[17531] in Perl-Users-Digest
Perl-Users Digest, Issue: 4951 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Nov 22 14:10:38 2000
Date: Wed, 22 Nov 2000 11:10:19 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <974920219-v9-i4951@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Wed, 22 Nov 2000 Volume: 9 Number: 4951
Today's topics:
Proper use of $ENV{HTTP_REFERER} <webmaster@860.org>
Re: Proper use of $ENV{HTTP_REFERER} <webmaster@860.org>
Re: Proper use of $ENV{HTTP_REFERER} (Rafael Garcia-Suarez)
Re: Proper use of $ENV{HTTP_REFERER} <webmaster@860.org>
Re: Proper use of $ENV{HTTP_REFERER} (Randal L. Schwartz)
Re: Proper use of $ENV{HTTP_REFERER} <webmaster@860.org>
Re: Proper use of $ENV{HTTP_REFERER} nobull@mail.com
Re: Question: How to Return script name from within scr (Anno Siegel)
Re: Question: How to Return script name from within scr nobull@mail.com
Re: quick sorting question fhinchey@my-deja.com
Re: quick sorting question (Randal L. Schwartz)
Re: running a script as root <mischief@velma.motion.net>
Sort runtime 5.005 vs 5.004 <jimharrison3@home.com>
Re: sybperl CTlib character set <mpeppler@peppler.org>
Re: Tom Christiansons' 'style' <mischief@velma.motion.net>
Re: Tom Christiansons' 'style' (Randal L. Schwartz)
What is the difference in these??? webbgroup@my-deja.com
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 22 Nov 2000 11:44:51 -0500
From: "_Thomas" <webmaster@860.org>
Subject: Proper use of $ENV{HTTP_REFERER}
Message-Id: <TNSS5.53130$KI6.11656976@typhoon.snet.net>
Or however its spelled .. thats not the case ... its more of a "theory"
thing ...
If I have a script called as follows ...
<img src="/cgi-bin/image.pl" width=1 height=1 border=1>
on page .. index.html
And I'm checking $ENV{HTTP_REFERER}, recording it to a log .. for ovbious
reasons, it will record index.html as the referring page most often because
technically, thats the file that called the script. I want to know what
page the user was at BEFORE index.html, so I can tell where they clicked to
GET to index.html ..
Any ideas?
Thanks a bunch,
_Thomas
webmaster@860.org
------------------------------
Date: Wed, 22 Nov 2000 11:50:22 -0500
From: "_Thomas" <webmaster@860.org>
Subject: Re: Proper use of $ENV{HTTP_REFERER}
Message-Id: <WRSS5.53131$KI6.11657628@typhoon.snet.net>
Maybe it would be a good idea to sym-link index.html to /cgi-bin/index.pl
and record the http_referer stuff, then redirect to index-2.html or
something?
> Or however its spelled .. thats not the case ... its more of a "theory"
> thing ...
>
> If I have a script called as follows ...
>
> <img src="/cgi-bin/image.pl" width=1 height=1 border=1>
> on page .. index.html
>
> And I'm checking $ENV{HTTP_REFERER}, recording it to a log .. for ovbious
> reasons, it will record index.html as the referring page most often
because
> technically, thats the file that called the script. I want to know what
> page the user was at BEFORE index.html, so I can tell where they clicked
to
> GET to index.html ..
>
> Any ideas?
>
> Thanks a bunch,
>
> _Thomas
> webmaster@860.org
>
>
>
>
------------------------------
Date: Wed, 22 Nov 2000 16:59:04 GMT
From: rgarciasuarez@free.fr (Rafael Garcia-Suarez)
Subject: Re: Proper use of $ENV{HTTP_REFERER}
Message-Id: <slrn91nurt.ldb.rgarciasuarez@rafael.kazibao.net>
_Thomas wrote in comp.lang.perl.misc:
>
> If I have a script called as follows ...
>
> <img src="/cgi-bin/image.pl" width=1 height=1 border=1>
> on page .. index.html
>
> And I'm checking $ENV{HTTP_REFERER}, recording it to a log .. for ovbious
> reasons, it will record index.html as the referring page most often because
> technically, thats the file that called the script. I want to know what
> page the user was at BEFORE index.html, so I can tell where they clicked to
> GET to index.html ..
Then replace your index.html by an index.cgi (written in whatever
language you want) or an index.php if you have PHP enabled. But don't
forget : don't rely ever on HTTP_REFERER !! (it's easily spoofed,
removed by some proxies, browser-dependent, etc...)
Another solution : tell your web server to log the referers (if you can
do it).
