#x27;su -' to nobody (or whomever your server is running as)
and run the command that way? Have you tried to run the script from the command-line
and see what that yields?
On a side note, you may want to ensure that you are using Taint for all of your CGI
scripts when they interact with the O
fic information to authenticate a person
is not only impossible to do successfully, it is silly to try. Using cookies is
only a little bit less unsuccessful.
Also, please be sure to note the gotcha in the mod_perl guide that gives you
warning that all brow
d to add to it, we would have
to start and stop the server.
I figured a more elegant method would be to have the webserver redirect if
an .htaccess is present. The only way I can figure on doing this effectively
would be a mod_perl module. So, I'm goin
ser to
> authenticate on the same virtual host, else the user will be prompted
> multiple times or you will have a security gap if you're leaving it all up
> to the service layer.
>
> Regards,
> Christian
>
> > -Original Message-
> > From: J. J. Horner
. Perhaps
after this, redirect to http, if desired.
Any comments or suggestions?
Thanks,
JJ
--
J. J. Horner
"H*","6d6174686c696e40326a6e6574776f726b732e636f6d"
***
"H*","6a6a686f726e65724062656c6c736f7574682e6e
w, or as an authz handler, which I think would give me more
flexibility.
Also, how do I get something renamed or reclassified, if I decide
that I should move it from the Authen phase to the Authz phase?
Thanks,
JJ
--
J. J. Horner
"H*","6d6174686c696e40326a6e65
mments? How about a name for this, should it be necessary to right it?
Thanks,
JJ
--
J. J. Horner
"H*","6d6174686c696e40326a6e6574776f726b732e636f6d"
***
"H*","6a6a686f726e65724062656c6c736f7574682e6e6574"
do perl
on my laptop. If I were to code C (not very often), it would be on a 6.2 box.
I haven't looked into the egcs issue with RedHat 7.0, but I know RedHat issued an
"apology".
JJ
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
* Todd Finney ([EMAIL PROTECTED]) [010112 13:00]:
> At 12:07 PM 1/12/01, Blue Lang wrote:
> >On Fri, 12 Jan 2001, J. J. Horner wrote:
> > > I'm also toying with the idea of allowing each script
> > to have a DEBUG=1
> > > option enabled in a handler so that
* Blue Lang ([EMAIL PROTECTED]) [010112 12:08]:
> On Fri, 12 Jan 2001, J. J. Horner wrote:
>
> > I'm also toying with the idea of allowing each script to have a DEBUG=1
> > option enabled in a handler so that as long as it is the script owner,
> > verified by u
owner,
verified by uid, trying to set the DEBUG=1 parameter in a URL, the full
debug information is sent to a browser
Any hints, tips, or concerns?
Thanks,
JJ
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
LL*
> .../mod_perl/SUPPORT
> http://perl.apache.org/guide
> and of course the Eagle Book - this is my (old) copy, there's a later
> edition which I recommend you get instead.
>
There is a second edition already? This book hasn't been out 2 years yet.
You guys are qui
you don't wear the ring?", she asked.
"Honey," I replied," I'll just open my wallet. They'll see the moths making a winter
home
and know immediately that I'm married."
That didn't help matters much. Imagine that.
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
so we need more work"
sequel): http://perl.apache.org/guide/debug.html#Code_Debug
If none of this helps, try Stallone, he makes more sequels.
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
On Wed, Dec 13, 2000 at 11:08:44AM -0700, Nathan Torkington wrote:
> J. J. Horner writes:
> > What is the story on these tutorials? Is it something you can
> > distribute, or did most of it come off of the top your head?
>
> Tutorials seems like a deadend for effo
,
Jon
--
J. J. Horner
[EMAIL PROTECTED]
Apache, Perl, mod_perl, Web security, Linux
PGP signature
> helping with this project, please email me privately. If I get enough
> people willing to contribute (at least 5), I'll set up the sourceforge
> project to start the ball rolling Oh yeah, did I say I didn't mind donating
> my admin time as well to this experiment. :)
Count me
ortant and appealing
to me.
I'd pay to take an online course (read this, and do exercises, and then get feedback,
and
then get a neat little certificate from merlyn).
I just now feel somewhat comfortable putting mod_perl in my signature.
On Thu, Dec 07, 2000 at 07:56:09AM -0700, Nathan Torkington wrote:
> J. J. Horner writes:
> > I'd be interested in something like this.
