[16366] in Perl-Users-Digest
Perl-Users Digest, Issue: 3778 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Sun Jul 23 03:05:29 2000
Date: Sun, 23 Jul 2000 00:05:10 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <964335910-v9-i3778@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Sun, 23 Jul 2000 Volume: 9 Number: 3778
Today's topics:
Re: Anyone working on any XS books? (brian d foy)
Re: dos command in perl script (Gwyn Judd)
Generate XML then convert to HTML using XSLT in Perl <ursted@my-deja.com>
Re: help w/ regular expression <wyzelli@yahoo.com>
Re: help w/ regular expression (Eric Bohlman)
Re: How do I spilt up a UPD packet?? (Matthew Zimmerman)
Is Root running script? <asquith@macconnect.com>
Re: Is Root running script? (Gwyn Judd)
Re: Is Root running script? (David Efflandt)
Re: Is Root running script? <billy@arnis-bsl.com>
Re: Is Root running script? (Abigail)
Re: NFS Client in perl? (Kenneth Herron)
Question on hashes... <rwilliamson@uno.gers.com>
Re: Question on hashes... (Tad McClellan)
Re: Question on hashes... <rwilliamson@uno.gers.com>
Re: Question on hashes... <rwilliamson@uno.gers.com>
Question on Reversing the contents of an array.. <snakeman@kc.rr.com>
Re: Question on Reversing the contents of an array.. (Decklin Foster)
Re: Question on Reversing the contents of an array.. <billy@arnis-bsl.com>
replace using regexp <suj_h@yahoo.com>
Re: replace using regexp <bcaligari@shipreg.com>
Re: secure auth trick <rbank@csf.edu>
Re: secure auth trick <rbank@csf.edu>
Re: Some security questions? <care227@attglobal.net>
Re: Some security questions? (Tad McClellan)
Re: Writing to a file error : Pt 2 <rabinoNOraSPAM@tidalwave.net.invalid>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Sat, 22 Jul 2000 21:15:42 -0400
From: brian@smithrenaud.com (brian d foy)
Subject: Re: Anyone working on any XS books?
Message-Id: <brian-ya02408000R2207002115420001@news.panix.com>
In article <397A43CB.5A57BC46@attglobal.net>, care227@attglobal.net posted:
> Have you heard about any replacment for the functionality XS provides?
there is no decision on this, and, as always, comments from the
community are welcome. we really are at the point which we can do
anything we want :)
> Or is XS thought to be too cumbersome to wield effectively?
the problem is that XS is XS rather than a language developers
already know. it would be nice if Perl extensions could be written
in a common language that developers already are comfortable with.
hopefully, if that is so, more developers will be drawn to Perl.
however, working groups on such issues are forming, and nothing has
been officially decided.
the official source of Perl 6 information (not much yet!) is
http://www.perl.org/perl6/
so far, discussion is taking place on one list until things settle:
bootstrap-subscribe@perl.org
--
brian d foy
CGI Meta FAQ <URL:http://www.smithrenaud.com/public/CGI_MetaFAQ.html>
Perl Mongers <URL:http://www.perl.org/>
------------------------------
Date: Sun, 23 Jul 2000 01:36:00 GMT
From: tjla@guvfybir.qlaqaf.bet (Gwyn Judd)
Subject: Re: dos command in perl script
Message-Id: <slrn8nkj5l.208.tjla@thislove.dyndns.org>
I was shocked! How could suj_h <suj_h@yahoo.com>
say such a terrible thing:
>Could someone show me how I can run a command like "dir /on /a-d /b
>*.txt > list" from within a perl script? This is nt4 perl.
>Thanks
at a guess:
system("dir /on /a-d /b *.txt > list");
(untested, I don't even have a windows box).
--
Gwyn Judd (tjla@guvfybir.qlaqaf.bet)
My return address is rot13'ed
Q: Why is Christmas just like a day at the office?
A: You do all of the work and the fat guy in the suit
gets all the credit.
