[16382] in Perl-Users-Digest
Perl-Users Digest, Issue: 3794 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Jul 25 09:05:35 2000
Date: Tue, 25 Jul 2000 06:05:17 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <964530317-v9-i3794@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Tue, 25 Jul 2000 Volume: 9 Number: 3794
Today's topics:
Re: Activestate PPM not working for Windows? (Eric Bohlman)
Re: Advanced Perl Programming -- Dated? <bart.lateur@skynet.be>
Re: Any free Perl-Friendly hosts? <perls@my-deja.com>
Re: Callback in SNMP module (Peter J Scott)
Re: cookie (Tim Hammerquist)
Re: day_of_week() and age() without using Date::Calc ? <bart.lateur@skynet.be>
Re: DBI, XML issue (Eric Bohlman)
define "tutor" (was Re: Stumped a Digitalthink PERL tut <darkuncle@linuxstart.com>
empty line melet@my-deja.com
Error msg for perl using DBI?? <ltlau@yahoo.com>
Re: file location and access strategies hacktic@my-deja.com
Re: Generate XML then convert to HTML using XSLT in Per <matt@sergeant.org>
Getting the date I want <wgreen@vtown.com.au>
Getting the date I want <wgreen@vtown.com.au>
Re: Getting the date I want undergronk@yahoo.com
Re: help w/ regular expression <bart.lateur@skynet.be>
Re: HELP: longSyntax ok, but: rHsh->{myKey} UNDEFINED?? (Decklin Foster)
Re: how do you ? question (Tim Hammerquist)
Re: latest site (Tim Hammerquist)
Re: Mail::Mailer for win9n (Tim Hammerquist)
Newbie needs advice about security (SPAM)
Re: Newbie needs advice about security (Eric Bohlman)
Re: OK, how do I put a variable in a regexp? (M.J.T. Guy)
password authorisation - running scripts <davejohnson@lansdownsoftware.co.uk>
Re: password authorisation - running scripts <perls@my-deja.com>
Re: password unix with crypt (Villy Kruse)
Re: Perl as a win32 scheduled task <Peter.Dintelmann@dresdner-bank.com>
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 25 Jul 2000 08:03:52 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: Activestate PPM not working for Windows?
Message-Id: <8ljhl8$ksr$3@slb3.atl.mindspring.net>
Peter G. Martin (peter@accesss.com.au) wrote:
: BTW is XML "well-formed" regardless of a line length ?
: Can't immediately see anything about it in the rfc stuff I have.
Yep. XML doesn't even have a concept of "lines." Line-ending characters
are just treated as space in markup, and as any other character in
character data (except that CR and CRLF are normalized into a single LF).
------------------------------
Date: Tue, 25 Jul 2000 12:35:26 GMT
From: Bart Lateur <bart.lateur@skynet.be>
Subject: Re: Advanced Perl Programming -- Dated?
Message-Id: <lg1rnsknjpfjg2k43k52au6alng9a5mkm6@4ax.com>
Uri Guttman wrote:
>using typeglobs to pass data structures vs. references is definitely a
>bad idea.
It is not. The fact that you can access a passed hash as an ordinary
hash, is cute.
Granted, I don't use it that much because the assignment to the typeglob
is a bit confusing. Plus, if you don't test if indeed you get a hash
ref, you'll get bad results, with barely any warning
test(\%hash);
sub test {
local *localhash = shift;
foreach my $key (keys %localhash) {
print "$key: $localhash{$key}\n";
}
}
>in fact the discussion on perl6 is to eliminate typeglobs
>altogether.
So I've read. I think putting global variables in a typeglob and lexical
variables in a cell on it's own, is not consequent, and thus, confusing.
So making these uniform is a good idea.
But the concept of being able to create aliases, as through the
typeglob, is too nice to loose. It's faster, but it's neater too
(simpler syntax), than dereferencing references. So, we need an
alternative syntax.
I had been thinking about this before, and I'd like a syntax like this:
sub test {
my \%hash = shift;
print $hash{foo};
}
test(\%somehash);
That would:
* check that you get a hash reference
* make %hash a lexical alias to the original hash.
