[24902] in Perl-Users-Digest
Perl-Users Digest, Issue: 7152 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Sep 17 09:11:52 2004
Date: Fri, 17 Sep 2004 06:10:20 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 17 Sep 2004 Volume: 10 Number: 7152
Today's topics:
Posting Guidelines for comp.lang.perl.misc ($Revision: tadmc@augustmail.com
Protecting passwords in Perl scripts? <ineverreadanythingsenttome@hotmail.com>
Re: Protecting passwords in Perl scripts? <nobull@mail.com>
Re: Protecting passwords in Perl scripts? <andrew@bryson.co.nz>
Re: Protecting passwords in Perl scripts? <spamtrap@dot-app.org>
Rounding error in program (Dol)
Re: Speicherkosnum <dani@wimpff.de>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Fri, 17 Sep 2004 02:22:26 -0500
From: tadmc@augustmail.com
Subject: Posting Guidelines for comp.lang.perl.misc ($Revision: 1.5 $)
Message-Id: <cfednbY-q6MvDdfcRVn-qQ@august.net>
Outline
Before posting to comp.lang.perl.misc
Must
- Check the Perl Frequently Asked Questions (FAQ)
- Check the other standard Perl docs (*.pod)
Really Really Should
- Lurk for a while before posting
- Search a Usenet archive
If You Like
- Check Other Resources
Posting to comp.lang.perl.misc
Is there a better place to ask your question?
- Question should be about Perl, not about the application area
How to participate (post) in the clpmisc community
- Carefully choose the contents of your Subject header
- Use an effective followup style
- Speak Perl rather than English, when possible
- Ask perl to help you
- Do not re-type Perl code
- Provide enough information
- Do not provide too much information
- Do not post binaries, HTML, or MIME
Social faux pas to avoid
- Asking a Frequently Asked Question
- Asking a question easily answered by a cursory doc search
- Asking for emailed answers
- Beware of saying "doesn't work"
- Sending a "stealth" Cc copy
Be extra cautious when you get upset
- Count to ten before composing a followup when you are upset
- Count to ten after composing and before posting when you are upset
-----------------------------------------------------------------
Posting Guidelines for comp.lang.perl.misc ($Revision: 1.5 $)
This newsgroup, commonly called clpmisc, is a technical newsgroup
intended to be used for discussion of Perl related issues (except job
postings), whether it be comments or questions.
As you would expect, clpmisc discussions are usually very technical in
nature and there are conventions for conduct in technical newsgroups
going somewhat beyond those in non-technical newsgroups.
The article at:
http://www.catb.org/~esr/faqs/smart-questions.html
describes how to get answers from technical people in general.
This article describes things that you should, and should not, do to
increase your chances of getting an answer to your Perl question. It is
available in POD, HTML and plain text formats at:
http://mail.augustmail.com/~tadmc/clpmisc.shtml
For more information about netiquette in general, see the "Netiquette
Guidelines" at:
http://andrew2.andrew.cmu.edu/rfc/rfc1855.html
A note to newsgroup "regulars":
Do not use these guidelines as a "license to flame" or other
meanness. It is possible that a poster is unaware of things
discussed here. Give them the benefit of the doubt, and just
help them learn how to post, rather than assume
A note about technical terms used here:
In this document, we use words like "must" and "should" as
they're used in technical conversation (such as you will
encounter in this newsgroup). When we say that you *must* do
something, we mean that if you don't do that something, then
it's unlikely that you will benefit much from this group.
We're not bossing you around; we're making the point without
lots of words.
Do *NOT* send email to the maintainer of these guidelines. It will be
discarded unread. The guidelines belong to the newsgroup so all
discussion should appear in the newsgroup. I am just the secretary that
writes down the consensus of the group.
Before posting to comp.lang.perl.misc
Must
This section describes things that you *must* do before posting to
clpmisc, in order to maximize your chances of getting meaningful replies
to your inquiry and to avoid getting flamed for being lazy and trying to
have others do your work.
The perl distribution includes documentation that is copied to your hard
drive when you install perl. Also installed is a program for looking
things up in that (and other) documentation named 'perldoc'.
You should either find out where the docs got installed on your system,
or use perldoc to find them for you. Type "perldoc perldoc" to learn how
to use perldoc itself. Type "perldoc perl" to start reading Perl's
standard documentation.
Check the Perl Frequently Asked Questions (FAQ)
Checking the FAQ before posting is required in Big 8 newsgroups in
general, there is nothing clpmisc-specific about this requirement.
You are expected to do this in nearly all newsgroups.
You can use the "-q" switch with perldoc to do a word search of the
questions in the Perl FAQs.
Check the other standard Perl docs (*.pod)
The perl distribution comes with much more documentation than is
available for most other newsgroups, so in clpmisc you should also
see if you can find an answer in the other (non-FAQ) standard docs
before posting.
