On Sun, 10 Oct 1999, Spidaman The Defenestrator wrote:
[...snip...]
But I digress. Go ahead, use cookies and mangle them into auth headers
but make sure they aren't persistent cookies. And don't use this level of
security for banking or commerce; those get mangled URL paths. In a self
On Mon, 11 Oct 1999, Ofer Inbar wrote:
Eugene Sotirescu [EMAIL PROTECTED] wrote:
[...snipped...]
When a browser session comes in without appropriate authentication
cookies, they get a login screen. When they post username and
password, check that against the locally stored user table, and
The advantage of using sendmail is
[1] a centralised MTA config.
[2] Graceful handling of problems and requeueing of messages if the SMTP
server specified by Net::SMTP would normally be down. eg automatic
resilience based on MX record rerouting can be nice.
Although in a mod_perl situation, I
It is extraordinarily easy to make persistnt perl engines core dump
especailly if youare using 3rd party binary compiled modules that have
their own subtle bugs. And extraordinarily annoying to troubleshoot.
Either that or I have been very "lucky". ;)
However, with that said, it's generally not
On Sat, 4 Dec 1999, Stas Bekman wrote:
Now unfortunately a lot of people don't share our views on money. They
want to maximize the monetary value of their mod_perl knowledge, which
is all well and good as far as I care. The problem for these folks is
that the more widespread basic
On Fri, 3 Dec 1999, Jason Bodnar wrote:
On 03-Dec-99 Gunther Birznieks wrote:
I think mod_perl is sufficiently hard that even as more people learn how
to do the simple stuff, mod_perl will still be 'difficult' enough. I don't
think it is like Java or Perl where the stratification
Before taking the drastic step of grabbing a hold of the IPC::ShareLite
namespace (I prefer this to a branch split), how long have you been trying
to contact him?
Where I live, I know a few people that took off big time during the
Millenium holiday. I don't think it is unusual that someone might
John M Vinopal wrote:
On Sat, Jan 15, 2000 at 06:18:32PM -0600, Ken Williams wrote:
[EMAIL PROTECTED] (John M Vinopal) wrote:
On Sat, Jan 15, 2000 at 06:23:57AM -0800, Bill Moseley wrote:
in httpd.conf:
PerlTaintCheck On
my $page = CGI::param('goto');
unless ( open(
It may be worth mentioning that a recent expose' on bad CGI scripts by Rain Forest
Puppy in Prack issue #55 revealed that some system calls take backslashes and use
them to escape dots, so its useful to get into the habit of also checking for
optionally backslashed periods in a row instead of
The problem with requests such as these is ... well... why isn't this stuff
going into the main mod_perl guide? It seems to me that if www.modperl.com is
focused around the book, then let it be. But I personally hate going through
different sites to find the info I want.
Another question is why
You aren't necessarily the only point of view. At some points (especially
with mod_perl), Apache tracks become interesting to attend. However, more
often my particular job entails me being a programming whore, and so I am
equally interested in Java, Perl, and Microsoft COM/DCOM/ASP technologies
Jeff, I think you are right about this when the conferences not only vary
east coast/west coast, but vary locations on the east and west coast.
However, the conferences that I've attended that have gone through one cycle
of this are usually pretty good. eg SANS always seem to alternate East/West
[EMAIL PROTECTED] wrote:
Gunthar,
Previous to reading your post I thought I was the least qualified to
comment on the conference . . .
:) I do think everyone is qualified on this list to say what they would like
out of a conference that involves mod_perl.
Personally, a tightly focused
Soulhuntre wrote:
Hiya :)
-Original Message-
From: Leslie Mikesell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 05, 2000 1:34 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: mod_perl weaknesses? help me build a case
Your problem here is going to
Soulhuntre wrote:
Hiya :)
-Original Message-
From: Gunther Birznieks [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 06, 2000 6:56 AM
Cc: [EMAIL PROTECTED]
Subject: Re: Win32/Linux cross dev... closing in :) Last comments?
