David Harris [EMAIL PROTECTED] on Feb 19, 2002:
The encoded information is [...] split into reasonable length hidden
fields.
Why not put everything in one field? Are there restrictions? Does it
make a difference when using POST?
Hans
On Wed, 20 Feb 2002, [iso-8859-1] Nicholas Oxhøj wrote:
I'm not sure that lynx can handle compressed response on the fly -
it uses gzip in pipe.
The best way to test it using netcat.
Well, lynx didn't decompress it, it just output the gzip compressed content to
stdout. As I didn't have
Cees Hek wrote:
On Wed, 2002-02-20 at 13:27, John Stauffacher wrote:
All,
I am a bit confused as to what httpd.conf directives need to be used in
order to get apache to execute a PerlHandler when it encounters a
certain file type. What I want to do:
Execute a handler whenever
It occurred to me that using a scheme like this, it might be possible to
help improve mod_perl's popularity... Or, at least, the popularity of
Toolkits built under mod_perl... Using Files (or the
Apache::MIMEMapper module), makes mod_perl a bit more ISP friendly, as
it's a lot easier for
Sorry again. I've just checked sources and found that if mod_deflate
received flush then it flushes both zlib and Apache.
You can try to set autoflush in perl module with $|=1;
or call $r-rflush; when you like to flush output.
I just tried using $r-rflush in my handler and it works
[EMAIL PROTECTED] wrote:
Hi,
I'm very new to modperl and I've got a question regarding the usage of tie
() and untie().
I've written a perl-script for authenticating a user's IP-address
against a DBM-database which has stored a certain valid IP-range
for each user.
I put it into a
Perrin Harkins [mailto:[EMAIL PROTECTED]] wrote:
I built and use a module that encodes a session hash into a
number of hidden fields with a security MD5 sum.
Sounds a lot like CGI::SecureState. Have you ever looked at it?
I just installed and played with CGI::SecureState (using the
Hans Juergen von Lengerke writes:
Why not put everything in one field? Are there restrictions? Does it
make a difference when using POST?
That's what we do. There doesn't appear to be a restriction with
POST.
For while, we were encoding entire forms in URLs, but the limits got
to us for
On Wed, 20 Feb 2002, [iso-8859-1] Nicholas Oxhøj wrote:
Sorry again. I've just checked sources and found that if mod_deflate
received flush then it flushes both zlib and Apache.
You can try to set autoflush in perl module with $|=1;
or call $r-rflush; when you like to flush output.
Elizabeth Barham wrote:
Hi,
I have been developing a web application using Apache and mod_perl. It
consists of a single CGI perl script and many, many modules. The
application was originally developed with perl 5.6.
I moved it onto an i386 box running perl 5.005 and now there is a
Hans Juergen von Lengerke [mailto:[EMAIL PROTECTED]] wrote:
David Harris [EMAIL PROTECTED] on Feb 19, 2002:
The encoded information is [...] split into reasonable length hidden
fields.
Why not put everything in one field? Are there restrictions? Does it
make a difference when using POST?
BeerBong wrote:
We already did this! The question is - with 2 apache config,
proxy-front-end apache logs every request, even if power apache daemon
crushed with segfault, simple-proxy daemon logs request with URI and
502 status. We know time of segfault and can find 502 request in
access
When I used CGI::SecureState it gave the client a non-versioning (more on
that later) key and stored the state information in the filesystem.
Okay, I only looked at it briefly and thought it stored the data on the
client. Your module is actually more like CGI::EncryptForm I think, but
yours
Can I find the Apache::Dynagzip handler anywhere - Google returns
nothing...
As far as I know the Apache::Dynagzip is not on CPAN yet. Currently, it's a
property of OLT. Let me know if you are doing the Open Source Project and I
will try to negotiate your needs with OLT. In case of commercial
I can see how your approach adds functionality by performing as expected if
the user uses the Back button or opens the app. in more than one browser
window. The usual objection I've heard to using form fields is the security
risk of people changing hidden fields in ways unforseen before
The usual objection I've heard to using form fields is the security
risk of people changing hidden fields in ways unforseen before submitting
the form back, or of other people finding confidential data hidden in form
fields if the user walks away and leaves their browser open, or the web
Please notice the address for responses: [EMAIL PROTECTED]
Original Message
Subject: ApacheCon news
Date: Thu, 14 Feb 2002 17:22:37 -0500
From: Ken Coar [EMAIL PROTECTED]
Organization: The Apache Software Foundation
To: [EMAIL PROTECTED]
Greetings!
Please read BOTH of the
You've addressed the issue of someone submitting a form with altered fields
to attack the server, and pointed out some more advantages, but I don't
think you've addressed the issue of protecting the hidden cleartext data
from others on the client side. I guess that's a matter of how paranoid you
I just looked at CGI::EncryptForm and David's module. The thing I like
right off the bat about C:EF is that you pass a href to encrypt() and get
back a href from decypt(). Perhaps I missed something, but FormContainer
takes a string, not a data structure. I prefer the simplicity of just
[EMAIL PROTECTED] writes:
Looking at CGI::EncryptForm that Perrin mentioned, it appears that that
module would address this concern by storing client-side in a single
encrypted string that gets put in one hidden form variable. That also
avoids having to verify more than once.