------------------------------
Date: Sun, 23 Jul 2000 03:43:42 GMT
From: Phil Ursted <ursted@my-deja.com>
Subject: Generate XML then convert to HTML using XSLT in Perl
Message-Id: <8ldplb$6h3$1@nnrp1.deja.com>
I'm not very XML savvy, but I have in mind a simple application that I'd
like to write in Perl:
Stage 1:
I'd like to have a CGI that dynamically produces data from some
arbitrary source as the result of a query submitted by a user via a
form, then
Stage 2:
produces XML, such as the following:
<record>
<name> Some One </name>
<address> 123 Some Street </address>
.
.
.
</record>
then
Stage 3:
run an XSL transformation by reading a file on disk containing the XSL,
then spitting out HTML as the output of the CGI to be displayed by the
browser. I would like to avoid creating a temporary file in between
these two stages. A future enhancement might be to generate different
XML -> HTML conversions by using user prefs to select different XSL
files (or some other means of doing this)
What is the best way to accomplish this in Perl? What modules would you
suggest? Can I minimize the memory overhead for larger data streams by
buffering as little as possible in the code (i.e. start piping through
XSLT while stage 1 is still in progress, possibly with some tweaking of
the stage 1 modules) ?
FYI: I intend to use Apache on Solaris, but beyond that, Apache on *nix
in general as the web server.
Thanks,
Phil
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sun, 23 Jul 2000 11:30:59 +0930
From: "Wyzelli" <wyzelli@yahoo.com>
Subject: Re: help w/ regular expression
Message-Id: <Ajse5.7$mx1.1447@vic.nntp.telstra.net>
Sam Carleton <w00dy@my-deja.com> wrote in message
news:8lddc8$umk$1@nnrp1.deja.com...
> hay folks, I am new to perl, been a C/C++ programmer for 5 year now.
I
hay yourself!
>
> I have a string that is suppost to contain a phone number. I need the
> phone number in pure number's. The string could contain anything,
> though. If the string is indead a phone number I need it return in a
> string of pure numbers. If it is anything else I need the orginial
> string returned. Examples:
>
From your example I read that if a number contains anything other than
numbers, spaces, hyphens and brackets, it is a string. If it is a
string, you want it left alone.
Otherwise, you want to remove all the spaces, hyphens and brackets and
just retain the numbers.
I am not sure about the fn= examples but if that is an alternative
representation, it should be pretty simple to test for it and remove it.
Anyway, here is what I did quickly:
while (<DATA>){
chomp;
if (/[^\d ()-]/){
print "'$_' is a string\n";
}
else {
tr/ ()-//d;
print "'$_' is a number\n";
}
}
__END__
213-555-4321
213) 555-54321
213 555 4321
2135554321
213 555 4321
This is a string
432 cars are going
213-555-4321 phones are ringing
Wyzelli
------------------------------
Date: 23 Jul 2000 03:43:31 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: help w/ regular expression
Message-Id: <8ldpl3$fjk$5@slb1.atl.mindspring.net>
Sam Carleton (w00dy@my-deja.com) wrote:
: I have a string that is suppost to contain a phone number. I need the
: phone number in pure number's. The string could contain anything,
: though. If the string is indead a phone number I need it return in a
: string of pure numbers. If it is anything else I need the orginial
: string returned. Examples:
:
: 213-555-4321 -> 2135554321
: 213) 555-54321 -> 2135554321
: 213 555 4321 -> 2135554321
: 2135554321 -> 2135554321
: 213 555 4321 -> 2135554321
:
: fn=213-555-4321 -> 2135554321
: fn=(213) 555-4321 -> 2135554321
: fn=213 555 4321 -> 2135554321
: fn=2135554321 -> 2135554321
: fn=213 555 4321 -> 2135554321
:
: This is a string -> This is a string
: 432 cars are going -> 432 cars are going
: 213-555-4321 phones are ringing -> 213-555-4321 phones are ringing
:
: Can someone enlighen me as to how I would write a sub that either
: returned back the compact phone number or the original string?
Based on your examples, I am assuming that "contains a phone number" is
operationally defined as "ends in a sequence of digits, whitespace,
dashes, or parentheses which contains at least seven digits." In that
case:
sub extract_phone {
my $arg=shift;
if ($arg =~ /([-\d\s()]+)$/ and ($1 =~ tr/0-9//)>=7) {
($arg=$1) =~ tr/0-9//cd;
}
$arg;
}
------------------------------
Date: 23 Jul 2000 04:21:18 GMT
From: mdz4c@node8.unix.Virginia.EDU (Matthew Zimmerman)
Subject: Re: How do I spilt up a UPD packet??
