[16359] in Perl-Users-Digest
Perl-Users Digest, Issue: 3771 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Jul 21 18:10:40 2000
Date: Fri, 21 Jul 2000 15:10:27 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <964217427-v9-i3771@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Fri, 21 Jul 2000 Volume: 9 Number: 3771
Today's topics:
Re: Is this a known Perl 5 bug? <jcook@strobedata.com>
Looking for domain hosting service with perl/php/mysql <tstel@yahoo.com>
Re: Matts Script Archive - A critique <smerr612@mailandnews.com>
MySQL sample code? <raphaelp@nr1webresource.com>
Re: MySQL sample code? <jbc@west.net>
Re: Need Help on Perl CGI... <honglan00NOhoSPAM@yahoo.com.invalid>
Re: Need Help on Perl CGI... schnurmann@my-deja.com
Re: newbie question re regular expressions <care227@attglobal.net>
Re: Password Generator (John Porter)
Re: password unix with crypt <dbohl@sgi.com>
Re: Perl newbie requests help with CGI/Perl <tschacherl@soliddata.com>
Perl program dies through CGI, not from console jcs@superblock.net
Re: Perl program dies through CGI, not from console <tschacherl@soliddata.com>
Re: perl-5.6.0: Bug with "not" operator? (M.J.T. Guy)
Re: Pipe / IPC problem (Clinton A. Pierce)
Re: Pipe / IPC problem <waudsj@clarkson.edu>
Qs on Perl memory usage on Linux and Win32 systems (Pjtg0707)
Re: read system response in CGI <honglan00NOhoSPAM@yahoo.com.invalid>
Re: Reading 3D form into 3D Array <bart.lateur@skynet.be>
Re: READING hashes eats memory!? <kenneth.c.barr.nospam@intel.com>
Re: redirection fails <care227@attglobal.net>
Re: Script behaving differently from command line and b <stumo@bigfoot.com>
Re: Script behaving differently from command line and b <honglan00NOhoSPAM@yahoo.com.invalid>
secure auth trick <rbank@csf.edu>
Re: secure auth trick <care227@attglobal.net>
Security of CGI General Question <snakeman@kc.rr.com>
Re: Security of CGI General Question <care227@attglobal.net>
Re: Security of CGI General Question <digitalj@uswest.net.not>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Fri, 21 Jul 2000 11:26:54 -0700
From: Jim Cook <jcook@strobedata.com>
To: Mark Lewis <nospam.nicedoctor@hotmail.com>
Subject: Re: Is this a known Perl 5 bug?
Message-Id: <397895EE.1286E154@strobedata.com>
> The Perl versions (from $]) is 5.00404.
>
> This really seems to be a bug. I've been trying to access the Perl Bug
perl -v
This is perl, v5.6.0 built for MSWin32-x86-thread
Stinker
Boo = 0
Foo = 1
Index = 1
Stinker
Boo = 0
Foo = 1
Index = 1
Match = (
Stinker
Boo = 0
Foo = 2
Index = 2
Match = (
--
jcook@strobedata.com Live Honourably 4/1 - 4/3 + 4/5 - 4/7 + . . .
2000 Tuesdays: Feb/last 4/4 6/6 8/8/ 10/10 12/12 9/5 5/9 7/11 11/7 3/14
Strobe Data Inc. home page http://www.strobedata.com
My home page O- http://jcook.net
------------------------------
Date: Fri, 21 Jul 2000 12:19:54 -0700
From: Tom Stelzriede <tstel@yahoo.com>
Subject: Looking for domain hosting service with perl/php/mysql
Message-Id: <4h8hns84ars78v7f207dp2ebfmiu9q5ckt@4ax.com>
Can anyone recomment to me a domain hosting service that offers
perl/php/mysql and has reasonable pricing and good server response
time.
Thanks,
Tom
------------------------------
Date: Fri, 21 Jul 2000 18:56:43 GMT
From: Steven Merritt <smerr612@mailandnews.com>
Subject: Re: Matts Script Archive - A critique
Message-Id: <8la6d2$q59$1@nnrp1.deja.com>
In article <8l9iue$pmg$1@news3.icx.net>,
"Jay Flaherty" <fty@mediapulse.com> wrote:
>
> What ever happened to the "CRAP" project/idea?