The reason why I chose this syntax, is because it looks symmetric:
my \%y = \%x;
It would have to work with \@ary and \$scalar too, as well as in:
my($x, \%y, \@z) = @_;
--
Bart.
------------------------------
Date: Tue, 25 Jul 2000 12:42:31 GMT
From: Perls <perls@my-deja.com>
Subject: Re: Any free Perl-Friendly hosts?
Message-Id: <8lk1vm$gfg$1@nnrp1.deja.com>
Hello!
In article <0245003e.cdac6b14@usw-ex0105-037.remarq.com>,
shadeejake <shadeejake1NOshSPAM@aol.com.invalid> wrote:
> I'm a beginning web designer and I have a rather large site in
> the works. But, i've searched far and near to find a free host
> that is Perl-friendly.. anyone have any suggestions or know
> where to point me? I'm under financial restaints (aka I don't
> get paid enough at my present job) to serve my own site at
> home. I just need some place for the meantime.
>
> Thanks in advance,
> Jake
> ShadeeJake1@aol.com
>
> -----------------------------------------------------------
>
> Got questions? Get answers over the phone at Keen.com.
> Up to 100 minutes free!
> http://www.keen.com
>
>
Try www.portland.co.uk
16Mb, cgi, php, mysql, no banners and ability to host you domain name
with subdomains, or subdomain.portland.com and all free.
--
Best Regards,
Alex
http://www.perl-manual.com/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 25 Jul 2000 12:49:08 GMT
From: peter@PSDT.com (Peter J Scott)
Subject: Re: Callback in SNMP module
Message-Id: <81gf5.13368$Cm.423285@news1.gvcl1.bc.home.com>
In article <8li6kf$vb3$1@dipsy.missouri.edu>,
Justin McNutt <mcnuttj@nin.iats.missouri.edu> writes:
>> Okay, I've looked all over the place (including 'perldoc SNMP' over and
>> over) and I can't figure out how to do this.
I haven't used the SNMP module, but maybe I can help with this bit:
>My problem now seems to be understanding references (I think).
You're doing pretty well if this is your first encounter with references.
>Consider the following code: [snip]
> $vb[$x] = new SNMP::Varbind([$mib]);
>[snip]
>Okay, now the idea here is to create an array of Varbinds (@vb), each
>of which points to an object that is defined like this in the SNMP.pm
>module:
>
>package SNMP::Varbind;
>
>$tag_f = 0;
>$iid_f = 1;
>$val_f = 2;
>$type_f = 3;
>
>sub new {
> my $type = shift;
> my $this = shift;
> $this ||= [];
> bless $this;
>}
>
>sub tag {
> $_[0]->[$tag_f];
>}
>sub val {
> $_[0]->[$val_f];
>}
>
> [snip]
>
>So given this much, which part of the references to either @vb or the
>data contained therein am I screwing up? I'd like to be able to print
>like this (or the correct equivalent):
>
>print "$vb[$x]->[$SNMP::Varbind::val_f] is the data returned.\n";
Not quite: you just call the pre-defined method instead of pretending you know the object
implementation:
print $vb[$x]->val, " is the data returned.\n";
--
Peter Scott
------------------------------
Date: Tue, 25 Jul 2000 09:53:09 GMT
From: tim@degree.ath.cx (Tim Hammerquist)
Subject: Re: cookie
Message-Id: <slrn8nqpd6.4p1.tim@degree.ath.cx>
On Mon, 24 Jul 2000 19:34:51 -0600, Robin Bank <rbank@csf.edu> wrote:
>Anyone know any good http cookie perl routines or modules? I hate to think I
>might have to write one myself...
CGI.pm's cookie methods not good enough? If not, try searching CPAN.
Here's a URL to get you started:
http://search.cpan.org/search?mode=module&query=cookie
--
-Tim Hammerquist <timmy@cpan.org>
Emacs is a nice OS - but it lacks a good text editor.
That's why I am using Vim. --Anonymous
------------------------------
Date: Tue, 25 Jul 2000 12:41:34 GMT
From: Bart Lateur <bart.lateur@skynet.be>
Subject: Re: day_of_week() and age() without using Date::Calc ?