Message-Id: <8ldrru$8h3$1@murdoch.acc.Virginia.EDU>
In article <%ehe5.3161$MJ5.36143@twister.sunsite.auc.dk>,
Daniel Ditlew <ditlew@abk.auc.dk> wrote:
>
> I get a UPD packet that looks like this:
> $packet = "(int32)(byte)(byte)(byte)(string)(int32)(float32)
>..(..(byte)(string)(int32)(float32)..).."
>
>My problem:
>I seem to recive the packet as one long string, and I
>dont know how to split the string up into the different components..
If you know what the data structure is, this is easy to do.
perldoc -f unpack
(and check out the entry on pack, too.)
HTH!
Matt
--
--
|Matthew Zimmerman http://www.people.virginia.edu/~mdz4c |
|Interdisciplinary Biophysics Program |"I AM serious. |
|University of Virginia | And stop calling me Shirley."|
------------------------------
Date: Sat, 22 Jul 2000 21:05:24 -0500
From: "Asquith" <asquith@macconnect.com>
Subject: Is Root running script?
Message-Id: <8ldjt002tqn@enews3.newsguy.com>
Is there a standard Perl idiom for determining whether root or superuser is
running a script? I have an application with numerous eval's and I am
trying to circumvent potential disasterous eval's.
eval { $x = $code }; # $code = '`/bin/rm -rf /`'; etc . . .
Thanks,
-wha
------------------------------
Date: Sun, 23 Jul 2000 04:27:02 GMT
From: tjla@guvfybir.qlaqaf.bet (Gwyn Judd)
Subject: Re: Is Root running script?
Message-Id: <slrn8nkt6c.2a0.tjla@thislove.dyndns.org>
I was shocked! How could Asquith <asquith@macconnect.com>
say such a terrible thing:
>Is there a standard Perl idiom for determining whether root or superuser is
>running a script? I have an application with numerous eval's and I am
>trying to circumvent potential disasterous eval's.
perl -we 'print $>'
prints 0 if the user is root.
--
Gwyn Judd (print `echo 'tjla@guvfybir.qlaqaf.bet' | rot13`)
All humans are hypocrites; the biggest hypocrite of all is the one who
claims to detest hypocrisy.
-- Peter Wastholm
------------------------------
Date: Sun, 23 Jul 2000 04:32:51 +0000 (UTC)
From: efflandt@xnet.com (David Efflandt)
Subject: Re: Is Root running script?
Message-Id: <slrn8nktad.3qq.efflandt@efflandt.xnet.com>
On Sat, 22 Jul 2000 21:05:24 -0500, Asquith <asquith@macconnect.com> wrote:
>Is there a standard Perl idiom for determining whether root or superuser is
>running a script? I have an application with numerous eval's and I am
>trying to circumvent potential disasterous eval's.
>
>eval { $x = $code }; # $code = '`/bin/rm -rf /`'; etc . . .
if ($< && $>) {
# not root
} else {
# root is either the real or effective uid
}
Or in other words:
unless ($< && $>) { die "root access denied"; }
--
David Efflandt efflandt@xnet.com http://www.de-srv.com/
http://www.autox.chicago.il.us/ http://www.berniesfloral.net/
http://hammer.prohosting.com/~cgi-wiz/ http://cgi-help.virtualave.net/
------------------------------
Date: Sun, 23 Jul 2000 04:37:34 GMT
From: Ilja Tabachnik <billy@arnis-bsl.com>
Subject: Re: Is Root running script?
Message-Id: <8ldsqe$8lp$1@nnrp1.deja.com>
In article <8ldjt002tqn@enews3.newsguy.com>,
"Asquith" <asquith@macconnect.com> wrote:
> Is there a standard Perl idiom for determining whether root or
superuser is
> running a script?
To get real/effective user/group id use the variables:
$< $> $( $)
Consuls perldoc perlvar or
(http://www.cpan.org/doc/manual/html/pod/perlvar.html)
for more details.
>I have an application with numerous eval's and I am
> trying to circumvent potential disasterous eval's.