I'm afraid it ended up in the toilet.
Steven
--
King of Casual Play
The One and Only Defender of Cards That Blow
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 21 Jul 2000 21:01:13 +0200
From: "Raphael Pirker" <raphaelp@nr1webresource.com>
Subject: MySQL sample code?
Message-Id: <8la8ot$kmc$15$1@news.t-online.com>
Hi,
Ok, finally my host allows mySQL connection with Perl using DBI module.
Could someone please provide some sample code which connects to a Database
and performs a simple search, selects that row and stores the results. Or
are there documentation/tutorials available on the net?
Thanks a lot in advance,
Raphael
------------------------------
Date: Fri, 21 Jul 2000 14:33:03 -0700
From: John Callender <jbc@west.net>
Subject: Re: MySQL sample code?
Message-Id: <3978C18F.8CE4BB96@west.net>
Raphael Pirker wrote:
>
> Ok, finally my host allows mySQL connection with Perl using DBI module.
> Could someone please provide some sample code which connects to a Database
> and performs a simple search, selects that row and stores the results. Or
> are there documentation/tutorials available on the net?
Some of the more helpful resources I've used to get up to speed
on this are the really-quite-excellent DBI docs, which are
available via 'perldoc DBI', or ate:
http://search.cpan.org/doc/TIMB/DBI-1.13/DBI.pm
and the MySQL documentation, at:
http://www.mysql.com/documentation/
There are lots of other more-friendly intros and tutorials
floating around, a few of them are at:
http://wdvl.com/Authoring/DB/Intro/toc.html
http://dc.pm.org/perl_db.html
http://hotwired.lycos.com/webmonkey/backend/tutorials/tutorial1.html
http://www.devshed.com/Server_Side/MySQL/Intro/
Knock yourself out!
John
------------------------------
Date: Fri, 21 Jul 2000 11:12:27 -0700
From: jerry <honglan00NOhoSPAM@yahoo.com.invalid>
Subject: Re: Need Help on Perl CGI...
Message-Id: <027b9dca.8640e0d3@usw-ex0104-087.remarq.com>
Did you change the file permission? If you can run it like
home$ myscript.pl from the linux prompt, then it may be the file
permission which causes the problem.
-----------------------------------------------------------
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Date: Fri, 21 Jul 2000 19:29:14 GMT
From: schnurmann@my-deja.com
Subject: Re: Need Help on Perl CGI...
Message-Id: <8la89i$rm8$1@nnrp1.deja.com>
Frist line to print needs to be:
print "Content-Type: text/html\n\n";
place this before your print "<html>.....";
see if that works.
In article <2V5pMXz8$GA.216@news1.sys.netsgo.com>,
"Dave Kim" <Davidhoonkim@hotmail.com> wrote:
> Thanks for your help!
> The script is very simple. I created it to test if it works or not.
>
> #!/usr/bin/local/perl
> print "<html><head><title>Yes</title></head>\n";
> print "<body>\n";
> print "<h1>This is working!...</h1>\n</body></html>\n";
>
> BTW, what do you mean by "sort out the url"? I am a
> novice at Perl CGI.
>
> God bless you!
> Dave Kim
>
> Neil Lathwood <laf@gameonline.co.uk> wrote in message
> news:964198246.26630.0.nnrp-02.c246f12b@news.demon.co.uk...
> > I think you need to sort out your url first and alos supply the
code for
> us
> > to have a look at.
> >
> > Neil
> >
> > "Dave Kim" <Davidhoonkim@hotmail.com> wrote in message
> > news:9NEc6Dz8$GA.216@news1.sys.netsgo.com...
> > > I need some help, please.
> > >
> > > I am trying to create a web link to a Perl-CGI script, instead
> > > of using form method. I followed everything I should do.
> > > I tested the program on the server(Linux), and it works fine
there.