>
> Certification is a quagmire. If it's done well, it takes a lot of
> work by the certification authority, and that makes it exp
fy a
group of dedicated, knowledgeable salesmen, programmers, hackers, etc.
If I'm way off base, please let me know. I'm spending considerable brain power
on this idea and if I'm wasting it, I need to know. I don't have much spare brain
power and I could use it to try to figure ou
id.
How many times are you forced to write something without reference of any kind?
Just my $0.02.
If I forgot to add kudos to any one individual, I apologize. I don't mean to
leave anyone out.
JJ
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who c
Apache::WipeMyAss auto-configures as of 0.3.
>
> Where can *I* get that upgrade? =o)
>
I think you will need to install Apache::KissMyRedEye to make that module work.
JJ
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who count the vote decide
Honestly, though, I didn't believe the strength of mod_perl
rested on the Mason type modules. I thought the strength of
mod_perl was having a perl/Apache API. Having an easy way to
interact with Apache using everyone's favorite language was
what sold me on Apache.
Ideas?
JJ
are barely good
enough for a college writing course, but I'll do research and
provide technical information.
JJ
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin
"The tree of liberty must
id.
If we can get an elite force of mod_perl hackers on the scene to spread the gospel,
we would see a big boon to mod_perl press and support.
Just my unlearned $0.02.
JJ
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who count the vote decide everythi
les a specific subroutine using
$hash{$value}->()
It doesn't seem to work.
Any ideas?
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin
"The tree of liberty must be watered pe
mplete
mod_perl handler, I will probably see an enormous increase.
Thanks for listening.
Jon
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin
"The tree of liberty must be watered periodica
On Wed, 21 Jun 2000, Geoffrey Young wrote:
>
> > On Wed, 21 Jun 2000, Blue wrote:
> >
> > > On Wed, 21 Jun 2000, J. J. Horner wrote:
> > >
>
> you might want to check out Apache::TicketAccess and the example of ticket
> based access in the e
On Wed, 21 Jun 2000, Blue wrote:
> On Wed, 21 Jun 2000, J. J. Horner wrote:
>
> > For that reason, my handler can't rely on browsers to behave during the
> > Authentication phase. I am going to have to find a way to force a user to
> > input his password into t
phase. I am going to have to find a way to force a user to
input his password into the browser not using standard HTTP response
codes.
What is a reliable way to return a CGI script, and doing something with
that response, before returning the page requested by the user?
JJ
--
J. J. Horner
A
on again, this makes it really difficult to deal
with different browsers during the Authentication phase.
Any ideas or comments?
--
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/
Apache::TimeOut has become Apache::AuthExpire.
Please critique at
http://www.2jnetworks.com/~jhorner/Apache-AuthExpire-0.30.tar.gz
I appreciate your help.
Any comments are welcome, including name issues, etc.
Thanks
JJ
--
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http
I wrote a module, now available in very beta form, to provide timeouts to
.htaccess protected directories. Please download from:
http://www.2jnetworks.com/~jhorner/TimeOut-0.21.tar.gz
and give me feedback. I hope to submit this to CPAN soon, if warranted.
Thanks,
JJ
--
J. J. Horner
Apache
do handlers belong on CPAN?
Thanks,
JJ
--
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/
; example, or guide, on how to write
> and install a module using mod_perl? I use perl a lot, but I could find
> "easy" documentation on how to write modules (I don't want to read a _huge_
> man page for this simple task)
>
What is wrong with using the skeleton in Chapter
I would guess that you could do a DNS lookup on your webserver IPs and get
all the CNAMEs associated with it. But this is just a thought.
JJ
--
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/
it Sunday, and I'm already half way through. I may have
to go through again to cement the concepts, but the text is informative,
the concepts are enlightening, and the code examples are as relevant as
I've seen in any book on programming.
I give this book 4 1/2 'J's out of 5.
apr->param($_) for @params;
> $r->pnotes('args', %args);
> return OK;
> }
>
In my situation, we sometimes have developers who try to send uids and
passwords across using a get. This puts uids and passwords in the
logfile. Is there a way to rewrite the GET to a PO
or maybe send it via
email to either [EMAIL PROTECTED] or [EMAIL PROTECTED]?
J. J. Horner
39 matches
Mail list logo