--
# Rafael Garcia-Suarez / http://rgarciasuarez.free.fr/
------------------------------
Date: Wed, 22 Nov 2000 12:16:38 -0500
From: "_Thomas" <webmaster@860.org>
Subject: Re: Proper use of $ENV{HTTP_REFERER}
Message-Id: <yeTS5.53132$KI6.11659954@typhoon.snet.net>
I just realized thats great and all .. 'cept when I need to have multiple
sites tracked via the same script ..
IE:
www.me.com/cgi-bin/count.pl?site=mine
www.me.com/cgi-bin/count.pl?site=notmine
Which leads back to the chicken/egg thing ..
Ok, maybe not, but it looked like it fit. Anyway .. how do sites like
extreme-dm.com do it? It seems to work fairly well for them. Do they look
at the history of the calling browser and just jump back 2 sites? That
doesnt sound "right".
So all in all, I'm a confused one.. Too much ginko.
_Thomas
Rafael Garcia-Suarez <rgarciasuarez@free.fr> wrote in message
news:slrn91nurt.ldb.rgarciasuarez@rafael.kazibao.net...
> _Thomas wrote in comp.lang.perl.misc:
> >
> > If I have a script called as follows ...
> >
> > <img src="/cgi-bin/image.pl" width=1 height=1 border=1>
> > on page .. index.html
> >
> > And I'm checking $ENV{HTTP_REFERER}, recording it to a log .. for
ovbious
> > reasons, it will record index.html as the referring page most often
because
> > technically, thats the file that called the script. I want to know what
> > page the user was at BEFORE index.html, so I can tell where they clicked
to
> > GET to index.html ..
>
> Then replace your index.html by an index.cgi (written in whatever
> language you want) or an index.php if you have PHP enabled. But don't
> forget : don't rely ever on HTTP_REFERER !! (it's easily spoofed,
> removed by some proxies, browser-dependent, etc...)
>
> Another solution : tell your web server to log the referers (if you can
> do it).
>
> --
> # Rafael Garcia-Suarez / http://rgarciasuarez.free.fr/
------------------------------
Date: 22 Nov 2000 09:36:14 -0800
From: merlyn@stonehenge.com (Randal L. Schwartz)
Subject: Re: Proper use of $ENV{HTTP_REFERER}
Message-Id: <m1k89vzz75.fsf@halfdome.holdit.com>
>>>>> "Thomas" == Thomas <webmaster@860.org> writes:
Thomas> Ok, maybe not, but it looked like it fit. Anyway .. how do
Thomas> sites like extreme-dm.com do it? It seems to work fairly well
Thomas> for them. Do they look at the history of the calling browser
Thomas> and just jump back 2 sites? That doesnt sound "right".
Thomas> So all in all, I'm a confused one.. Too much ginko.
This question is not Perl specific at all, and would be better
answered in the CGI group, but having said that...
Do not count on "Referer:" at all. (How can you count on anything
that isn't even spelled properly? :) It's trivially faked,
sometimes wrong, and is even stripped by some security firewalls.
Log it, use it as a hint about how people are going through your
site, but DO NOT USE IT FOR AUTHENTICATION OR AUTHORIZATION.
Got it? Wrong tunnel. No cheese.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: Wed, 22 Nov 2000 13:18:32 -0500
From: "_Thomas" <webmaster@860.org>
Subject: Re: Proper use of $ENV{HTTP_REFERER}
Message-Id: <B8US5.53139$KI6.11666437@typhoon.snet.net>
>
> Do not count on "Referer:" at all. (How can you count on anything
> that isn't even spelled properly? :) It's trivially faked,
> sometimes wrong, and is even stripped by some security firewalls.
> Log it, use it as a hint about how people are going through your
> site, but DO NOT USE IT FOR AUTHENTICATION OR AUTHORIZATION.
Ok, 2 questions .. :)
First: What would the cgi newsgroup be? I did a quick search for cgi and
perl and didnt come up with much more than comp.lang.perl.misc
(First++): If I can trust http_referer, what should I use? Its nothing
important I'm just curious as to what to do and who's coming from where to
my page.
The renaming index.html -> index.cgi thing wouldnt really be a soltion as
I'd like to track multiple sites thru the cgi call from the <img ...> tag.
?
_Thomas
------------------------------
Date: 22 Nov 2000 18:08:08 +0000
From: nobull@mail.com
Subject: Re: Proper use of $ENV{HTTP_REFERER}
Message-Id: <u9g0kjribb.fsf@wcl-l.bham.ac.uk>
"_Thomas" <webmaster@860.org> writes:
> Ok, maybe not, but it looked like it fit. Anyway .. how do sites like
> extreme-dm.com do it?
Client side scripts.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: 22 Nov 2000 16:56:26 -0000
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Question: How to Return script name from within script.