> > > But when I try to call it from a webpage link, it only gives me a
> internal
> > > server error. It is a very simple script and has no error in it.
> > >
> > > <A HREF="http://www.myweb.com/cgi-bin/myscript.pl?num=4">4.</A>
> > >
> > > TIA,
> > > Dave Kim
> > >
> > >
> > >
> >
> >
>
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Fri, 21 Jul 2000 14:05:07 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: newbie question re regular expressions
Message-Id: <397890D3.28322678@attglobal.net>
pooh23@my-deja.com wrote:
>
> hello,
> I am having the hardest time understanding regular expressions. Could
> someone point me to a really good url. I have tried reading some
> material on the web, but they lack in a good explanation of the
> expressions. I'm trying to understand some code I'm reading:
`Mastering Regular Expressions' is _the_ book to have on this subject.
>
> tr/+/ /;
> -replace plus with blank
the tr operator doesn't use regular expressions.
>
> s/%(..)/pack('c', hex($1))/eg;
s/%(..)/pack('c', hex($1))/eg; is a bit tricky. Notice the /e on
the end there. That tells the regex engine to evaluate the replacment
portion. So what we have is:
s/ - substitute
%(..) - a percent followed by any chars, which are captured as well.
/ - delimiter
pack('c', hex($1)) - look at this bit by bit:
pack() - calls the pack function, perldoc -f pack
'c' indicates the template, in this case a signed char value.
hex($1) calls the hex() function on the value that was captured
via the parens in the match portion, returns the
corresponding value.
/eg evaluate the replacment portion, globally.
So, we are searching for encoded crap, capturing everything after
the % symbol, and replacing it with the output of 'pack('c', hex($1))'
> $value = s/<i>/<b>/ig;
Did you type this in by hand? = is an assignment operator.
=~ is the binding match operator to use in a replace like this.
< and > are HTMLish ways of printing the < and > chars.
By the way, try using CGI.pm to get form data, its alot cleaner and
more reliable.
HTH
------------------------------
Date: Fri, 21 Jul 2000 18:52:25 GMT
From: jdporter@min.net (John Porter)
Subject: Re: Password Generator
Message-Id: <slrn8nh6va.pvi.jdporter@min.net>
In <Pine.GSO.4.02A.9906031214530.22017-100000@user2.teleport.com>,
Tom Phoenix wrote:
>
> On Thu, 3 Jun 1999 jatgal@my-deja.com wrote:
>
> > Does any one know, any good perl password generators, that will
> > generate easy to remember but secure passwords. Please let me know if
> > you know any scripts/modules/programs for it or the best way to do it.
>
> I wonder whether anyone cares to implement FIPS 181 as an XSUB.
>
> http://www.p-and-e.com/pubs_FIPS.htm
> http://csrc.nist.gov/fips/fips181.txt
No, but I implemented it in pure perl.
Try
ftp://ftp.cpan.org/CPAN/authors/id/J/JD/JDPORTER/Crypt-RandPasswd-0.02.tar.gz
(Note, I just uploaded it to PAUSE, so it might not yet have
made it to the CPAN server you try.)
--
John Porter
Aus tiefem Traum bin ich erwacht.
------------------------------
Date: Fri, 21 Jul 2000 16:28:51 -0500
From: Dale Bohl <dbohl@sgi.com>
Subject: Re: password unix with crypt
Message-Id: <3978C093.E579A4C3@sgi.com>
melet@my-deja.com wrote:
>
> hello,
>
> How retrieve the unix password with the function crypt.
> I know thaat you lust find the encrypted password in shadow
> or /password and apply crypt with the password not encrypted.
>
> But, i am not ok!
>
> thanks , fred�
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Try this.
