To insert a new comment on this old item:
What about sockets? I am in the middle of trying to use $c =
$r-connection and $c-remote_addr as part of the cookie name. (So far
I am having trouble with the fact that remote_addr returns packed info,
and I am still searching for how to unpack it - if
From: Jon Robison [EMAIL PROTECTED]
What about sockets? I am in the middle of trying to use $c =
$r-connection and $c-remote_addr as part of the cookie name. (So far
I am having trouble with the fact that remote_addr returns packed info,
and I am still searching for how to unpack it - if
: Jon Robison [EMAIL PROTECTED]
Date: Mon, 10 Dec 2001 18:06:00 -0500
Cc: [EMAIL PROTECTED]
Subject: Re: Doing Authorization using mod_perl from a programmersperspective
To insert a new comment on this old item:
What about sockets? I am in the middle of trying to use $c =
$r-connection
Jon Robison wrote:
Someone please tell me if I am wrong - does the USER_AGENT field get
some kind of special serial number from the browser, or is it just a
version identified?
Best example - large company with 1000 PC's, all with same Netscape
installed. How then does the
fliptop == fliptop [EMAIL PROTECTED] writes:
fliptop i have found that using the HTTP_USER_AGENT environment
fliptop variable instead of ip address solves the problem with proxy
fliptop servers and the md5 hash. anyone ever tried this as a simple
fliptop workaround?
Nobody with any sense.
Randall, you want to expound upon that?
--Jon Robison
Randal L. Schwartz wrote:
fliptop == fliptop [EMAIL PROTECTED] writes:
fliptop i have found that using the HTTP_USER_AGENT environment
fliptop variable instead of ip address solves the problem with proxy
fliptop servers and the md5
How about using an Apache::Sessions id instead of IP address?
--Jon Robison
Randal L. Schwartz wrote:
fliptop == fliptop [EMAIL PROTECTED] writes:
fliptop i have found that using the HTTP_USER_AGENT environment
fliptop variable instead of ip address solves the problem with proxy
Jon == Jon Robison [EMAIL PROTECTED] writes:
Jon Randall, you want to expound upon that?
Barely ignoring the spelling of my name, I'll simply claim
it's not unique.
Neither is IP address. Or anything that you haven't specifically
round-tripped to the browser. And that doesn't stop
On Mon, Nov 19, 2001 at 07:51:55AM -0800, Randal L. Schwartz wrote:
But this is obvious. I'm confused about why I'd have to explain it. :(
I posted this a year or two back:
[EMAIL PROTECTED]">http://mathforum.org/epigone/modperl/jytwortwor/[EMAIL PROTECTED]
Here is the relevant part of
* Randal L. Schwartz ([EMAIL PROTECTED]) [09 11:00]:
Jon == Jon Robison [EMAIL PROTECTED] writes:
Jon Randall, you want to expound upon that?
Barely ignoring the spelling of my name, I'll simply claim
it's not unique.
Neither is IP address. Or anything that you haven't
Joe Breeden wrote:
How does this work in an environment with two (or more) computers with the
exact same configuration, and probably the same HTTP_USER_AGENT behind the
same proxy? How do you know that one user isn't using another users session?
you don't. the session hijacker still would
fliptop wrote:
Joe Breeden wrote:
How does this work in an environment with two (or more) computers with the
exact same configuration, and probably the same HTTP_USER_AGENT behind the
same proxy? How do you know that one user isn't using another users session?
you don't. the session
my point
was that this solves the problem of using the ip address in
the md5 hash
when the client is behind a proxy server.
This does not solve the problem: IP address of users behind
Proxy is not
unique. The User Agent is not unique either. Using User Agent solves
nothing, and
the cool thing about the MD5 hashing scheme is that any
would-be hacker
needs to know the fields you are hashing in order to have a chance at
creating a like hash. so, if you use stuff transmitted in
the clear (like
username, sessionid, some bogus piece of info not used, and
MD5
fliptop wrote:
Jon Robison wrote:
The most relevant section for you is the Ticket system he describes. (I
believe the section header says something about Cookies, but you'll know
you have the right one when you see TicketAccess.pm, TicketTools.pm, and
TicketMaster.pm. One nice
PROTECTED]]
Sent: Friday, November 16, 2001 10:40 AM
To: [EMAIL PROTECTED]
Cc: Jonathan E. Paton; [EMAIL PROTECTED]
Subject: Re: Doing Authorization using mod_perl from a programmers
perspective
fliptop wrote:
Jon Robison wrote:
The most relevant section for you is the Ticket system
]
Subject: Re: Doing Authorization using mod_perl from a programmers
perspective
fliptop wrote:
Jon Robison wrote:
The most relevant section for you is the Ticket system he
describes. (I
believe the section header says something about Cookies,
but you'll know
you have
Nov 2001 12:13:48 -0500
To: Joe Breeden [EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: Doing Authorization using mod_perl from a programmers perspective
Mozilla/4.0 (compatible; MSIE 5.0; Windows
95)::ELNSB50::81100320025802f901780505000b
This indicates to me that some
-Original Message-
From: Jon Robison [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 10:40 AM
To: [EMAIL PROTECTED]
Cc: Jonathan E. Paton; [EMAIL PROTECTED]
Subject: Re: Doing Authorization using mod_perl from a programmers
perspective
fliptop wrote
Texo
-Original Message-
From: Jon Robison [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 16, 2001 10:40 AM
To: [EMAIL PROTECTED]
Cc: Jonathan E. Paton; [EMAIL PROTECTED]
Subject: Re: Doing Authorization using mod_perl from a programmers
perspective
fliptop wrote
Jonathon,
I am doing exactly this also. What works is this:
Get a copy of Writing Apache modules with perl and C and read it.