Message-Id: <9j2rnssvmmdrp6cgr83ldfu4ddkclqoamo@4ax.com>
Steffen Beyer wrote:
>> 1) One that can return the day-of-week for a given date
>Third, you can probably do with Perl's builtin function "localtime" alone.
>(See "man perlfunc" and the FAQ)
>Fourth, every Perl installation contains some Date and Time modules,
>like Time::Local (I think).
These two together are enough to make it work. Parse the date string,
extracting the year, month and day number (as localtime() produces), use
Time::Local to turn it into seconds-since-epoch, apply localtime() again
and extract the day-of-week field.
--
Bart.
------------------------------
Date: 25 Jul 2000 08:31:44 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: DBI, XML issue
Message-Id: <8ljj9g$ksr$5@slb3.atl.mindspring.net>
Markus Kaiser (m.kaiser@sz-sb.de) wrote:
: when I use the Perl modules DBI and XML:Parser together
: the following error message occurs:
: "read method call failed at .../lib/perl5/XML/Parser.pm
: line 184."
What version of perl are you using? IIRC, there was a bug in 5.004 that
caused something like the problem you're getting.
------------------------------
Date: Tue, 25 Jul 2000 08:33:49 GMT
From: darkuncle <darkuncle@linuxstart.com>
Subject: define "tutor" (was Re: Stumped a Digitalthink PERL tutor)
Message-Id: <8ljjdd$6jc$1@nnrp1.deja.com>
In article <8ljc2r$kp$1@nnrp1.deja.com>,
arerickson@my-deja.com wrote:
> There should be a very simple answer to this but my PERL tutor
couldn't
> provide one.
>
> I have PERL set up on win98, programs work in WIN when you click on
them at
> lightening speed.....IN DOS, when I am in the perl\bin directory and
try to
> run PERL, it says:
>
> PROGRAM CANNOT RUN IN DOS MODE.
>
> Any solutions? I've tried most everything...
Perl is an interpreter. You can't just "run PERL" (execute the binary) -
you have to give it some code, commands or options to interpret for you.
I suggest the following for you and your 'tutor':
1) come up with a VERY simple test script 'print "hello, world!";'
should do nicely. Now try your code out from the prompt ('perl
filename.pl' should do it.) Try it from within windows (however that
works, probably some foolishness regarding file extensions and
associations.)
2) Forget trying to code in windows, unless you don't have enough free
time to pursue your masochistic interests. Get a *nix account somewhere,
and write/test your code there. Test it again on windows, if you must.
This will have the triple advantage of making your code more portable,
making you a better programmer, and avoiding problems that have nothing
whatever to do with perl and everything to do with an OS that should be
instantly relegated to the game room or the trash bin.
3) Buy a good book on Perl. From the sounds of things, "Learning Perl,
2nd. Ed." is a good place to start. perldoc perlfaq is probably
another excellent place to start. You might get on EFnet (IRC) and ask
purl about books, tutorials, activeperl and "doesn't work".
http://www.activestate.com may also have a windows-specific FAQ that
will help answer your questions regarding Perl and that OS.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 25 Jul 2000 12:29:35 GMT
From: melet@my-deja.com
Subject: empty line
Message-Id: <8lk17b$fmg$1@nnrp1.deja.com>
hello,
how to detect an emtpy line?
thanks fred.
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 25 Jul 2000 17:58:07 +0800
From: "JL" <ltlau@yahoo.com>
Subject: Error msg for perl using DBI??
Message-Id: <397d64ac@news02.imsbiz.com>
Hi,
I always get the following error message:
"DBI::db=HASH(0x817d86c)->disconnect invalidates 2 active statement handles
(either destroy statement handles or call finish on them before
disconnecting) at test.pl line 15."
Can anyone tell me how come it happen?
Cause my program work fine, but still have the above error message.
Thx.
------------------------------
Date: Tue, 25 Jul 2000 11:52:40 GMT
From: hacktic@my-deja.com
Subject: Re: file location and access strategies
Message-Id: <8ljv27$e8i$1@nnrp1.deja.com>
I know it's a genereal CGI question but consider us unfortunate people
that don't get ALL forums forwarded and just have to do with
comp.lang.perl.misc as (nearly) only forum source on this topic.