#!/usr/bin/perl -w
use strict;
my $pwd = (getpwuid($<))[1];
my $salt = substr($pwd, 0, 2);
system "stty -echo";
print "\nEnter Your Password: ";
chop(my $word = <STDIN>);
print "\n";
system "stty echo";
if (crypt($word, $salt) ne $pwd) {
die "Sorry...That is NOT your Password.\n";
} else {
print "That IS your correct Password.\n";
}
--
Thanks,
Dale
Dale Bohl
SGI Information Services
dbohl@sgi.com
(715)-726-8406
http://wwwcf.americas.sgi.com/~dbohl/
perl -e 'print "Just Another Perl Hacker.\n";'
------------------------------
Date: Fri, 21 Jul 2000 14:17:38 -0700
From: "Todd Schacherl" <tschacherl@soliddata.com>
Subject: Re: Perl newbie requests help with CGI/Perl
Message-Id: <8laeph$i98$1@paxfeed.eni.net>
Sounds like you don't have your server configured to execute the cgi. If
this is apache, you need to have the "Options ExecCGI" declared in your
script block.
Todd
"Murlimanohar Ravi" <eng80956@nus.edu.sg> wrote in message
news:22E71DAEC504D111B78100805FFE9DC73BDFF9E6@pfs21.ex.nus.edu.sg...
>
> Sorry my computer froze before I could complete my post. Here it is
> again.
>
> Hi,
> I am new to Perl programming tho I am somewhat familiar with some other
> languages. I have been trying to run a very basic CGI script without
> success. It goes sthg like this:
>
> #! /usr/contrib/bin/perl
>
> print "Content-type: text/html\n\n";
>
> print <<'FINISHED';
> <HTML>
> <HEAD>
> <TITLE>
> Does this work?
> </TITLE>
> </HEAD>
> <BODY>
> Hello
> </BODY>
> </HTML>
>
> FINISHED
>
> The HTML file calling this is:
>
> <HTML>
> <HEAD>
> <TITLE>
> Test page for Perl
> </TITLE>
> </HEAD>
> <BODY>
> <FORM METHOD = "GET" ACTION = "test.pl">
> <INPUT TYPE = "SUBMIT">
> </FORM>
> </BODY>
> </HTML>
>
> For some reason, when I click the Submit button, the browser only
> displays the source of the Perl file not the desired HTML output. How
> should I resolve this?
> I have tried running this on an HP UNIX workstation with Netscape and
> also on Win98 with IE. Neither computer is configured as a server so
> could that be a problem?
> Any help will be greatly appreciated. Thanks.
> Murli.
>
>
------------------------------
Date: Fri, 21 Jul 2000 19:55:53 GMT
From: jcs@superblock.net
Subject: Perl program dies through CGI, not from console
Message-Id: <dV1e5.6131$DH3.139705@news-east.usenetserver.com>
I have a Perl program that essentially opens a TCP socket, talks to a
daemon, and prints HTML back with the result of the conversation.
If I run the program on the console with the environment setup to match
the environment that Apache gives it (running as 'nobody', REMOTE_USER
set as an environment variable), it runs just fine and returns the HTML
to the console. If I run the program from a web browser, the web
browser returns an error that no data was received from the server.
There is nothing in Apache's error log in regards to the program
quitting unexpectedly, and I'm not able to figure out what is causing it
to quit.
I put some debugging checks into the program, and as far as I can tell,
it does the following:
1. opens the socket correctly
2. reads the banner from the remote host
3. prints a command to the daemon through the socket
4. quits after reading from the socket again with no error
I've tried many different ways of getting the data and printing to the
remote host, and all result the same way.
Is anyone aware of anything that might cause the program to die in this
manner, and only by running it as a CGI program?
I'm stuck on why it's quitting like this, and even how to figure out
why, let alone trying to make it stop doing it. Any clues?
--
joshua stein | superblock information systems | http://superblock.net
jcs@superblock.net | (gnu|p)gp key id: 2048/D8603211 | http://jcs.org
------------------------------
Date: Fri, 21 Jul 2000 14:09:19 -0700
From: "Todd Schacherl" <tschacherl@soliddata.com>
Subject: Re: Perl program dies through CGI, not from console
Message-Id: <8lae9u$i4e$1@paxfeed.eni.net>
If you don't print the header it will do that. make sure you have something
like:
print "content-type: text/html\n\n";
otherwise, check your server error log for more clues.
Todd
<jcs@superblock.net> wrote in message
news:dV1e5.6131$DH3.139705@news-east.usenetserver.com...