>
> eval { $x = $code }; # $code = '`/bin/rm -rf /`'; etc . . .
>
Strictly speaking, IMHO _this_ eval block does nothing dangerous -
it simply assigns the content of $code to $x.
Hope this helps.
Ilja.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 23 Jul 2000 02:26:41 EDT
From: abigail@foad.org (Abigail)
Subject: Re: Is Root running script?
Message-Id: <slrn8nl524.vcg.abigail@alexandra.foad.org>
Asquith (asquith@macconnect.com) wrote on MMDXVIII September MCMXCIII in
<URL:news:8ldjt002tqn@enews3.newsguy.com>:
** Is there a standard Perl idiom for determining whether root or superuser is
** running a script? I have an application with numerous eval's and I am
** trying to circumvent potential disasterous eval's.
**
** eval { $x = $code }; # $code = '`/bin/rm -rf /`'; etc . . .
And someone the only important files on your system are owned by root?
On most systems, almost anything owned by root is easily replaced.
User files only if you have a working backup procedure.
Perhaps you are better off by using -T than "checking for root".
The latter can be done by studying "man perlvar".
Abigail
--
New email address: abigail@foad.org
------------------------------
Date: 23 Jul 2000 03:24:10 GMT
From: kherron@sgum.mci.com (Kenneth Herron)
Subject: Re: NFS Client in perl?
Message-Id: <8ldogq02mfc@enews4.newsguy.com>
In article <8l85jf$lm$1@ncal.verio.com>,
Greg Andrews <gerg@ncal.verio.com> wrote:
>>I searched for 'NFS' at http://search.cpan.org/ but found nothing.
>>
>>Is there no perl NFS module or something such?
>>
>
>A module that implements a filesystem? That would be pretty
>complex.
NFS is implemented through RPC (remote procedure call), which means it
has an API with data structures and function calls. One could
theoretically use XS to make a client or server API for perl. It wouldn't
even be that hard; RPC is actually pretty easy to use.
--
Kenneth Herron -- kherron@sgum.mci.com
"Netscape pollution must be eradicated."
-- Jeff Raikes, Vice president, Microsoft
------------------------------
Date: Sun, 23 Jul 2000 01:49:07 GMT
From: "Rusty Williamson" <rwilliamson@uno.gers.com>
Subject: Question on hashes...
Message-Id: <nase5.406$OG2.4858@typhoon.san.rr.com>
Hi!
I've been searching through my books for hours now and I'm just not looking
in the right place (I hope!).
I'm going to be doing something like this:
$database{"MRD-300"} =
{ "Name" => "Nathan Hale",
"Address" => "999 Centennial Ave.",
"Town" => "AnyTown",
"State" => "AnyState",
"Zip" => "12345-1234"
};
Give the above, how do I do the following?
1. I need to be able to define $database as local before I every start
adding any values to it. How do I do that?
2. I'll need to completely clear out all values from $database -- return it
to the 'just defined' state -- how do I do that?
Thanks!
--
------------------------------------------------------------
Rusty Williamson
Systems Programmer
GERS Retail Systems
http://www.gers.com/
The Object Workshop
http://home.san.rr.com/williamson/
Home Page
http://www.znet.com/~rusty/
------------------------------------------------------------
------------------------------
Date: Sat, 22 Jul 2000 22:28:31 -0400
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: Question on hashes...
Message-Id: <slrn8nkm2f.48s.tadmc@magna.metronet.com>
On Sun, 23 Jul 2000 01:49:07 GMT, Rusty Williamson <rwilliamson@uno.gers.com> wrote:
>I've been searching through my books for hours now and I'm just not looking
>in the right place (I hope!).
Where is it that you looked?
Knowing where people looked, but didn't find, is useful
information. Because then it can be put where they
look for it :-)
[ snip code ]
>1. I need to be able to define $database as local before I every start
^^^^^^^^^ ^^^^^
>adding any values to it.
Errr, your question is confusing on 2 points, so it is unclear
what the answer is...
First, there *is no* $database in your code.
You index into the %database _hash_, but you do not have
a scalar $database anywhere.
Second, you almost surely do _not_ want a local() variable. You
should nearly always be using my() variables instead:
perldoc -q "local.*my"
"What's the difference between dynamic and lexical (static)
scoping? Between local() and my()?"