Message-Id: <8vgtrq$41t$1@lublin.zrz.tu-berlin.de>
Darold Anderson <deandeson2@mmm.com> wrote in comp.lang.perl.misc:
>I am writing some scripts that have a sub in them that is generic across
>about a dozen or so other scripts. I want to generate some error messages
>from within the sub and would like to include the name of the script that
>generated the error so that I can see which one of the dozen actually
>created it.
>
>I know I can send it as an input parameter like this:
>/usr/local/bin/perl/example1.plx <P1> <P2> example1.plx
>
>but I would rather have it done within the module like this:
>sub foo {
> if (...) {
> ...;
> }else {
> $log = "generic error message generated from $filename";
> }
>}
>
>Where $filename returns the name of the script that is currently running
>(example1.plx).
See $0 in perlvar. If you need the full path name to the script,
use the FindBin module.
However, you may be better off using the Carp module. It tackles
the problem of reporting errors from the perspective of the sub
user instead of the implementor's.
Anno
------------------------------
Date: 22 Nov 2000 18:02:16 +0000
From: nobull@mail.com
Subject: Re: Question: How to Return script name from within script.
Message-Id: <u9n1erril3.fsf@wcl-l.bham.ac.uk>
"Darold Anderson" <deanderson2@mmm.com> writes:
> I am writing some scripts that have a sub in them that is generic across
> about a dozen or so other scripts. I want to generate some error messages
> from within the sub and would like to include the name of the script that
> generated the error so that I can see which one of the dozen actually
> created it.
perldoc -f caller
perldoc Carp
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
------------------------------
Date: Wed, 22 Nov 2000 17:53:16 GMT
From: fhinchey@my-deja.com
Subject: Re: quick sorting question
Message-Id: <8vh167$9t$1@nnrp1.deja.com>
In article <slrn91ni2b.m1u.tadmc@magna.metronet.com>,
tadmc@metronet.com (Tad McClellan) wrote:
> On Wed, 22 Nov 2000 05:26:18 GMT, fhinchey@my-deja.com
> <fhinchey@my-deja.com> wrote:
> >In article <8vfdgt$og9$1@nnrp1.deja.com>,
> > fhinchey@my-deja.com wrote:
> >> I have a text file with five tab seperated colums. The first three
> >> columns are numbers, one for year, one for day. The other two
contain
> >> text that doesn't need to be sorted. I would like to sort these
lines
> >> in ascending order beginning with the first column(year), then
second
> >> (month), then third(day).
>
> >Jeez are you stupid or what! Everyone knows you have to use a
> >Swarten...negger or something. :-)
>
> Your problem is due to greediness.
>
> /^Sch.*/ finds the body builder's name (married to a Kennedy,
> recognized by millions)
>
> you want non-greedy:
>
> /^Sch.*?/ finds the hacker's name (not married (though with
> some sort of tenuous connection to that Hemingway
> girl), recognized by (perhaps) thousands)
>
> >I actually did a quick study on this technique and came up with this
> >code for doing the sort - it works, but maybe there's a more elegant
> >solution out there.
>
> Most elegant would be to arrange for it to be a string-sorting
> problem so that you can use the default sort().
>
> If you zero-pad the first 3 fields so that they are always the
> same length, then you can simply sort() them with no custom
> sort sub/block needed.
>
> --
> Tad McClellan SGML consulting
> tadmc@metronet.com Perl programming
> Fort Worth, Texas
>
can you elaborate on that tenous connect to the Hemmingway girl. Which
one, the one still living or the other less fortunate?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 22 Nov 2000 10:13:21 -0800
From: merlyn@stonehenge.com (Randal L. Schwartz)
Subject: Re: quick sorting question
Message-Id: <m166lfzxha.fsf@halfdome.holdit.com>
>>>>> "fhinchey" == fhinchey <fhinchey@my-deja.com> writes:
fhinchey> can you elaborate on that tenous connect to the Hemmingway
fhinchey> girl. Which one, the one still living or the other less
fhinchey> fortunate?
You've not been to my web page, I see.
It's Mariel Hemingway's 39th birthday today. And mine too. We've
exchanged birthday cards for the past few years, and I really hope we
can get together on our collective 40th birthday (if she's willing to
admit she will have one :-).
print "Just another year older Perl hacker,"
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: Wed, 22 Nov 2000 18:07:16 -0000
From: Chris Stith <mischief@velma.motion.net>
Subject: Re: running a script as root
Message-Id: <t1o2qko5urhp52@corp.supernews.com>
Alex Hart <news@#nospam#althepal.com> wrote:
> Is it possible to allow anyone to run a particular script as root?
> Specifically, say I want to allow visitors to my website to create an
> account for themselves. If I have a perl script which can create an
> account, can I allow them to run this script as root without allowing
> them any other privleges?
I'd not have the script setuid, and I'd not have it create the account
either.