> I have a Perl program that essentially opens a TCP socket, talks to a
> daemon, and prints HTML back with the result of the conversation.
>
> If I run the program on the console with the environment setup to match
> the environment that Apache gives it (running as 'nobody', REMOTE_USER
> set as an environment variable), it runs just fine and returns the HTML
> to the console. If I run the program from a web browser, the web
> browser returns an error that no data was received from the server.
> There is nothing in Apache's error log in regards to the program
> quitting unexpectedly, and I'm not able to figure out what is causing it
> to quit.
>
> I put some debugging checks into the program, and as far as I can tell,
> it does the following:
>
> 1. opens the socket correctly
> 2. reads the banner from the remote host
> 3. prints a command to the daemon through the socket
> 4. quits after reading from the socket again with no error
>
> I've tried many different ways of getting the data and printing to the
> remote host, and all result the same way.
>
> Is anyone aware of anything that might cause the program to die in this
> manner, and only by running it as a CGI program?
>
> I'm stuck on why it's quitting like this, and even how to figure out
> why, let alone trying to make it stop doing it. Any clues?
>
> --
> joshua stein | superblock information systems | http://superblock.net
> jcs@superblock.net | (gnu|p)gp key id: 2048/D8603211 | http://jcs.org
------------------------------
Date: 21 Jul 2000 18:06:16 GMT
From: mjtg@cus.cam.ac.uk (M.J.T. Guy)
Subject: Re: perl-5.6.0: Bug with "not" operator?
Message-Id: <8la3eo$jmf$1@pegasus.csx.cam.ac.uk>
Keith Calvert Ivey <kcivey@cpcug.org> wrote:
>
>Can you give an example of an expression you'd use in a real
>program where the changed behavior makes a difference and where
>you prefer the old behavior? I find it hard to imagine that
>someone would use "not($a) and $b" to mean "not($a and $b)".
That's hardly a useful example, since its meaning hasn't changed.
The examples which have come up are like
not (localtime)[6]; # it isn't Sunday
Mike Guy
------------------------------
Date: Fri, 21 Jul 2000 18:42:57 GMT
From: clintp@geeksalad.org (Clinton A. Pierce)
Subject: Re: Pipe / IPC problem
Message-Id: <RQ0e5.46214$fR2.419693@news1.rdc1.mi.home.com>
[Posted and mailed]
In article <8la2fj$pl6$1@news.btv.ibm.com>,
"Stephen Waud" <waudsj@clarkson.edu> writes:
> [re-arranged a bit]
> this inelegant solution seems to be working for now but i think it may be
> indicative of a more important problem.. any thoughts?? thanks..
Since this is the only code you've shown us, this is all we can
debug.
> this results in "done\n" :
>
> <$handle>;
> print $_;
This is wrong. There's no implicit read into $_ in this case.
You're grabbing a line of input, throwing it away and printing
$_.
> while this gets the proper output:
>
> while (<$handle>)
> {
> print "$_";
> last;
> }
This does _something_. It reads one line from the handle (implicitly) into
$_ and then prints it.
Although this could have accomplished it much more succintly:
print scalar(<$handle>);
Or even:
$_=<$handle>;
print;
--
Clinton A. Pierce Teach Yourself Perl in 24 Hours!
clintp@geeksalad.org for details see http://www.geeksalad.org
"If you rush a Miracle Man,
you get rotten Miracles." --Miracle Max, The Princess Bride
------------------------------
Date: Fri, 21 Jul 2000 15:09:16 -0400
From: "Stephen Waud" <waudsj@clarkson.edu>
Subject: Re: Pipe / IPC problem
Message-Id: <8la6tb$co0$1@news.btv.ibm.com>
got it.. thanks for the help!