So let me restate the question into one that I can answer :-)
"I need to scope my %database hash":
>How do I do that?
my(%database);
>2. I'll need to completely clear out all values from $database -- return it
>to the 'just defined' state -- how do I do that?
%database = (); # goodbye to all data...
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Sun, 23 Jul 2000 05:27:53 GMT
From: "Rusty Williamson" <rwilliamson@uno.gers.com>
Subject: Re: Question on hashes...
Message-Id: <tnve5.197$wn.4270@typhoon.san.rr.com>
Hi Tad!
> Where is it that you looked?
>
> Knowing where people looked, but didn't find, is useful
> information. Because then it can be put where they
> look for it :-)
>
Yes, that's cool. I looked under 'lists of lists', struct, define, declare
and anything else I could think of referencing the index of 'Programming
Perl' by Wall and 'Advanced Perl Programming' by Srintivansan. But my
problem -- besides being away from PERL for 2 years -- was I just didn't
know what something like this would be under. So that probably doesn't help
anyone decide where to add anything. However if you know where I should
have looked that be nice for me.
>
> <snip the rest>
>
Okay... LOL! Now, on top of being depressed about how little of the PERL
language I retained, I feel properly stupid as well -- but that's absolutely
okay! Right now you are my personal hero!! "Oh 10Q, 10Q, 10Q" from the
bottom of my heart! Now, thanks to you, I have a chance of finishing this
monstrosity (but a nice monstrosity) before Monday morning! BTW, if you
have any OOP/C++ questions, I owe you bud!
------------------------------------------------------------
Rusty Williamson
Systems Programmer
GERS Retail Systems
http://www.gers.com/
The Object Workshop
http://home.san.rr.com/williamson/
Home Page
http://www.znet.com/~rusty/
------------------------------------------------------------
------------------------------
Date: Sun, 23 Jul 2000 05:45:28 GMT
From: "Rusty Williamson" <rwilliamson@uno.gers.com>
Subject: Re: Question on hashes...
Message-Id: <YDve5.432$OG2.5657@typhoon.san.rr.com>
Oh BTW... local allows a data structure to be seen by the functions called
from the function its defined in, yes. 'my' on the other hand can only be
seen with the function it's called in -- have I got that wrong? I need my
structure to be seen by stuff higher on the stack. Perhaps I have this
wrong... or perhaps it's considered bad practice? My PERL is very rusty (no
pun intended).
--
------------------------------------------------------------
Rusty Williamson
Systems Programmer
GERS Retail Systems
http://www.gers.com/
The Object Workshop
http://home.san.rr.com/williamson/
Home Page
http://www.znet.com/~rusty/
------------------------------------------------------------
"Tad McClellan" <tadmc@metronet.com> wrote in message
news:slrn8nkm2f.48s.tadmc@magna.metronet.com...
> On Sun, 23 Jul 2000 01:49:07 GMT, Rusty Williamson
<rwilliamson@uno.gers.com> wrote:
>
> >I've been searching through my books for hours now and I'm just not
looking
> >in the right place (I hope!).
>
>
> Where is it that you looked?
>
> Knowing where people looked, but didn't find, is useful
> information. Because then it can be put where they
> look for it :-)
>
>
>
> [ snip code ]
>
>
> >1. I need to be able to define $database as local before I every start
> ^^^^^^^^^ ^^^^^
> >adding any values to it.
>
>
> Errr, your question is confusing on 2 points, so it is unclear
> what the answer is...
>
> First, there *is no* $database in your code.
>
> You index into the %database _hash_, but you do not have
> a scalar $database anywhere.
>
> Second, you almost surely do _not_ want a local() variable. You
> should nearly always be using my() variables instead:
>
> perldoc -q "local.*my"
>
> "What's the difference between dynamic and lexical (static)
> scoping? Between local() and my()?"
>
>
>
> So let me restate the question into one that I can answer :-)
>
>
> "I need to scope my %database hash":
>
>
> >How do I do that?
>
>
> my(%database);
>
>
> >2. I'll need to completely clear out all values from $database -- return
it
> >to the 'just defined' state -- how do I do that?
>
>
> %database = (); # goodbye to all data...