It is *not* required, or even expected, that you actually *read* all of
Perl's standard docs, only that you spend a few minutes searching them
before posting.
Try doing a word-search in the standard docs for some words/phrases
taken from your problem statement or from your very carefully worded
"Subject:" header.
Really Really Should
This section describes things that you *really should* do before posting
to clpmisc.
Lurk for a while before posting
This is very important and expected in all newsgroups. Lurking means
to monitor a newsgroup for a period to become familiar with local
customs. Each newsgroup has specific customs and rituals. Knowing
these before you participate will help avoid embarrassing social
situations. Consider yourself to be a foreigner at first!
Search a Usenet archive
There are tens of thousands of Perl programmers. It is very likely
that your question has already been asked (and answered). See if you
can find where it has already been answered.
One such searchable archive is:
http://groups.google.com/advanced_group_search
If You Like
This section describes things that you *can* do before posting to
clpmisc.
Check Other Resources
You may want to check in books or on web sites to see if you can
find the answer to your question.
But you need to consider the source of such information: there are a
lot of very poor Perl books and web sites, and several good ones
too, of course.
Posting to comp.lang.perl.misc
There can be 200 messages in clpmisc in a single day. Nobody is going to
read every article. They must decide somehow which articles they are
going to read, and which they will skip.
Your post is in competition with 199 other posts. You need to "win"
before a person who can help you will even read your question.
These sections describe how you can help keep your article from being
one of the "skipped" ones.
Is there a better place to ask your question?
Question should be about Perl, not about the application area
It can be difficult to separate out where your problem really is,
but you should make a conscious effort to post to the most
applicable newsgroup. That is, after all, where you are the most
likely to find the people who know how to answer your question.
Being able to "partition" a problem is an essential skill for
effectively troubleshooting programming problems. If you don't get
that right, you end up looking for answers in the wrong places.
It should be understood that you may not know that the root of your
problem is not Perl-related (the two most frequent ones are CGI and
Operating System related), so off-topic postings will happen from
time to time. Be gracious when someone helps you find a better place
to ask your question by pointing you to a more applicable newsgroup.
How to participate (post) in the clpmisc community
Carefully choose the contents of your Subject header
You have 40 precious characters of Subject to win out and be one of
the posts that gets read. Don't waste them. Take care while
composing them, they are the key that opens the door to getting an
answer.
Spend them indicating what aspect of Perl others will find if they
should decide to read your article.
Do not spend them indicating "experience level" (guru, newbie...).
Do not spend them pleading (please read, urgent, help!...).
Do not spend them on non-Subjects (Perl question, one-word
Subject...)
For more information on choosing a Subject see "Choosing Good
Subject Lines":
http://www.cpan.org/authors/id/D/DM/DMR/subjects.post
Part of the beauty of newsgroup dynamics, is that you can contribute
to the community with your very first post! If your choice of
Subject leads a fellow Perler to find the thread you are starting,
then even asking a question helps us all.
Use an effective followup style
When composing a followup, quote only enough text to establish the
context for the comments that you will add. Always indicate who
wrote the quoted material. Never quote an entire article. Never
quote a .signature (unless that is what you are commenting on).
Intersperse your comments *following* each section of quoted text to
which they relate. Unappreciated followup styles are referred to as
"top-posting", "Jeopardy" (because the answer comes before the
question), or "TOFU" (Text Over, Fullquote Under).
Reversing the chronology of the dialog makes it much harder to
understand (some folks won't even read it if written in that style).
For more information on quoting style, see:
http://web.presby.edu/~nnqadmin/nnq/nquote.html
Speak Perl rather than English, when possible
Perl is much more precise than natural language. Saying it in Perl
instead will avoid misunderstanding your question or problem.
Do not say: I have variable with "foo\tbar" in it.
Instead say: I have $var = "foo\tbar", or I have $var = 'foo\tbar',
or I have $var = <DATA> (and show the data line).
Ask perl to help you
You can ask perl itself to help you find common programming mistakes
by doing two things: enable warnings (perldoc warnings) and enable
"strict"ures (perldoc strict).
You should not bother the hundreds/thousands of readers of the
newsgroup without first seeing if a machine can help you find your
problem. It is demeaning to be asked to do the work of a machine. It
will annoy the readers of your article.
You can look up any of the messages that perl might issue to find
out what the message means and how to resolve the potential mistake
(perldoc perldiag). If you would like perl to look them up for you,
you can put "use diagnostics;" near the top of your program.
Do not re-type Perl code
Use copy/paste or your editor's "import" function rather than
attempting to type in your code. If you make a typo you will get
followups about your typos instead of about the question you are
trying to get answered.
Provide enough information
If you do the things in this item, you will have an Extremely Good
chance of getting people to try and help you with your problem!