Writing Apache::Registry and then moving
Yeah...
http://perl.apache.org/guide/strategy.html#One_Plain_Apache_and_One_mod_per
Soulhuntre wrote:
Hiya :)
OK... mod_perl embeds an instance of Perl inside the Apache system, and with
Apache::ASP allows us to mix perl/html. Good :)
The problem is that these processes are 'heavy'.
Is
Vivek,
Is it possible that a special auth handler could be written that stores the number
of bad authorizations for a userid and the last time of the hit in a DBM file for
quick lookup? Then, configure an environment or server variable if the auth screwed
up more than 3 times within the last
It may be a "stupid" benchmark. But no one seems to have commented on the CPU
rates. Why was PerlEx 100% and PerlScript 45% on the same machine, same
ActiveState Perl (presumable), same CPU config. And yet took the same amount of
time to complete.
I find that interesting. I suspect that it is a
for the
requirements).
On Fri, 7 Apr 2000, Mark Imbriaco wrote:
On Thu, 6 Apr 2000, Gunther Birznieks wrote:
Vivek,
Is it possible that a special auth handler could be written that stores the number
of bad authorizations for a userid and the last time of the hit in a DBM file for
quick
"Jeffrey W. Baker" wrote:
On Tue, 4 Apr 2000, BT wrote:
I've generally created a cgi script per page. Is that a mistake?
(I embed the perl in my html so I can edit pages with an html editor)
I need a better technique for invoking traversals to other pages.
Right now all I can do is
Also, some legitimate people turn off cookies. In addition, weird browsers
(especially PDAs with limited memory) tend not to implement cookies. So those
are considerations for locking out users that may be legitimate.
However, I would rather think that the cookies would be an advisory security
Yeah, this was officially announced at iserver 3-4 weeks ago. It's been in beta
testing for months.
I would say that the only weird thing about it is that they only give you one
server config so a lot of the lightweight front-end, heavyweight-perl back-end
stuff in the guide is a bit useless for
On the main topic at hand: I am under the impression vcpan and other
iserver tools like it are proprietary and it is how they manage their
virtual UNIX boxes so that you can have almost root-like access to your
virtual web server machine without being a true separate physical box
that you have
While I understand that it might be an "advantage" to allow the customer's
their own mix of modules, it can also be a bit of a support headache as
different customers will be loading different DSOs presumably even in
different orders. There may be subtle bugs with module interaction that
m not all that
concerned about it. It actually falls outside of the area of my
responsibilities at our site..., I'm thinking for the other people in
the community mostly.
Thanks!
Shane
- Perrin
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - T
Later,
Gunther
__________
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
/stason.org/TULARC/
http://singlesheaven.com| http://perlmonth.com http://sourcegarden.org
------
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
middleware servers in Perl. But that is my only architectural bias.
Later,
Gunther
At 11:51 PM 4/16/00 -0500, Leslie Mikesell wrote:
According to Gunther Birznieks:
If you want the ultimate in clean models, you may want to consider coding
in Java Servlets. It tends to be longer to write
I am not going to answer your question directly because I don't know the
answer.
However, consider that not many people use jpl. Therefore, it is likely
that it has more bugs than other parts of Perl. Also consider that the
software you use may end up disliking the process model and rely on
While I agree that a true garbage collector would be cool. I wonder what
the utility would really be when you would primarily want it in mod_perl
type stuff. Yet, mod_perl is also great because of speed. One of the nice
things about Perl right now is that it is fast and that is partially due
you would have 1 process that
would be 25MB or so that would have all your registry in it.
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
of these persistent
server memory issues more clear (perhaps even for a growing Java server).
http://forum.swarthmore.edu/epigone/modperl/zarwhegerd
Later,
Gunther
At 11:19 AM 4/19/00 +, [EMAIL PROTECTED] wrote:
On Tue, Apr 18, 2000 at 01:24:16PM +0800, Gunther Birznieks wrote:
If you aren't
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
have never bothered compiling Perl on Win32 as I only use it
to play with (not serious production for the obvious limitations of
mod_perl on Win32). So I have not seen the reference to this readme you are
referring to.