What I wanted is to get some feedback on how others would place their
files that need to be accessed by both Perl scripts and used in the
homepages with regular HTML files. How binary tools should access these
files and if there is some alternative solutions to what I am doing.
I don't get the required info from $ENV{DOCUMENT_ROOT}. It returns the
primary webdirectory for my Xitami server and not of the directory
where I need to modify the files with the binary tools. But thanks
anyway for the tip.
I am still using the abslolute path (c:\inetpub\wwwroot\myfile.gif) to
get to the web-dir where the
images are located that need to be modified with the Perl script and the
convert tool. But it looks like an unprofesional way of doing this. Is
this really how its done? Or are there other solutions to this?
Regards;
-Mark-
> >Hi all,
> >
> <snip>
>
> >I'm running into problems on servers that have virtual directories
and
> >I can't figure out the absolute path to the images for the convert
tool.
>
> Ah..... not real sure this is a Perl problem as such, but
>
> $ENV{DOCUMENT_ROOT}
>
> should give you enough info to figure out your path, at least on
Apache web
> servers....
>
> Steve
>
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 25 Jul 2000 08:23:41 +0100
From: Matt Sergeant <matt@sergeant.org>
Subject: Re: Generate XML then convert to HTML using XSLT in Perl
Message-Id: <397D407D.3F66A9A4@sergeant.org>
Phil Ursted wrote:
>
> I'm not very XML savvy, but I have in mind a simple application that I'd
> like to write in Perl:
>
> Stage 1:
>
> I'd like to have a CGI that dynamically produces data from some
> arbitrary source as the result of a query submitted by a user via a
> form, then
>
> Stage 2:
>
> produces XML, such as the following:
>
> <record>
> <name> Some One </name>
> <address> 123 Some Street </address>
> .
> .
> .
> </record>
>
> then
>
> Stage 3:
>
> run an XSL transformation by reading a file on disk containing the XSL,
> then spitting out HTML as the output of the CGI to be displayed by the
> browser. I would like to avoid creating a temporary file in between
> these two stages. A future enhancement might be to generate different
> XML -> HTML conversions by using user prefs to select different XSL
> files (or some other means of doing this)
>
> What is the best way to accomplish this in Perl? What modules would you
> suggest? Can I minimize the memory overhead for larger data streams by
> buffering as little as possible in the code (i.e. start piping through
> XSLT while stage 1 is still in progress, possibly with some tweaking of
> the stage 1 modules) ?
Unfortunately that's not possible with any XSLT solution yet - they all use
an in-memory DOM, and have to do the whole transform before starting any
output.
> FYI: I intend to use Apache on Solaris, but beyond that, Apache on *nix
> in general as the web server.
You need AxKit then, http://axkit.org/ - its entirely written in Perl (with
some compiled bits for speed).
--
<Matt/>
Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org | AxKit: http://axkit.org
------------------------------
Date: Tue, 25 Jul 2000 20:09:53 +1000
From: "WENDY GREEN" <wgreen@vtown.com.au>
Subject: Getting the date I want
Message-Id: <397d67a9$2@news.iprimus.com.au>
Hi. I don't know much Perl yet, but I'm trying to hack a script to my
requirements. Code is:
$date_command = "/bin/date";
$date = `$date_command +"%A, %B %d, %Y at %T (%Z)"`; chop($date);
$shortdate = `$date_command +"%D %T %Z"`; chop($shortdate);
.
.
open (GUEST,">$guestbookreal") || die "Can't Open $guestbookreal: $!\n";
.
.
print GUEST "$shortdate\n\n";
This gives output as
07/25/00 10:05:31 /etc/localtime
I want the date formatted as dd/mm/yy (Australian), and want to lose the
"/etc/localtime"
Any help very much appreciated. If emailing me best address might be
hermit_au@yahoo.com
Thanks very much,
Kerry Green.
------------------------------
Date: Tue, 25 Jul 2000 20:12:10 +1000
From: "WENDY GREEN" <wgreen@vtown.com.au>
Subject: Getting the date I want
Message-Id: <397d6837@news.iprimus.com.au>
Hi, I don't know much Perl, but I'm trying to hack a script to my
requirements.