--
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Stephen Waud 'Show a Little Sunshine Every Day'
frizzy@softhome.net 'in a minute i'll be free..'
homepage: http://www.clarkson.edu/~waudsj/
got folk?: http://www.clarkson.edu/~waudsj/strangefolk/
-------"we live in and of each other- we will remain"-------
------------------------------
Date: Fri, 21 Jul 2000 18:10:23 GMT
From: Pjtg0707@Netscape.net (Pjtg0707)
Subject: Qs on Perl memory usage on Linux and Win32 systems
Message-Id: <snh4gf836tt61@corp.supernews.com>
I have a question on how Perl uses system memory....
I have a set of comma delimited ascii files full of stock/financial data
that I am trying to sift through with a script and put them all in order
in terms ordered time series of data under each stock ticker symbol, and I
fear I may run out memory if I don't store the periodic results in batches.
I am wondering if I have to specifically code the writes to disk or will
the OS and Perl do the swap for me automatically? I'd like to do all of it
in memory and in one shot before writing to disk for speed sake, but it may
be impossible due to the amount of data the script has to sift through.
I am on Linux, BTW.
As a second question, I've been pondering over the type of data structures
I may need to store the timed series data per ticker symbol, and it gets
rather complcated and confusing quickly. Any suggestions? Is it time to
bite the bullet and look into a database like MySQL? Are there any module
packages out here that sets up datastructures for me I can get?
------------------------------
Date: Fri, 21 Jul 2000 11:02:20 -0700
From: jerry <honglan00NOhoSPAM@yahoo.com.invalid>
Subject: Re: read system response in CGI
Message-Id: <046a4e9a.8409d9cf@usw-ex0104-087.remarq.com>
Hi, Makarand,
I posted my script on the web. I can invoke my program but it
went dead. Is it because of the connection with cgi? Any hint or
reference website?
Thanks a lot.
-----------------------------------------------------------
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Date: Fri, 21 Jul 2000 19:11:27 GMT
From: Bart Lateur <bart.lateur@skynet.be>
Subject: Re: Reading 3D form into 3D Array
Message-Id: <na7hns8mh9sdnndqnrj81p49e8g0ng5v84@4ax.com>
Robert Brooks wrote:
> I tried to do a loop
>with a variable inside a variable, for instance $name = $INPUT{'name$x'}
>Needless to say, that didn't work. I did some research and concluded that it
>isn't possible. But I didn't get any clear-cut answers on how this can be
>read in.
Of course it's possible. This is Perl. You simply used the wrong quotes.
At least you didn't try to create a variable with name "name1", you had
the sense to use a hash.
And perhaps you need a different data structure. I would think you'd
need an array of records. Each record would be a hash, all with fields
"name", "color" and "car". So, in effect, assigning "Tom" to field
"name1" would set the scalar $record[0]{'name'} to "Tom".
So, reading all the data:
for my $i (1 ..4) {
for my $field (qw'name color car') {
$record[$i-1]{$field} = $INPUT{"$field$i"};
}
}
--
Bart.
------------------------------
Date: Fri, 21 Jul 2000 11:27:18 -0700
From: "Ken Barr" <kenneth.c.barr.nospam@intel.com>
Subject: Re: READING hashes eats memory!?
Message-Id: <8la4l2$6g3@news.or.intel.com>
> If we believe you about hash-of-hashes, then
>
> a) You do not use strict;
Adding use strict 'refs'; didn't change memory usage or raise any compile
errors or warnings.
> b) You are making your table into a hash of hashes of hashes.
True.
> c) The references to the internal hashes are symbolic;
I'm pretty clueless about references except in terms of passing them to subs
:(
> No wonder the memory usage increases...
But why does it increase on the =read=? Once the enormous table has been
build, shouldn't memory usage stabilize? How can I peer into the table in
such a way that doesn't require more than the $scalar to hold the result?
Other than the additional (3rd) hash table, my code looks quite similar to
the camel book's hash-of-hash examples. When I ease back on the depth of
the lookups, it solves the problem but destroys the simplicity of cool perl
data structures.
Thanks for your help (and cperl-mode!)
Ken
kenneth (dot) c (dot) barr (at) intel.com or kbarr (at) umich.edu
------------------------------
Date: Fri, 21 Jul 2000 14:46:03 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: redirection fails
Message-Id: <39789A6B.35E01A71@attglobal.net>
"haggi@work" wrote:
>
> Hi,
>
> I'm trying to redirect a output in perl.