__
Gunther Birznieks ([EMAIL
the session as well !!)
with kind regard
Manfred Dehnkamp
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
no problem.
Next person who gets access to the browser and tries to access any inner
page will not be able to, because the cookie with the session-id does not
exist.
Am I right ??? Please help.
Thanks,
Murali
-Original Message-
From: Gunther Birznieks [EMAIL PROTECTED
At 01:44 PM 4/20/00 -0500, Matt Carothers wrote:
On Thu, 20 Apr 2000, DeWitt Clinton wrote:
5) The secure token is associated on the server side (preferably on
another tier, such as a database) with the user identification token.
Additionally, to support secure session timeouts, the
results to
previous messages.
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
ame
as constructive exception checking that programmers would do when looking
for particular error conditions.
Later,
Gunther
__________
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
at compile time and will
interpret this at runtime. This runtime fatal error will be caught by
CGI::Carp (provided you fix the 5.005 thing).
Hope this helps your situation.
Later,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
the URLs for those that do not
wish to use them.
Later,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
At 02:51 PM 4/23/00 +0200, Gerald Richter wrote:
So, does that still leave mod_perl serializing access until
everything is rewritten to be thread-safe?
No, mod_perl 2.0 assign a "full" Perl interpreter to every Apache thread. So
the Perl modules itself need not to be thread safe. Perl
Why do you need to settle on one or the other?
Anyway, the only reason you need Domino IMHO is because you have linked in
with other Lotus notes applications. However, if this is a public site not
an intranet, I would strongly urge them not to use this short cut for
putting apps out there.
At 09:59 AM 4/23/00 -0700, Jeffrey W. Baker wrote:
On Sun, 23 Apr 2000, Gerald Richter wrote:
So, does that still leave mod_perl serializing access until
everything is rewritten to be thread-safe?
No, mod_perl 2.0 assign a "full" Perl interpreter to every Apache
thread. So
ers
would cause syntax errors fairly readily.
Later,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
with the charset stuff when the static pages
are displayed?
Later,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
At 03:52 PM 5/2/00 -0400, Tim Gardner wrote:
I am guessing that the "headless" version is what I do this when I am
doing a shockwave piece which calls cgi scripts. I create an html version
which provides a browser interface, albeit more boring, to the same basic
code so that I can more
be too late because there may be a load of code that is
dependent on this "Performance improvment". So it may be a moot point anyway.
Later,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
I would think that apache.org would provide a free open source search
engine as an infrastructural resource? Can't we take advantage of that? Or
is perl.apache.org not actually part of apache.org infrastructure?
It seems to me that a lot more apache.org sites would benefit rather than
of the HTML generation cruft like
CGI.pm.
The "HTML Generation cruft" is optional "cruft" and doesn't have to be
compiled in.
__________
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
s, is it global to
the current request or the entire "modperl" environment?
Thanks,
Pierre
__________
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
.
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
nting about languages, sorry to bring you
along for the trip :-).
Thanks,
Shane.
(Let me make a quick note: I had two good professors. Dr. Kirby, and
one other fellow I can't remember the name now..., hey! it's been a
while! :)
__
Gunther Birznieks ([
essions, but I could
be wrong.
Later,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
You should be able to wrap the session creation inside an eval so that if
the session has expired, your code doesn't break, it silently creates a new
session behind the scenes.
That's if you have this requirement.
Later,
Gunther
At 04:50 PM 5/9/00 -0500, Jay Jacobs wrote:
On Tue, 9 May
At 01:21 PM 5/10/00 -0500, Jay Jacobs wrote:
I embedded notes into this with a short book at the end...
On Wed, 10 May 2000, Gunther Birznieks wrote:
There is a strong reason for cookies only. Intranets and other controlled
environments.
snip
I'm trying to satisfy as many clents
At 10:13 AM 5/12/00 -0300, FEITO Nazareno wrote:
Correct me if I mistake, but i want to know what´s better...