The most relevant section for you is the Ticket system he describes. (I
believe the section header says something about Cookies, but you'll know
you have the right one
Jon Robison wrote:
The most relevant section for you is the Ticket system he describes. (I
believe the section header says something about Cookies, but you'll know
you have the right one when you see TicketAccess.pm, TicketTools.pm, and
TicketMaster.pm. One nice addition is the ability to
---
If it compiles - Ship It!
Aranea Texo
-Original Message-
From: fliptop [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 4:50 PM
To: Jon Robison
Cc: Jonathan E. Paton; [EMAIL PROTECTED]
Subject: Re: Doing Authorization using mod_perl from a programmers
perspective
Jon Robison
I am trying to create a website with predominantly dynamic
content (mod_perl + DBI + mySQL) for an online community.
I can manage Perl and mySQL fairly proficently, however
I've no idea how to successfully create what I want using
mod_perl and Apache (actually, I know next to nothing about
Hi there,
On Wed, 14 Nov 2001, [iso-8859-1] Jonathan E. Paton wrote:
I am trying to create a website [snip]
NB - Whilst my preferred answer to these questions is a
coded solution, [snip]
We like people to think for themselves on this list. :)
I'm sure I've missed a few questions...
Read
1. Can this be done (nicely) as a
authentication/authorization handlier?
Sure, or you could do it as part of another phase if it's easier for you.
There are good exmples on CPAN or in the Eagle book.
2. Do most hosting companies allow
authentication/authorization handlers? (Using
Hi,
Perrin Harkins wrote:
2. Do most hosting companies allow
authentication/authorization handlers? (Using
HostRocket at the moment).
Most hosting companies don't allow mod_perl.
I had fears about that one, since I thought Perl might not
mean mod_perl - as I know mod_perl is
Seemingly I can do Apache handlers though, so I *might* be
okay.
If you look at http://perl.apache.org/guide/, there's information on how to
determine if you're really running mod_perl or not. If you can get a
PerlHandler directive to work, you have mod_perl.
I rather ambigously asked the
Jonathan E. Paton [EMAIL PROTECTED] writes:
Please don't flame me, I'll go away... honest :P
I wonder if you're trying to do too much too soon?
If you're concerned about hosting then *gulp* PHP might server you
better. I rent a dedicated server because I want absolute control and
the ability
JS == John Saylor [EMAIL PROTECTED] writes:
JS consists of handlers and aliases. And the authentication handler isn't
JS working with location directives.
JS location /foo*
JS AuthNamefoo control
JS AuthTypeBasic
JS PerlAuthenHandlerApache::OK
I don't think location takes a
On Wed, May 16, 2001 at 12:07:28PM -0400, Vivek Khera wrote:
I don't think location takes a glob pattern.
A nit: it can. Directory, Location and File can all take
shell-like globs using ?, *, and []/[!...]/[^...] operators, looks like.
No equivalent to {a,b,c} alternation, AFAICS.
- Barrie
On Wed, May 16, 2001 at 01:39:45PM -0400, barries wrote:
On Wed, May 16, 2001 at 12:07:28PM -0400, Vivek Khera wrote:
I don't think location takes a glob pattern.
A nit: it can. Directory, Location and File can all take
shell-like globs using ?, *, and []/[!...]/[^...] operators, looks
Hi
Perhaps this is obvious, or said somewhere that I haven't looked; but
I'm having trouble figuring it out.
What I want is for a certain directory tree to be behind an
authorization handler; however, the content behind this directory tree
consists of handlers and aliases. And the
On Wed, May 09, 2001 at 10:10:19AM -0500, John Saylor wrote:
Perhaps this is obvious, or said somewhere that I haven't looked; but
I'm having trouble figuring it out.
it feels like everything is obvious to everyone but me doesn't
it? :)
What I want is for a certain directory tree to be
I had intended this to CC: to the list... sigh
location /foo*
AuthNamefoo control
AuthTypeBasic
PerlAuthenHandlerApache::OK
PerlAuthzHanlderWW_authz
PerlSetVarMaskGeek
requireusermaskgeeky
/location
I have a similar setup, and my
35 matches
Mail list logo