>
> system("ls -l > outputfile");
>
> I'm working with perl5.005 for cygwin. Windows NT.
>
> redirection in the shell works.
Thats not very Perlish.
(you might want to see opendir, readdir and friends...)
Using ls, you can easily do:
@files = `ls -l`; # we spawn a shell here, but so does system() with
# only one arg.
open OUTFILE, ">outputfilehere", or die "can't open file: $!\n";
print OUTFILE @files;
close OUTFILE;
------------------------------
Date: Fri, 21 Jul 2000 19:19:18 +0100
From: "Stuart Moore" <stumo@bigfoot.com>
Subject: Re: Script behaving differently from command line and by CGI
Message-Id: <8la46l$aar$1@supernews.com>
Tony Curtis <tony_curtis32@yahoo.com> wrote in message
news:87n1jbbild.fsf@limey.hpcc.uh.edu...
> >> On Fri, 21 Jul 2000 16:26:09 +0100,
> >> "Stuart Moore" <stumo@bigfoot.com> said:
>
> > I have a perl script that calls an external program
> > (PGP) by piping data to it and sending the output to a
> > text file. For some reason, it works fine when I run it
> > via telnet, but when I run it through CGI the output is
> > as if it ignores all the parameters. The line in
>
> [ oops auotwrapped]
>
> > question is: open(OUTPUT, "|/usr/local/bin/pgpe
> > -r\"email\@address1.com\" -r\"email\@address2.com\" -a t
> > >$$.enc"); (then the data is piped to it); As I say, I
>
> Well, firstly try different quoting characters
>
> open(OUTPUT, '| ... ') || die ... ;
>
> so you don't have to backslash the internal "".
I did that so it would parse $$ as the process ID so I had no fear of two
files being written at the same time. I find it easier this way than .ing
strings together
> CGI programs often run with different user-ids to your
> login session at the command line, e.g. as nobody. Is
> that the problem here? Look in the CGI FAQ at
>
> http://www.boutell.com/
>
Thinking about it, that could be it as it would mean PGP couldn't find the
files I'm refering to (not text files - Public Keys of the people I'm
encrypting to) - I'll have to look more at the documentation for PGP to
find a workaround. Cheers.
Stuart
------------------------------
Date: Fri, 21 Jul 2000 11:28:25 -0700
From: jerry <honglan00NOhoSPAM@yahoo.com.invalid>
Subject: Re: Script behaving differently from command line and by CGI
Message-Id: <03bb78f8.84679565@usw-ex0104-025.remarq.com>
Hi,there,
I have a similar problem. I need to invoke a shellscript through
my website. However when I tested the cgi script from the unix
prompt, it worked fine. But when I run it from the webpage, the
program ran throught its initial phase only. There was not error
message. When I monitored the system process, the actual exe file
was not even invoked. In my shell script, it does some data
preprocessing and then calls other binary program to execute.
Any hint?
my script is like this
use CGI;
..
if (param()){
...
#call the shell script
open3(WTR, RDR, ERR, "genReport.ksh") || die ("cannot open
script");
...
#print the system output to the webpage
while (<RDR>){
print p("$_") ;
}
}
-----------------------------------------------------------
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Date: Fri, 21 Jul 2000 14:28:08 -0600
From: "Robin Bank" <rbank@csf.edu>
Subject: secure auth trick
Message-Id: <8lad4l$2mdo$1@reader.nmix.net>
Just came up with a really cool trick to get a fairly secure password
authentication in PERL for a site without having to go through all that
encryption stuff.
I store my passwords in a plain text file. At first I wasn't so sure about
this because to use a script, all have to have read access, right? So, my
solution was to change the file to an unknown mime type - like .USR or
whatever... and, HERE'S THE KICKER, give the file permissions of 777.
That way when someone tries to access the file through http, it tries TO RUN
THE SCRIPT and causes an internal server error... My friend also pointed out
that if the file were linked to from a site, someone could use "save target
as..." and get it that way...but I tryed it and nope...it's secure, it
causes some sort of error...OR, IF IT IS A VALID program, stores the output
rather than the source code. This is awesome...