The code is:
$date_command = "/bin/date";
$date = `$date_command +"%A, %B %d, %Y at %T (%Z)"`; chop($date);
$shortdate = `$date_command +"%D %T %Z"`; chop($shortdate);
.
.
.
open (GUEST,">$guestbookreal") || die "Can't Open $guestbookreal: $!\n";
.
.
.
print GUEST "$shortdate\n\n";
The page comes out reading
07/25/00 10:05:31 /etc/localtime
I want the date formatted dd/mm/yy (not in America), and want to get rid of
the "/etc/localtime".
Any help appreciated. If emailing reply to me please send to
hermit_au@yahoo.com.
Thanks very much.
Kerry Green.
------------------------------
Date: Tue, 25 Jul 2000 11:06:25 GMT
From: undergronk@yahoo.com
Subject: Re: Getting the date I want
Message-Id: <8ljsbg$cc1$1@nnrp1.deja.com>
In article <397d6837@news.iprimus.com.au>,
"WENDY GREEN" <wgreen@vtown.com.au> wrote:
> Hi, I don't know much Perl, but I'm trying to hack a script to my
> requirements.
>
> The code is:
>
> $date_command = "/bin/date";
> $date = `$date_command +"%A, %B %d, %Y at %T (%Z)"`; chop($date);
> $shortdate = `$date_command +"%D %T %Z"`; chop($shortdate);
> .
You don't need to call the system date function to get the time. Use
the Perl ones
perldoc -f time
perldoc -f localtime
> .
> .
> print GUEST "$shortdate\n\n";
>
> The page comes out reading
>
> 07/25/00 10:05:31 /etc/localtime
>
> I want the date formatted dd/mm/yy (not in America), and want to get
rid of
> the "/etc/localtime".
If you use localtime in a scalar context
my $today = localtime(time);
print "Time is now: $today \n";
you will get something like..
Tue Jul 25 11:57:03 2000
If you use a list context
my @today = locatime(time);
The list contains the bits of the date and you can pick out the bits
you want.
OK?
Scott Kirk
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Tue, 25 Jul 2000 08:46:58 GMT
From: Bart Lateur <bart.lateur@skynet.be>
Subject: Re: help w/ regular expression
Message-Id: <7tkqns81juhiqj1908qb5o9og0donogs4o@4ax.com>
Larry Rosler wrote:
>I thought so too, until I tested it. On both 5.005_03 and 5.6.0, the
>following program works fine (prints "1\n"):
>
>
>#!/usr/bin/perl -w
>use strict;
>
>'x' =~ /(.)/;
>print $1 =~ tr/x//, "\n";
>
>
>But if we change tr/x// to tr/x/x/, it doesn't compile.
Maybe it depends on the program. Last time I tested it, it didn't work.
It came up in the thread about counting identical characters in two
strings.
sub overlap {
return ("$_[0]" ^ "$_[1]") =~ tr/\0//;
}
print overlap "This is one", "This is two";
-->
Can't modify bitwise xor (^) in transliteration (tr///) at test.pl line
3, near "tr/\0//;"
Execution of test.pl aborted due to compilation errors.
See? And this on Perl 5.6.
--
Bart.
------------------------------
Date: 25 Jul 2000 11:51:25 GMT
From: decklin+usenet@red-bean.com (Decklin Foster)
Subject: Re: HELP: longSyntax ok, but: rHsh->{myKey} UNDEFINED??
Message-Id: <8ljuvp$4oo34$1@ID-10059.news.cis.dfn.de>
David Combs <dkcombs@netcom.com> writes:
> Question: IS there a way to "declare" hash keys so that
> you DO get a compile-time error for "literal" keys?
Not sure what you mean. strict will complain about using uninitialized
values, of course, but you may want to read this:
perldoc perlref
search for the first occurence of 'autovivification'.
I *think* that's what you're asking about. Not too sure, but it
couldn't hurt to read up on it.