>
>
> --
> Tad McClellan SGML Consulting
> tadmc@metronet.com Perl programming
> Fort Worth, Texas
------------------------------
Date: Sun, 23 Jul 2000 04:57:07 GMT
From: "DS" <snakeman@kc.rr.com>
Subject: Question on Reversing the contents of an array..
Message-Id: <DWue5.7798$t%4.89417@typhoon.kc.rr.com>
Hello all-
I have a question on reversing the contents of an array. What I am trying
to do is read a data file and then print the last line of the data file
first. I think I may be using this "reverse" comand totally wrong but it
sounds like what I needed. This is what I have so far:
open(DAT,data.dat) or die("Could not open file!");
@raw = <DAT>;
reverse(@raw);
close(DAT);
foreach $line (@raw) {
chomp($line);
print "$line\n";
}
My data file is like this:
item1|item2|item3|item4
item1|item2|item3|item4
item1|item2|item3|item4
and so on.....
Can't you use the "reverse command on this array?
Thanx
DS
------------------------------
Date: 23 Jul 2000 05:29:52 GMT
From: decklin+usenet@red-bean.com (Decklin Foster)
Subject: Re: Question on Reversing the contents of an array..
Message-Id: <8ldvsf$47ial$1@ID-10059.news.cis.dfn.de>
DS <snakeman@kc.rr.com> writes:
> reverse(@raw);
<snip>
> foreach $line (@raw) {
foreach $line (reverse @raw) {
reverse does not have side-effects: it's functional. The documentation
explains this.
perldoc -f reverse
Using -w should have warned you about the useless use of a list in
void context when you called reverse. I suggest you add it now and
always use it in the future.
--
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
------------------------------
Date: Sun, 23 Jul 2000 05:52:56 GMT
From: Ilja Tabachnik <billy@arnis-bsl.com>
Subject: Re: Question on Reversing the contents of an array..
Message-Id: <8le17k$bc3$1@nnrp1.deja.com>
In article <DWue5.7798$t%4.89417@typhoon.kc.rr.com>,
"DS" <snakeman@kc.rr.com> wrote:
> Hello all-
> I have a question on reversing the contents of an array. What I am
trying
> to do is read a data file and then print the last line of the data
file
> first. I think I may be using this "reverse" comand totally wrong but
it
> sounds like what I needed. This is what I have so far:
>
> open(DAT,data.dat) or die("Could not open file!");
> @raw = <DAT>;
> reverse(@raw);
@raw = reverse @raw;
Please re-read 'perldoc -f reverse'
(or http://www.cpan.org/doc/manual/html/pod/perlfunc/reverse.html)
And why do you not use the -w switch ???
If you would, you'd get a nice warning:
"Useless use of reverse in void context at ... line ..."
Hope this helps.
Ilja.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Sun, 23 Jul 2000 06:13:06 GMT
From: "suj_h" <suj_h@yahoo.com>
Subject: replace using regexp
Message-Id: <S1we5.4259$Uo6.222671@bgtnsc07-news.ops.worldnet.att.net>
I need to process a text file that has this format:
...
some string here -> some more string here
...
I want to keep only what comes before "->" and drop everything else in
the output. Could someone point out why this code doesn't do that?
open(infile, "data") or die "Can't open infile";
while($line=<infile>){
if($line =~ /^(.+)->(.+)$/){
print "\1\n";
}
}
close(infile);
------------------------------
Date: Sun, 23 Jul 2000 09:02:06 +0200
From: "Brendon Caligari" <bcaligari@shipreg.com>
Subject: Re: replace using regexp
Message-Id: <8le4li$a7s$1@news.news-service.com>
"suj_h" <suj_h@yahoo.com> wrote in message
news:S1we5.4259$Uo6.222671@bgtnsc07-news.ops.worldnet.att.net...
> I need to process a text file that has this format:
> ...
> some string here -> some more string here
> ...
> I want to keep only what comes before "->" and drop everything else in
> the output. Could someone point out why this code doesn't do that?
