how to secure perl modules?
i have a collection of perl modules (running under the mod_perl umbrella) and would like to distribute the application to several different sources (clients with open internet web servers). but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. what options do i have (if any) to secure the code so that it can't be 'easily' stolen? 'easily' being the operative word here, as i realize it wont be 100% safe no matter what i do. the ideal would be to perhaps encrypt some of the code, maybe a few of the base configuration modules, maybe even the startup.pl file, others? any suggestions would be appreciated, thanks
RE: how to secure perl modules?
why the scarcasm? -Original Message- From: John Saylor [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 2:34 PM To: [EMAIL PROTECTED] Cc: modperl Subject: Re: how to secure perl modules? hi ( 03.05.29 14:25 -0700 ) Kirk Rogers: but i dont want to send it out without at least making it somewhat difficult for some hacker to just simply steal it and load it somewhere else without my consent. why not? have you ever read the GNU manifesto? http://www.gnu.org/gnu/manifesto.html and how do you know it won't be a script kiddie, or middle manager, or someone just like you [but a little less experienced] that 'steals' it? any suggestions would be appreciated license it under GPL and count it as a donation to the good of the species. or, if you're more self-directed, a step toward release from the endless cycle of death and rebirth. -- \js
Unsubscribe me please
Please unsubscribe me from this group.
Apache::Registry question
How do i configure the httpd.conf file to maintain two different cgi-bin directories with Apache::Registry? Not sure if I'm asking the question correctly so here's a quick explanation. I have two cgi-bin directories under one Virtual host: VirtualHost 1.2.3.4 Alias /this/cgi-bin/ /usr/local/apache/this/script/ Alias /that/cgi-bin/ /usr/local/apache/that/script/ Location ~ /this/cgi-bin/|/that/cgi-bin SetHandler perl-script PerlHandler Apache::Registry PerlSendHeader On Options +ExecCGI /Location /VirtualHost This is getting corrupted when a file from this/cgi-bin runs followed by that/cgi-bin Any clues how to maintain their own space? Kirk
checking a site for ssl cert?
hello, kind of a long shot but does anyone know if its possible to check a site for ssl certificate information from a mod perl handler or perl script? thanks k
RE: checking a site for ssl cert?
What about a standalone CGI script? Is there some module or package I need acquire or is it also exported into %ENV? Thanks, K -Original Message- From: Issac Goldstand [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 7:16 AM To: [EMAIL PROTECTED] Cc: modperl Subject: Re: checking a site for ssl cert? Kirk Rogers wrote: hello, kind of a long shot but does anyone know if its possible to check a site for ssl certificate information from a mod perl handler or perl script? thanks k it's all exported into %ENV if you do: SSLOptions + StdEnvVars Issac
SSL Installation Questions - Help
Hi all, So I went ahead and tried to install apache-ssl and am following the instructions to the T. I've acquired: mod_perl-1.26.tar.gz openssl-0.9.6c.tar.gz apache_1.3.22.tar.gz apache_1.3.22+ssl_1.47.tar.gz I received no errors when installing openssl-0.9.6c. The first problem comes up when I run ./FixPatch : /home/me/downloads/apache_1.3.22/ ./FixPatch Your version of patch is OK. Searching for a usable OpenSSL installation or source directory Looks like you are using OpenSSL, adjusting app name OpenSSL sources were found in: /home/me/downloads/openssl-0.9.6c OpenSSL needs updating to include a function to read a specified number of bytes from EGD - if you haven't applied the patch already and are using OpenSSL 0.9.5a, then it needs applying Do you want me to apply the OpenSSL EGD patch for you? [n] n OK, I won't apply the OpenSSL patch. OpenSSL installation found in: /usr/local/ssl /usr Using the source version of OpenSSL found in /home/me/downloads/openssl-0.9.6c If this is not what you want stop now and specify the path to OpenSSL explicitly. Do you want me to apply the fixed-up Apache-SSL patch for you? [n] y patching file Makefile.tmpl patching file configure patching file src/Configuration patching file src/Configuration.tmpl patching file src/Configure patching file src/Makefile.tmpl patching file src/ap/Makefile.tmpl patching file src/include/ap_config.h patching file src/include/ap_mmn.h patching file src/include/buff.h patching file src/include/http_config.h patching file src/include/http_main.h patching file src/include/httpd.h patching file src/main/Makefile.tmpl patching file src/main/buff.c patching file src/main/http_config.c patching file src/main/http_log.c patching file src/main/http_main.c patching file src/main/util_script.c patching file src/modules/standard/Makefile.tmpl patching file src/modules/standard/mod_log_config.c patching file src/modules/standard/mod_so.c patching file src/os/unix/Makefile.tmpl patching file src/support/ab.c patching file src/support/apachectl patching file src/support/suexec.c me Sat Mar 9 10:11:07am /home/me/downloads/apache_1.3.22/ Im assuming it was OK to skip the patch for openssl since my version is later than what was suggested. I then move forward to make and install mod_perl and apache as directed: perl Makefile.PL USE_APACI=1 EVERYTHING=1 DO_HTTPD=1 SSL_BASE=/usr/local/ssl APACHE_SRC=../apache_1.3.22/src APACHE_PREFIX=/usr/local/apachessl All on one line of course...and everything looks fine. Then: make make install (the test has never passed on my system, and I've installed the non ssl version which is currently up and running - for months - without issue) Then cd ../apache_... and: make certificate But my system responds with: make: *** No rule to make target `certificate'. Stop. Hmmm. What has gone wrong? Also, when I check the httpsd.conf file, I see no reference to SSL directives anywhere. Are the SSL directives supposed to be in the httpds.conf file or am I required to cut and paste them in from the examples? Thanks, Kirk eCap
Simple configuration question
Hello, I've installed an Apache/mod_perl distribution some months ago and used the standard installation guidelines. However, now I'd like to add SSL capabilities and dont want to clobber my existing system How can I add SSL to my existing distribution without overwriting any of my current configuration and files? If there's documentation on this particular request, please forgive as I haven't found it yet. Thanks for the help, Kirk
RE: Simple configuration question
Following the example to the T in http://perl.apache.org/guide/install.html#mod_perl_and_apache_ssl_openss, if I add APACHE_PREFIX=/usr/local/apache_ssl it shouldn't even touch anything I have in my original installation at /usr/local/apache. Is this correct? Then I can slowly migrate my configuration file over to the new installation directories? Thanks, Kirk -Original Message- From: Ged Haywood [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 12:57 PM To: Kirk Rogers Cc: modperl Subject: Re: Simple configuration question Hi there, On Fri, 8 Mar 2002, Kirk Rogers wrote: now I'd like to add SSL capabilities and dont want to clobber my existing system How can I add SSL to my existing distribution without overwriting any of my current configuration and files? Go ahead and rebuild with the latest sources in a new directory. None of your existing files will be touched until you do '#make install' and your existing configuration files in .../apache/conf won't be overwritten at all. Of course you have backups anyway, don't you? 73, Ged.
