlers(PerlChildInitHandler, \MyApp::Main::on_child_init); when I replaced it with Apache-push_handlers(PerlChildInitHandler, sub { MyApp::Main::on_child_init(); }); it works as expected. -- ( Marcin Kasperski | You have the right to peace, fun, and ctive ) ( http://www.mk.w.pl |and enjoyable work. ) (--- -) ( Nie gub zgosze bdw: p://www.mk.w.pl/narzedzia/narzedzia_bugewid)