>
> open(infile, "data") or die "Can't open infile";
> while($line=<infile>){
> if($line =~ /^(.+)->(.+)$/){
> print "\1\n";
> }
> }
> close(infile);
try $1 instead of \1
However in this particular case you might be better off using a substitution
if you don't care what's going to come after the '->'
eg $line =~ s/->.*$//;
B
------------------------------
Date: Sat, 22 Jul 2000 21:02:33 -0600
From: "Robin Bank" <rbank@csf.edu>
Subject: Re: secure auth trick
Message-Id: <8ldn81$13d1$1@reader.nmix.net>
I am actually not on my own server, but I have exclusive ownership
permissions to the directory and no other directory can access the virtual
domain directory even with a cgi script so that's pretty secure.
Also means can't do the appache thing you suggested.
Thanks for the suggestions, I've been trying all sorts of stuff to make sure
it's secure and it's working so far...
Later,
--
Robin Bank
rbank@csf.edu
---
"Gus" <gus@black.hole-in-the.net> wrote in message
news:964271061.19125.0.nnrp-12.c29f015a@news.demon.co.uk...
> Robin Bank <rbank@csf.edu> wrote:
> > Just came up with a really cool trick to get a fairly secure password
> > authentication in PERL for a site without having to go through all that
> > encryption stuff.
>
> s/PERL/Perl/;
>
> What you're destribing is how to place a file on the filesystem which,
with
> the current configuration of your web server, will not be served. That
> does not make things secure.
>
> Firstly, an easier way would be (in Apache)
>
> <Files \.USR$>
> Order allow,deny
> Deny from all
> </Files>
>
> So the requesting browser would get a 403 forbidden rather than a rather
> confusing 500 error. It would also help make your log files a bit easier
> to understand.
>
> Alternatively, why not just store the file outside the web server document
> tree ?
>
>
> Lastly, I assume you are on your own server, so no-one else can write a
> upload a CGI program which reads the file in question ?
>
>
>
>
> --
> gus@black.hole-in-the.net
> 0x58E18C6D
> 82 AA 4D 7F D8 45 58 05 6D 1B 1A 72 1E DB 31 B5
> http://black.hole-in-the.net/gus/
------------------------------
Date: Sat, 22 Jul 2000 21:04:24 -0600
From: "Robin Bank" <rbank@csf.edu>
Subject: Re: secure auth trick
Message-Id: <8ldn82$13d1$2@reader.nmix.net>
Yeah, I just tryed that, it still only opens the output with a text editor,
same thing...
About posting a link to try and break the script, I already let you know
that it was file types of .USR, so you got an unfair advantage (some random
hacker wouldn't know this) ;-) I might change the file type at some point
though in which case I will do that.
Later,
--
Robin Bank
rbank@csf.edu
---
"Drew Simonis" <care227@attglobal.net> wrote in message
news:3978B850.424CD3D3@attglobal.net...
> Robin Bank wrote:
> >
> > Just came up with a really cool trick to get a fairly secure password
> > authentication in PERL for a site without having to go through all that
> > encryption stuff.
> >
> > I store my passwords in a plain text file. At first I wasn't so sure
about
> > this because to use a script, all have to have read access, right? So,
my
> > solution was to change the file to an unknown mime type - like .USR or
> > whatever... and, HERE'S THE KICKER, give the file permissions of 777.
> >
> > That way when someone tries to access the file through http, it tries TO
RUN
> > THE SCRIPT and causes an internal server error... My friend also pointed
out
> > that if the file were linked to from a site, someone could use "save
target
> > as..." and get it that way...but I tryed it and nope...it's secure, it
> > causes some sort of error...OR, IF IT IS A VALID program, stores the
output
> > rather than the source code. This is awesome...
> >
> > If anyone knows how to crack such a sytem through http, I'd appreciate
an
> > email. Thanks.
> >
> > -Robin
>
> Have you tried defining a handler for this fake MIME type in a
> browser and then loading the page? Maybe have it spawn a text
> editor?
>
> Why not post a link to this method and see how quickly it is
> broken?
------------------------------
Date: Sat, 22 Jul 2000 21:22:16 -0400
From: Drew Simonis <care227@attglobal.net>
Subject: Re: Some security questions?
Message-Id: <397A48C8.E77DDDD2@attglobal.net>
Pasquale wrote:
>
> I've just finished some of my first scripts and added the -T switch to
> the #! line. I would like to make them as secure as I can. I've
> untainted what taint was having a problem with, through reg.