It is always
--
mod_perl digest
February 10, 2002 - February 16, 2002
--
Recent happenings in the mod_perl world...
Features
Rob Nagler wrote:
[EMAIL PROTECTED] writes:
Looking at CGI::EncryptForm that Perrin mentioned, it appears that that
module would address this concern by storing client-side in a single
encrypted string that gets put in one hidden form variable. That also
avoids having to verify more
Perrin Harkins [mailto:[EMAIL PROTECTED]] wrote:
Okay, I only looked at it briefly and thought it stored the data on the
client. Your module is actually more like CGI::EncryptForm I think, but
yours may make things a bit more transparent. Maybe you should polish it
up
for CPAN.
I looked
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] wrote:
I can see how your approach adds functionality by performing as expected
if
the user uses the Back button or opens the app. in more than one browser
window. The usual objection I've heard to using form fields is the
security
risk of people
Drew Taylor [mailto:[EMAIL PROTECTED]] wrote:
I just looked at CGI::EncryptForm and David's module. The thing I like
right off the bat about C:EF is that you pass a href to encrypt() and get
back a href from decypt(). Perhaps I missed something, but FormContainer
takes a string, not a data
I know this is a pretty generic question, but if nobody knows a quick
answer, I can get more specific in a later post. Under Apache 1.3.22 /
mod_perl 1.26, even while using $SIG{__WARN__} = \Carp::cluck, I keep
getting Use of uninitialized value. in the Apache error log, with
absolutely no line
On 13 Feb 2002, Salvador Ortiz Garcia wrote:
Ok, I found it. Right now all Location, Directory and Files are afected
by being upgraded at random to the Match versions.
Can you please test the following patch for perl_config.c:
You might be intersted to know that this patch also fixes
I know this is off topic, but I thought someone could use a break...
Given a page called xyz.html, I want to measure the amount of time a
user spent
on this screen (or page) along with other usability metrics. So I
figured I'll use
JavaScript since its running the entire time the page is up.
Is there a proper way to call a method handler using either push_handlers or
set_handlers? They both appear to call all handler refs just like normal
subs, with no class name passed in. It appears that enclosing the handler in
an anonymous sub is a workaround, but I was wondering if there was a
Tim Noll wrote:
Is there a proper way to call a method handler using either push_handlers or
set_handlers? They both appear to call all handler refs just like normal
subs, with no class name passed in. It appears that enclosing the handler in
an anonymous sub is a workaround, but I was
Tim Noll wrote:
I know this is a pretty generic question, but if nobody knows a quick
answer, I can get more specific in a later post. Under Apache 1.3.22 /
mod_perl 1.26, even while using $SIG{__WARN__} = \Carp::cluck, I keep
getting Use of uninitialized value. in the Apache error log, with
Stas Bekman wrote:
I know this is a pretty generic question, but if nobody knows a quick
answer, I can get more specific in a later post. Under Apache 1.3.22 /
mod_perl 1.26, even while using $SIG{__WARN__} = \Carp::cluck, I keep
getting Use of uninitialized value. in the Apache error
Tim Noll wrote:
I know this is a pretty generic question, but if nobody knows a quick
answer, I can get more specific in a later post. Under Apache 1.3.22 /
mod_perl 1.26, even while using $SIG{__WARN__} = \Carp::cluck, I keep
getting Use of uninitialized value. in the Apache error log, with
Tim Noll wrote:
As an alternative, I have used a PerlFixupHandler that detects a MIME
type of text/html and for only those enables Mason leaving the rest
alone. This lets autoindexing still work properly, as well as images
and other content in the same directory. The same trick can work
Tim Noll wrote:
Tim Noll wrote:
I know this is a pretty generic question, but if nobody knows a quick
answer, I can get more specific in a later post. Under Apache 1.3.22 /
mod_perl 1.26, even while using $SIG{__WARN__} = \Carp::cluck, I keep
getting Use of uninitialized value. in the Apache
I just ran into a problem with my PerlFixupHandler/PerlCleanupHandler based
session manager (discussed earlier). It seems there's no guarantee that the
cleanup handler will fire before the browser receives the response from the
content handler. There's a niche case where a redirect will get to
Milo Hyson wrote:
I just ran into a problem with my PerlFixupHandler/PerlCleanupHandler based
session manager (discussed earlier). It seems there's no guarantee that the
cleanup handler will fire before the browser receives the response from the
content handler.
um, yes there is.
___cliff rayman___ writes:
please take this as interested and not critical. i was viewing the source:
http://petshop.bivio.biz/src?s=View.items
Criticism welcome. I hope you don't mind the rant below.
and i noticed these lines:
- snip a
])-put(
cellpadding =
I'm having some trouble tuning startup.pl under FreeBSD, under linux, I
can easiler figure out how well my startup.pl works by looking at the
value RSS and SHARE in Top, but in freebsd the value SHARE is missing
and I'm unable to find any alternative index that indicate how the
startup.pl benefit
dougm 02/02/20 17:40:03
Modified:lib/ModPerl TypeMap.pm
Log:
loosen aTHX check; might be register PerlInterpreter
Revision ChangesPath
1.13 +1 -1 modperl-2.0/lib/ModPerl/TypeMap.pm
Index: TypeMap.pm
40 matches
Mail list logo