Cause with CGI is a little more difficult make forms and with handlers
isn´t, i supposse i can use CGI and handlers at the same time.
I´ve read that CGI object oriented programming just
ck
searches and the like on the Web (PDAs typically do not implement cookie
capabilities)
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
.
Why not compromise and call it form_data. :)
will you keep parms() around for folks who already have functions built
around it? maybe making a clean break with 2.0?
sure, i'll make an alias for it.
__
Gunther Birznieks ([EMAIL PROTECTED
At 11:18 AM 5/17/00 +0300, Stas Bekman wrote:
On Wed, 17 May 2000, Gunther Birznieks wrote:
I am curious as to why you don't care for 20 different apaches? If you use
a mod_proxy front-end, it should be relatively easy to manage 20 different
apache's on the backend, especially if you use
If you are considering writing subclasses that do similar things to CGI.pm,
you might consider looking at CGI.pm 3.0 as the various features (eg HTML
generation) are more broken out... And then the two would run more parallel
to each other.
At 03:30 PM 5/17/00 +0100, Peter Haworth wrote:
Drew
At 11:32 AM 5/17/00 -0400, Drew Taylor wrote:
Vivek Khera wrote:
Have you looked at CGI::Form that already exists? It would be a good
basis. Currently, it is based on CGI::Request but should be able to
use Apache::Request one would expect.
Actually, I have briefly looked at this module
At 11:25 AM 5/17/00 -0400, you wrote:
Autarch wrote:
On Wed, 17 May 2000, Peter Haworth wrote:
Drew Taylor and I are about to write a subclass of Apache::Request which
includes form element generation methods, a la CGI.pm. The current
favourite
name is Apache::Request::Forms, but
m/ExtropiaObjects/
Hope this helps,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
that in
advance.
Good Luck,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
that OO method calls
have a lot of overhead, but I think in later versions of Perl, OO method
call paths are cached(?) and so method calls no longer have the same
overhead as they used to.
Later,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED
mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC
http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
__________
Gunther Birznieks ([EMAIL
There is a strong reason for cookies only. Intranets and other controlled
environments.
You generally do not have to worry about the lack of cookies, and if a user
does have them turned off in the organization, then you can mandate them to
turn them on as corporate policy if they want to use
in our area, some with stock
options, please email your resume to me:
[EMAIL PROTECTED]
The Porn Group!? What type of list do you think this is? Just
kidding...sorry for the bad joke.
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web
_/\_,_/ /_/\_\ XX11-RIPE --+
The choice of a GNU generation |
|
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
a syntax that supports cleaner programming than ASP/VBScript)
Later,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
one... So I
guess I 4th the Damien Conway book as well.
Later,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
. I know others
like to store everything in their sessions. :)
Later,
Gunther
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
is very nice also (good, readable programming):
* Refactoring
Martin Fowler, Editor
Regards,
--
Adriano
__
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
erl Cruise in Alaska so I don't expect to hear
from him in the next 2 weeks...
Nice!
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
I think the answer is yes if you are talking about a straight object data
structure. But no if you are talking about persistence of things like
socket or database connections that might be open resources that are
represented by your user object.
Apache::Session uses storable to serialize the
Using tied hashes, you could conceivably make your own ordered hash class
and use that as the data structure you return. You'd still basically have
two data structures (for performance) but the fact that it is two data
structures would be hidden behind the tied hash which would be programmed
ing things that have been lovingly protected by the developer
is a highly creative task in the computer world and not to be taken for
granted.
Later,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Co
Yes you get the benefit of shared modules. PerlRun only differs from
registry in the sense that it clears out the namespace of the main script.
As for leaking memory like a sieve? That is not unexpected with PerlRun
scripts because they are typically not coded cleanly. Hell, even our 6 year
17 013 292 |
| realestate.com.au [EMAIL PROTECTED] |
`-'
______
Gunther Birznieks ([EMAIL PROTECTED])
Extropia - The Web Technology Company
http://www.extropia.com/
:
Gunther Birznieks [EMAIL PROTECTED] wrote:
2. Would you write a chat engine in Perl? I wouldn't! (Well, actually
I did
5 years ago but I am certainly not proud of that code).