These features are a really big bonus toward your question winning
out over all of the other posts that you are competing with.
First make a short (less than 20-30 lines) and *complete* program
that illustrates the problem you are having. People should be able
to run your program by copy/pasting the code from your article. (You
will find that doing this step very often reveals your problem
directly. Leading to an answer much more quickly and reliably than
posting to Usenet.)
Describe *precisely* the input to your program. Also provide example
input data for your program. If you need to show file input, use the
__DATA__ token (perldata.pod) to provide the file contents inside of
your Perl program.
Show the output (including the verbatim text of any messages) of
your program.
Describe how you want the output to be different from what you are
getting.
If you have no idea at all of how to code up your situation, be sure
to at least describe the 2 things that you *do* know: input and
desired output.
Do not provide too much information
Do not just post your entire program for debugging. Most especially
do not post someone *else's* entire program.
Do not post binaries, HTML, or MIME
clpmisc is a text only newsgroup. If you have images or binaries
that explain your question, put them in a publically accessible
place (like a Web server) and provide a pointer to that location. If
you include code, cut and paste it directly in the message body.
Don't attach anything to the message. Don't post vcards or HTML.
Many people (and even some Usenet servers) will automatically filter
out such messages. Many people will not be able to easily read your
post. Plain text is something everyone can read.
Social faux pas to avoid
The first two below are symptoms of lots of FAQ asking here in clpmisc.
It happens so often that folks will assume that it is happening yet
again. If you have looked but not found, or found but didn't understand
the docs, say so in your article.
Asking a Frequently Asked Question
It should be understood that you may have missed the applicable FAQ
when you checked, which is not a big deal. But if the Frequently
Asked Question is worded similar to your question, folks will assume
that you did not look at all. Don't become indignant at pointers to
the FAQ, particularly if it solves your problem.
Asking a question easily answered by a cursory doc search
If folks think you have not even tried the obvious step of reading
the docs applicable to your problem, they are likely to become
annoyed.
If you are flamed for not checking when you *did* check, then just
shrug it off (and take the answer that you got).
Asking for emailed answers
Emailed answers benefit one person. Posted answers benefit the
entire community. If folks can take the time to answer your
question, then you can take the time to go get the answer in the
same place where you asked the question.
It is OK to ask for a *copy* of the answer to be emailed, but many
will ignore such requests anyway. If you munge your address, you
should never expect (or ask) to get email in response to a Usenet
post.
Ask the question here, get the answer here (maybe).
Beware of saying "doesn't work"
This is a "red flag" phrase. If you find yourself writing that,
pause and see if you can't describe what is not working without
saying "doesn't work". That is, describe how it is not what you
want.
Sending a "stealth" Cc copy
A "stealth Cc" is when you both email and post a reply without
indicating *in the body* that you are doing so.
Be extra cautious when you get upset
Count to ten before composing a followup when you are upset
This is recommended in all Usenet newsgroups. Here in clpmisc, most
flaming sub-threads are not about any feature of Perl at all! They
are most often for what was seen as a breach of netiquette. If you
have lurked for a bit, then you will know what is expected and won't
make such posts in the first place.
But if you get upset, wait a while before writing your followup. I
recommend waiting at least 30 minutes.
Count to ten after composing and before posting when you are upset
After you have written your followup, wait *another* 30 minutes
before committing yourself by posting it. You cannot take it back
once it has been said.
AUTHOR
Tad McClellan <tadmc@augustmail.com> and many others on the
comp.lang.perl.misc newsgroup.
------------------------------
Date: Fri, 17 Sep 2004 00:14:00 -0700
From: "David Filmer" <ineverreadanythingsenttome@hotmail.com>
Subject: Protecting passwords in Perl scripts?
Message-Id: <PIKdnaQq16knE9fcRVn-sg@comcast.com>
I have (for example) a Perl script that connects to a database (or FTP site,
etc). The database (or ftp) password is either hard-coded (in clear text) in
the script or contained in an external configuration file (which must be
readable by the effective uid of the script).
Someone who was able to browse the code could easily determine the password.
That's a Bad Thing.
I could trivially obfuscate it (rot13, etc) but that would only thwart the
truly ignorant. The password could be symmetrically encrypted, but the
script somehow needs to determine the encryption key (and the idly curious
could determine this as well by reading the code).
How can I shield the database (ftp, etc) password from prying eyes?
------------------------------
Date: Fri, 17 Sep 2004 09:05:02 +0100
From: Brian McCauley <nobull@mail.com>
Subject: Re: Protecting passwords in Perl scripts?
Message-Id: <cie5jc$2hf$1@sun3.bham.ac.uk>
David Filmer wrote:
> I have (for example) a Perl script that connects to a database (or FTP site,
> etc). The database (or ftp) password is either hard-coded (in clear text) in
> the script or contained in an external configuration file (which must be
> readable by the effective uid of the script).