If anyone knows how to crack such a sytem through http, I'd appreciate an
email. Thanks.
-Robin
------------------------------
Date: Fri, 21 Jul 2000 16:53:36 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: secure auth trick
Message-Id: <3978B850.424CD3D3@attglobal.net>
Robin Bank wrote:
>
> Just came up with a really cool trick to get a fairly secure password
> authentication in PERL for a site without having to go through all that
> encryption stuff.
>
> I store my passwords in a plain text file. At first I wasn't so sure about
> this because to use a script, all have to have read access, right? So, my
> solution was to change the file to an unknown mime type - like .USR or
> whatever... and, HERE'S THE KICKER, give the file permissions of 777.
>
> That way when someone tries to access the file through http, it tries TO RUN
> THE SCRIPT and causes an internal server error... My friend also pointed out
> that if the file were linked to from a site, someone could use "save target
> as..." and get it that way...but I tryed it and nope...it's secure, it
> causes some sort of error...OR, IF IT IS A VALID program, stores the output
> rather than the source code. This is awesome...
>
> If anyone knows how to crack such a sytem through http, I'd appreciate an
> email. Thanks.
>
> -Robin
Have you tried defining a handler for this fake MIME type in a
browser and then loading the page? Maybe have it spawn a text
editor?
Why not post a link to this method and see how quickly it is
broken?
------------------------------
Date: Fri, 21 Jul 2000 20:55:32 GMT
From: "DS" <snakeman@kc.rr.com>
Subject: Security of CGI General Question
Message-Id: <8N2e5.7109$t%4.77256@typhoon.kc.rr.com>
Excuse me if this is a stupid question but is it safe to list a password in
the the same cgi thats being executed? For example I am making a script to
post news updates and I need to password protect the posting ability on it.
So in my script I just made a simple comparison like this :
if ($FORM{'password'} eq $admin_pass) {
&admin;
}
Thanx
Dirk
------------------------------
Date: Fri, 21 Jul 2000 16:55:57 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: Security of CGI General Question
Message-Id: <3978B8DD.71235497@attglobal.net>
DS wrote:
>
> Excuse me if this is a stupid question but is it safe to list a password in
> the the same cgi thats being executed? For example I am making a script to
> post news updates and I need to password protect the posting ability on it.
> So in my script I just made a simple comparison like this :
>
> if ($FORM{'password'} eq $admin_pass) {
> &admin;
> }
You aren't using CGI.pm!
Eeek.
Better to use some (even basic) encryption on the passwords.
Say you use crypt(), for example. You can then compare the
crypt()ed strings instead of the plain text strings. Makes it
harder for folks to abuse you.
------------------------------
Date: Fri, 21 Jul 2000 14:55:28 -0700
From: iJohn <digitalj@uswest.net.not>
Subject: Re: Security of CGI General Question
Message-Id: <B59E14DF.12AF%digitalj@uswest.net.not>
in article 8N2e5.7109$t%4.77256@typhoon.kc.rr.com, DS at snakeman@kc.rr.com
wrote on 7/21/00 1:55 PM:
> Excuse me if this is a stupid question but is it safe to list a password in
> the the same cgi thats being executed? For example I am making a script to
> post news updates and I need to password protect the posting ability on it.
> So in my script I just made a simple comparison like this :
>
> if ($FORM{'password'} eq $admin_pass) {
> &admin;
> }
I do that all the time on the intranet, where I'm not expecting
someone to try to break it.
If you wanted to be safer, you'd use the crypt function on the password,
so you'd compare crypt($FORM{'password'}) eq $admin_pass_crypted. It isn't
possible to reconstruct the original password from knowing the crypted form,
so even if someone read your script, they still wouldn't know the password.
Of course if they can read the script they can probably figure out how to
circumvent all that anyway.
--
i be iJohn, getting wet in Portland OR
I support the Freedom to Innovate: that's why I use a Mac.
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3771
**************************************