--
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
------------------------------
Date: Tue, 25 Jul 2000 10:00:40 GMT
From: tim@degree.ath.cx (Tim Hammerquist)
Subject: Re: how do you ? question
Message-Id: <slrn8nqpr9.4p1.tim@degree.ath.cx>
On Tue, 25 Jul 2000 02:04:28 GMT, Chris <exit72@excite.com> wrote:
>How can I make my code rest for a few seconds.
Hmm.
>Please don't bother replying if your help is limited to suggestions of
>what perldoc I should read.
It's no bother, really!
perldoc -f sleep
and
perldoc -f select # the one that takes four arguments
See? No pesky special modules. Just right there, compiled right into
the base executable.
--
-Tim Hammerquist <timmy@cpan.org>
Emacs is a nice OS - but it lacks a good text editor.
That's why I am using Vim. --Anonymous
------------------------------
Date: Tue, 25 Jul 2000 09:46:23 GMT
From: tim@degree.ath.cx (Tim Hammerquist)
Subject: Re: latest site
Message-Id: <slrn8nqp0g.4p1.tim@degree.ath.cx>
On Mon, 24 Jul 2000 19:31:33 -0600, Robin Bank <rbank@csf.edu> wrote:
>My latest perl acomplishment.
>All the code for this site is in one 1200 line perl script...
And you're comfortable with that?
>Pretty cool if I do say so myself, even though the client is kinda a wack
>job. What's with the site? 112001ad.com - ah well, whatever the client
>wants...
Try working for a Quixtar company. ;)
>--
>Robin Bank
>rbank@csf.edu
>---
--
-Tim Hammerquist <timmy@cpan.org>
Emacs is a nice OS - but it lacks a good text editor.
That's why I am using Vim. --Anonymous
------------------------------
Date: Tue, 25 Jul 2000 11:01:12 GMT
From: tim@degree.ath.cx (Tim Hammerquist)
Subject: Re: Mail::Mailer for win9n
Message-Id: <slrn8nqtcp.4p1.tim@degree.ath.cx>
On Mon, 24 Jul 2000 11:32:37 -0400, Ying Hu <yhu@mail.nih.gov> wrote:
>Is there and/or where is Mail module for Win9n?
Jan Krynicky's Mail::Sender module is a good cross-platform mail module.
No compilation necessary, just copy the .pm file to the right lib
directory.
NOTE: Mail::Sender accesses SMTP server directly via perl sockets; chokes
on greetings from certain SMTP servers (qmail, I believe, is one).
HTH
--
-Tim Hammerquist <timmy@cpan.org>
Emacs is a nice OS - but it lacks a good text editor.
That's why I am using Vim. --Anonymous
------------------------------
Date: Tue, 25 Jul 2000 09:57:49 +0100
From: "Andy" <andy@andy(SPAM).co.uk>
Subject: Newbie needs advice about security
Message-Id: <397d5d12@news.jakinternet.co.uk>
Hey all,
I have just started out programming in perl, and I have written my first
little program. It's a random quote display program, which reads a text
file of quotes and displays one of them. I have it running on a test web
page, called via an SSI tag. (I was elated when it actually worked!!)
My concern is about security... the program is listed below, are there any
problems with security? I have enabled tainting, which I'm led to believe
is a good thing.
Here's the code:
#!/usr/local/bin/perl -wT
use CGI qw(:all);
$|=1;
$quote_file = "quotes.txt";
open (QUOTE_FILE, "$quote_file") || die "$!";
# I know file locking isn't strictly necessary for reading, but I did it as
an exercise
flock (QUOTE_FILE, 2);
@quotes = <QUOTE_FILE>;
close (QUOTE_FILE);
$quote = rand(@quotes);
print header;
print "$quotes[$quote]";
exit;
This code is working just fine, but aside from security concerns, the
"randomness" seems a little questionable. I seem to get the same quote
twice in a row a little too often. The quote file has 99 quotes in it, so
there are plenty to choose from.
Thanks for any advice you have to offer.
Andy.
------------------------------
Date: 25 Jul 2000 11:57:45 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: Newbie needs advice about security
Message-Id: <8ljvbp$ksr$10@slb3.atl.mindspring.net>
Andy (andy@andy(SPAM).co.uk) wrote:
: I have just started out programming in perl, and I have written my first
: little program. It's a random quote display program, which reads a text
: file of quotes and displays one of them. I have it running on a test web
: page, called via an SSI tag. (I was elated when it actually worked!!)