> expression. Some of my questions I have are:
>
> 1. Is taint mode being happy with the script enough?
No. Taint mode is a reminder to the programmer. You can do silly
things with regular expressions and taint will be pleased. Examples
I've seen include matching (.*) and replacing the value with $1.
You didn't change the string, but taint is happy. I've also read that
taint doesn't consider input from CGI.pm's param() function tainted,
but I've not tested that.
> 2. I understand that the big concern is when the data is from user input
> & that input is used along with a shell operation, i.e.: system(),
> open(), etc.?
system() should always be called with multiple arguments, not just
one. Multiple arguments = no shell. Open should not use the default
syntax when opening for reading. Example:
open FILE, "$filename" or die "can't open: $!";
If filename is a really nasty rm command followed by a pipe, bad
things happen. They don't happen, however, when you write:
open FILE, "<$filename" or die "can't open: $!";
> 3. Is "open(MAIL, "|/usr/sbin/sendmail -t")" enough, if all
> variables(To: & From:) are preset or checked against a list?
Can that list be modified? Can the preset variables be changed?
You must be paranoid! Paranoia is good.
> 4. Is not having "<" when opening a file a security issue or is that
> when the filename & the path is a variable?
See above comment on open().
> 5. I was trying to set things up so my scripts were only accessible/used
> from my domain/site using HTTP_REFERER, doesn't work. Is there another
> way to do this?
The referer is too easily fooled, and generally not worth it. Best
bet I can think of off hand is password protection.
> 6. Are glob() & unlink() security issues? If so, any suggestions?
unlink() basically deletes the file. If this is safe or not depends
on how much you trust the source of the filename, and how closley
you've inspected it. Never used glob(), but from what I read, it
could be misused.
> 7. I have a script used to upload files. It is setup to only upload if
> the extension is ".jpg". Is that enough to prevent any other
> problematic uploads?
Don't trust file extensions.
> 8. I've perlsec, but I'm still not understanding $ENV{'PATH'}. Anywhere
> else I can read up on this variable & using it?
All this does is set the value of your path to what you specify. It
is used to make that path more restrictive then it generally would be.
Any good UNIX book should discuss paths and how they impact system
behaviour.
------------------------------
Date: Sat, 22 Jul 2000 22:39:02 -0400
From: tadmc@metronet.com (Tad McClellan)
Subject: Re: Some security questions?
Message-Id: <slrn8nkmm6.48s.tadmc@magna.metronet.com>
On Sat, 22 Jul 2000 21:22:16 -0400, Drew Simonis <care227@attglobal.net> wrote:
>Open should not use the default
>syntax when opening for reading. Example:
>
>open FILE, "$filename" or die "can't open: $!";
I sure hope that isn't _really_ the "default".
open FILE, $filename or die "can't open: $!";
Useless quotes are..., well, useless.
( I feel better now :-)
>If filename is a really nasty rm command followed by a pipe, bad
>things happen. They don't happen, however, when you write:
>
>open FILE, "<$filename" or die "can't open: $!";
[snip]
>> 4. Is not having "<" when opening a file a security issue or is that
>> when the filename & the path is a variable?
>
>See above comment on open().
If you are concerned with security, it is probably easier
to avoid magic open() (use sysopen() instead) than to
remember how to use it safely.
So let's not spend a lot of brain cycles on this line of questioning.
See perlopentut.pod for more info too.
--
Tad McClellan SGML Consulting
tadmc@metronet.com Perl programming
Fort Worth, Texas
------------------------------
Date: Sat, 22 Jul 2000 19:55:05 -0700
From: Mike Rabinovitz <rabinoNOraSPAM@tidalwave.net.invalid>
Subject: Re: Writing to a file error : Pt 2
Message-Id: <27670d10.010b849d@usw-ex0104-033.remarq.com>
A couple of thoughts:
1. You could put a $! in the die string to get an explanation of
why the open failed.
2. Assuming there is no permission issue in your full path to
the file, you could try forming the combined string outside the
open command, then inserting the result into the open command.
Good luck,
Mike
-----------------------------------------------------------
Got questions? Get answers over the phone at Keen.com.
Up to 100 minutes free!
http://www.keen.com
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3778
**************************************