Hmm..., yes I would. At this point, long before I would write it in
Java. You
know why? Not because
At 01:49 PM 6/21/00 -0500, Jeff Gleixner wrote:
Ed Phillips wrote:
It is interesting and and somewhat ironic that the Engineering
dep at eToys [...]
Paul Singh wrote:
Enough already! Please stop posting non-mod_perl related drivel to this
list! It is neither ironic nor interesting and
They usually pay by the word rather than the line though. So it makes sense
to say things several times but using different mechanisms. You know, kind
of like going over an idea again but with a slightly different twist.
Sometimes you can liken this to using different wording to discuss the
02
704 370 0550
http://www.vialogix.com/
______
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
mind would ever type in a full
cgi-bin URL on one of those silly WAP phones. I have one and I got carpal
tunnel typing www.extropia.com/cgi-bin/DemoStuff/WebCalendar...bla bla bla
Later,
Gunther
__________
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia
There is a remote possibility (I would have to test this at work) that your
command-line testing will never show a taint problem.
Because you are typing all the Perl commands in STDIN, and because STDIN,
is by its very definition tainted, you get a security paradox and Perl may
be turning off
__
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
it:
$session-visa_number(501);
$session-visa_number;
same function, but it maps to a combination of FETCH and STORE depending
on the arguments.
-Nate
__
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http
twired.com/webmonkey/
"squeeze the world 'til it's small enough to join us heel to toe"
- jesus jones
__________
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
In addition, you can read the CGI.pm documentation on the use of
Perl/CGI.pm with FastCGI and you'll be good to go with that get next
request technique.
At 08:14 AM 7/7/00 +0100, David Hodgkinson wrote:
Dana Powers [EMAIL PROTECTED] writes:
FastCGI with perl may or may not be that fast. I
At 08:05 PM 7/15/00 -0700, Ask Bjoern Hansen wrote:
On Sat, 15 Jul 2000, Greg Cope wrote:
[...]
Being serious - If there is any big news can someone post a summary - so
that those of us not going do not feel completely left out ?
I'll bring my camera -
{ENV:SSL_CIPHER}"
/VirtualHost
Did I miss another way to do this? Is this patch useful?
BTW,
the Guide on server architecture:
http://perl.apache.org/guide/strategy.html
Ask Bjoern Hansen's module proxy_add_forward
http://www.cpan.org/authors/id/ABH/mod_proxy_add_forward.c
-Tim
?
Thanks,
Jonathan
__
Do You Yahoo!?
Get Yahoo! Mail Free email you can access from anywhere!
http://mail.yahoo.com/
__________
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
o convince you that it's
also worth it to go to a conference.
Later,
Gunther
______
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
?
I just want to run a configuration by someone who
knows more about this than I do and see if I am doing
it right.
Thanks again,
Jeff Jones
__
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
At 06:59 PM 7/21/00 +, you wrote:
Gunther Birznieks wrote:
snippage
Thoughts from anyone ?
Yeah, you're being pretty cheap. :)
Well, I'm sort of kidding here. But the reality is that a conference offers
a lot -- not just knowledge (then just attend a tutorial locally at Sun
availability.
http://sergeant.org | AxKit: http://axkit.org
__
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
should try that
would do at least the above?
Thanks,
Bill Moseley
mailto:[EMAIL PROTECTED]
__
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
I am afraid that while I agree, a check system is really quite useful to
me. Some things do need more quantification, but that can be done later.
eg lightweight vs heavyweight is subjective. But it can be broken up into
saying something like how much code needs to be loaded at start time (an
At 05:10 PM 8/3/00 -0700, Perrin Harkins wrote:
On Thu, 3 Aug 2000, Drew Taylor wrote:
Having recently discovered the joy of CVS, I look forward to it. Awfully
nice to able to roll back to a previous version - although (knock on
wood!) I haven't had to use it yet.
I can help if you get
1 - 100 of 368 matches
Mail list logo