:
: My concern is about security... the program is listed below, are there any
: problems with security? I have enabled tainting, which I'm led to believe
: is a good thing.
In this case it actually isn't needed, since the program doesn't take any
input from the "outside world," but it certainly doesn't hurt.
: Here's the code:
:
: #!/usr/local/bin/perl -wT
Use strict and declare your variables.
:
: use CGI qw(:all);
: $|=1;
:
: $quote_file = "quotes.txt";
You should either specify an absolute path or chdir() to a known
directory first, because there's no guarantee what your working directory
will be when this code runs.
:
: open (QUOTE_FILE, "$quote_file") || die "$!";
Needless use of quotes here.
: # I know file locking isn't strictly necessary for reading, but I did it as
: an exercise
: flock (QUOTE_FILE, 2);
Use constants imported from Fcntl.pm rather than magic numbers.
: @quotes = <QUOTE_FILE>;
: close (QUOTE_FILE);
:
: $quote = rand(@quotes);
: print header;
: print "$quotes[$quote]";
No need for the quotes.
: exit;
No need for exit; it happens automatically.
: This code is working just fine, but aside from security concerns, the
: "randomness" seems a little questionable. I seem to get the same quote
: twice in a row a little too often. The quote file has 99 quotes in it, so
: there are plenty to choose from.
How often is "a little too often"? Most people's expectations of how
random processes should work don't match reality; in a real random
process, events *do* tend to "cluster" far more frequently than most
people expect.
------------------------------
Date: 25 Jul 2000 12:57:03 GMT
From: mjtg@cus.cam.ac.uk (M.J.T. Guy)
Subject: Re: OK, how do I put a variable in a regexp?
Message-Id: <8lk2qv$5vq$1@pegasus.csx.cam.ac.uk>
Johannes Pauli <pauli@physik.uni-erlangen.de> wrote:
>
>eval('$a =~ /^'.$i.':(.*)\t(.*)/');
Eeeek! There's no need for an eval() there. The circumstances where
eval STRING is necessary are very rare.
Other respondents have given the right way of doing it.
Mike Guy
------------------------------
Date: Tue, 25 Jul 2000 08:09:21 +0100
From: "Dave Johnson" <davejohnson@lansdownsoftware.co.uk>
Subject: password authorisation - running scripts
Message-Id: <8ljf34$mn6$1@gxsn.com>
I have what I suspect is a common situation to deal with - but I can't
figure it out.
I have a number of separately protected areas on a site (using htaccess).
I want to count hits on the pages and record the user.
The documentation indicates that for $ENV{'REMOTE_USER'} to come up with
anything, the script it's in must also be in a password-protected directory.
I can only run scripts in 'cgi-local' (my hosts cgi-bin equivalent for
users).
If I protect cgi-local:
1. A password will be needed to run ANY script
2. calling a normal page will cause a request for a password AND when the
page calls the script there will be a request for the cgi-local password.
Can anyone help please me here??
Dave
begin 666 Dave Johnson.vcf
M0D5'24XZ5D-!4D0-"E9%4E-)3TXZ,BXQ#0I..DIO:&YS;VX[1&%V90T*1DXZ
M1&%V92!*;VAN<V]N#0I.24-+3D%-13I$879E#0I/4D<Z3&%N<V1O=VX@4V]F
M='=A<F4-"E1%3#M73U)+.U9/24-%.BLT-" H,"D@,3(W,R T-S4W,30-"D%$
M4CM73U)+.CL[,C<@3&%N<V1O=VX@4&QA8V4[3&5W97,[4W5S<V5X.T).-R R
M2E4[1T(-"DQ!0D5,.U=/4DL[14Y#3T1)3D<]455/5$5$+5!224Y404),13HR
M-R!,86YS9&]W;B!0;&%C93TP1#TP04QE=V5S+"!3=7-S97@@0DXW(#)*53TP
M1#TP04="#0I%34%)3#M04D5&.TE.5$523D54.F1A=F5J;VAN<V]N0&QA;G-D
M;W=N<V]F='=A<F4N8V\N=6L-"E)%5CHR,# P,#<R-50P-S Y,C%:#0I%3D0Z
'5D-!4D0-"@``
`
end
------------------------------
Date: Tue, 25 Jul 2000 12:18:29 GMT
From: Perls <perls@my-deja.com>
Subject: Re: password authorisation - running scripts
Message-Id: <8lk0ii$f7k$1@nnrp1.deja.com>
Hello!