>
> Someone who was able to browse the code could easily determine the password.
> That's a Bad Thing.
>
> I could trivially obfuscate it (rot13, etc) but that would only thwart the
> truly ignorant. The password could be symmetrically encrypted, but the
> script somehow needs to determine the encryption key (and the idly curious
> could determine this as well by reading the code).
>
> How can I shield the database (ftp, etc) password from prying eyes?
You cannot. You are looking for a perpetual motion machine. It is
impossible to write a program fragment that generates prescribed secret
output (e.g. a password) but which a programmer given the program and
the environment in which it is run cannot find out what secret is.
This has nothing to do with Perl.
------------------------------
Date: Fri, 17 Sep 2004 21:11:31 +1200
From: "Andrew Bryson" <andrew@bryson.co.nz>
Subject: Re: Protecting passwords in Perl scripts?
Message-Id: <nTx2d.3945$mZ2.357510@news02.tsnz.net>
"David Filmer" <ineverreadanythingsenttome@hotmail.com> wrote in message
news:PIKdnaQq16knE9fcRVn-sg@comcast.com...
>I have (for example) a Perl script that connects to a database (or FTP
>site, etc). The database (or ftp) password is either hard-coded (in clear
>text) in the script or contained in an external configuration file (which
>must be readable by the effective uid of the script).
>
> Someone who was able to browse the code could easily determine the
> password. That's a Bad Thing.
>
> I could trivially obfuscate it (rot13, etc) but that would only thwart the
> truly ignorant. The password could be symmetrically encrypted, but the
> script somehow needs to determine the encryption key (and the idly curious
> could determine this as well by reading the code).
>
> How can I shield the database (ftp, etc) password from prying eyes?
I do not believe that you can although that said I know little about
encryption and I suppose it might be possible to construct a non-reversible
operation that was still useful.
However you can take steps to minimise the risk. For one thing, do not store
the file containing the password in a directory that is accessible from
anywhere other than the local machine. That way at least someone has to be
able to log in to your machine before they can read it, and if they can
manage to log in there is a good chance that they can break in to your
database as well :-). Also, make sure that the file containing the password
is only readable by the user running the perl script. I am sure that there
are other things you can do too. Undoubtedly someone will mention them.
Andrew Bryson
http://www.bryson.co.nz
------------------------------
Date: Fri, 17 Sep 2004 07:49:24 -0400
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: Protecting passwords in Perl scripts?
Message-Id: <Bf-dnSLC2YjZUtfcRVn-pA@adelphia.com>
Andrew Bryson wrote:
> However you can take steps to minimise the risk. For one thing, do not store
> the file containing the password in a directory that is accessible from
> anywhere other than the local machine. That way at least someone has to be
> able to log in to your machine before they can read it, and if they can
> manage to log in there is a good chance that they can break in to your
> database as well :-). Also, make sure that the file containing the password
> is only readable by the user running the perl script. I am sure that there
> are other things you can do too. Undoubtedly someone will mention them.
Okay, here's more:
Have the script log in with a database user that has *only* the
privileges that the script needs to do its job, and nothing more. For
example, if the script simply generates a report, give it read access,
but not write or admin access.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: 17 Sep 2004 05:56:05 -0700
From: dolgoldur@yahoo.com (Dol)
Subject: Rounding error in program
Message-Id: <5c3f5c91.0409170456.55fc1e22@posting.google.com>
Hi all,
When I execute the following program, $d is set to 18 instead of 19 as
I would expect. Any ideas why this happens?
Thanks,
Dol
#!/yourpathtoperl/perl
$a = 50;
$b = 0.37;
$c = $a*$b
$d = sprintf("%.0f",$c);
print "$c\t$d\n";
------------------------------
Date: Fri, 17 Sep 2004 15:13:40 +0200
From: Daniel Wimpff <dani@wimpff.de>
Subject: Re: Speicherkosnum
Message-Id: <414AE304.50504@wimpff.de>
Peter Kramer wrote:
> I have some memory leaks in this program. When I fork with W2k and open a db
> connection, make some db actions, and exit the child, almost 2 mb of ram are
> gone.
> If I open it in the parent process everything is going normal, but all
> db-handles are not forked, so the child can not use the db.
If it is the db-connections causing the problem (and not another error,
which I didn't check), you could use following workaround:
Do not exit childs each time and do not close the db-connection.
Instead, bind the childs to a socket where they listen for incoming
sql-statements.
Then call those (waiting) db-childs from another set of childs that know
the sql-statement to fire up.
(Exit the db-childs after you resued them for $i times to prevent hangups.)
You'll need a scoreboard mechanism to manage the db-childs in
main-function that does the fork and you'll get a kind of multi process
daemon.
Daniel Wimpff
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 7152
***************************************