In article <8ljf34$mn6$1@gxsn.com>,
"Dave Johnson" <davejohnson@lansdownsoftware.co.uk> wrote:
> I have what I suspect is a common situation to deal with - but I can't
> figure it out.
> I have a number of separately protected areas on a site (using
htaccess).
> I want to count hits on the pages and record the user.
> The documentation indicates that for $ENV{'REMOTE_USER'} to come up
with
> anything, the script it's in must also be in a password-protected
directory.
> I can only run scripts in 'cgi-local' (my hosts cgi-bin equivalent for
> users).
> If I protect cgi-local:
> 1. A password will be needed to run ANY script
> 2. calling a normal page will cause a request for a password AND
when the
> page calls the script there will be a request for the cgi-local
password.
>
> Can anyone help please me here??
Simplest way is using of SSI.
Directory http://www.domain.com/members - is protected (.htaccess)
Need to include at (index.shtml or index.html - see faq of your
provider)
<!--#exec cgi="/cgi-local/count.cgi" -->
--
Best Regards,
Alex
http://www.perl-manual.com/
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 25 Jul 2000 09:02:23 GMT
From: vek@pharmnl.ohout.pharmapartners.nl (Villy Kruse)
Subject: Re: password unix with crypt
Message-Id: <slrn8nqlsu.v6q.vek@pharmnl.ohout.pharmapartners.nl>
On Mon, 24 Jul 2000 17:13:54 GMT, Bart Lateur <bart.lateur@skynet.be> wrote:
>Villy Kruse wrote:
>
>>It is actualy not strictly necessary to extract the first two
>>characters to get the salt. Specifying the password directly
>>as the salt paramter would do as well.
>
>Not necessarily.
>
>For example, on my "European" FreeBSD server (MD5 encryption, because of
>USA ban on export of "dangerous" technology),
>
> crypt("Hello, world!","aa")
>
>returns
>
> $1$aa$vCNvcZW/VEIq04KqtIeQn1
>
>
>See the extra garbage at the front.
>
Yes, that "garbage" is a signal to crypt to use MD5 if passed the entire
crypted password rather than the salt. Thus in a system like linux
youcan mix both traditional crypted passwords and MD5 passwords, and the
crypt function will choose the MD5 algorithm if the salt starts with
'$1$'.
Try:
crypt("Hello, world!", "$1$aa$vCNvcZW/VEIq04KqtIeQn1");
If that was not so, and maybe it is not so on your system, then you
don't realy have a portable way to extract the salt from the crypted
password string.
BTW, On my system, this example does not work in perl, but does work
in a compiled C program.
Villy
------------------------------
Date: Tue, 25 Jul 2000 14:32:05 +0200
From: "Dr. Peter Dintelmann" <Peter.Dintelmann@dresdner-bank.com>
Subject: Re: Perl as a win32 scheduled task
Message-Id: <8lk1ba$5g01@intranews.dresdnerbank.de>
Hi,
jdallega@my-deja.com schrieb in Nachricht <8lirnh$lvg$1@nnrp1.deja.com>...
>I am running perlwin32, I have scheduled (on the Windows task
>scheduler), one of my Perl programs to run every 5 minutes.
>
>Sometimes the program takes more than 5 minutes to execute and the
>scheduler starts the next call to the same program.
>
>How can I make sure that the first call is executed completely before
>the next one starts?
what I do in those situations is:
When my program starts I create a lock file (this is just an empty
file in $ENV{'TEMP'}) which I unlink when the program finishes.
To make sure that the file is really deleted I use something like
eval qq{ END { unlink '$tempdir/myprogram-lock'; } };
When the program starts I check for the existence of the file...
Best regards,
Peter Dintelmann
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 3794
**************************************