The safe workaround here is to write a program that stores the user
info for the new accounts to file, and to have another entirely
separate program that runs as root to read the file and add the
accounts. This way you can keep the users from running anything as
root. The second program can parse the file to make sure it's correct
and acceptable. This could be after it has been visually checked or by
a cron job, depending upon your paranoia level.
You could, depending upon your specifics, make the second script a
wrapper around useradd and require the password be stored in the
clear by the first or make the first crypt it then have the second
update the passwd file via a username check and an append.
As a completely different option, you could let the user your one
script runs as also run the useradd program. To achieve this, you
could make useradd executable by users of a particular group and
make it setuid. I'd recommend against this.
Chris
--
Christopher E. Stith - mischief@motion.net
"Carpe noctum."
------------------------------
Date: Wed, 22 Nov 2000 11:51:52 -0600
From: "Jim Harrison" <jimharrison3@home.com>
Subject: Sort runtime 5.005 vs 5.004
Message-Id: <8vh0sn$cjr$1@tilde.csc.ti.com>
Hi, I work for Texas Instruments. We have been using perl for many years.
We current are running production batch jobs where we sort large files with
Perl, by reading into an array, sorting the array and writing out array.
The code in question is:
########################################################
# Read stdin into array
@array = (<STDIN>);
# sort array using normal sort
# and print to stdout
print sort(@array);
##########################################################
We are sorting a file that is 162.5 MB with 638,278 records.
Running the above on Solaris 2.6 using perl 5.00404 it takes 56 SECONDS
to run.
Running the above on Solaris 2.6 using perl 5.00503 it takes 3360 SECONDS to
run.
Using /usr/proc/bin/pstack against the program when it is running I see:
- Perl 5.00404 module 'Perl_pp_sort' is calling 'qsort'
- Perl 5.00503 module 'Perl_pp_sort' is calling 'sortsv'
Now obviously 'qsortsv' isn't as good for our situation as 'qsort'. Is
there anyway to build 5.005 so that it calls the old qsort?
Regards,
Jim Harrison
------------------------------
Date: Wed, 22 Nov 2000 08:11:50 +0800
From: "Michael Peppler" <mpeppler@peppler.org>
Subject: Re: sybperl CTlib character set
Message-Id: <t1ns27gql9n949@corp.supernews.com>
In article <3A1BB44C.76B2FEE6@mssys.com>, "Wolfgang Hielscher"
<W.Hielscher@mssys.com> wrote:
> Ken Chesak wrote:
>> How do I make a character set selection using sybperl CTlib?
> I don't know, but..
>
>> Current connection string:
> Well, you're calling a function/method to establish a connection.
>
>
>> $::dbh = new Sybase::CTlib $::DBUSER, $::DBPWD, $::ltcSERVER, undef,
>> { CON_PROPS => { CS_HOSTNAME => 'beaver',
>> CS_SYB_CHARSET => 'iso_1' }};
>>
>> Error:
>>
>> Ambiguous use of CS_HOSTNAME => resolved to "CS_HOSTNAME" => at a.pl
> I think they got a little messed up with their use of "constants". So I
> think they wanted to use CON_PROPS literaly and it may be more clearly
> written as 'CON_PROPS'. But I think with CS_HOSTNAME or CS_SYB_CHARSET
> they try to reference constants which are implemented via
> subroutine-calls.
Correct.
However, in this case the code is expecting strings, so using
{ CON_PROPS => { 'CS_SYB_CHARSET' => 'iso_1' }}
you *should* get the correct results.
Michael
--
Michael Peppler - Data Migrations Inc. - mpeppler@peppler.org
http://www.mbay.net/~mpeppler - mpeppler@mbay.net - AIM MPpplr
International Sybase User Group - http://www.isug.com
Sybase on Linux mailing list: ase-linux-list@isug.com
------------------------------
Date: Wed, 22 Nov 2000 16:47:56 -0000
From: Chris Stith <mischief@velma.motion.net>
Subject: Re: Tom Christiansons' 'style'
Message-Id: <t1nu5sa9391lc1@corp.supernews.com>
David H. Adler <dha@panix2.panix.com> wrote:
> On Wed, 22 Nov 2000 03:11:54 GMT, Tim Hammerquist <tim@degree.ath.cx> wrote:
>>John Crowley <crowj@aol.com> wrote:
>>> You have 2 postings in this newsgroup in the past months and one of
>>> them refers to a Unix issue.
>>
>>I fail to see how the platform in question is relevant to Perl? This
It's not relevant to Perl. That's the point. The poster was pointing
out that one of your posts seemed to be off-topic in a Perl group
because it was a Unix-related question. I didn't do the Deja search
myself, so I can't concur. I can, however, read what the poster typed
without seeing something anti-Unix.
>>seemed vaguely derogatory toward Unix and I wondered if you have any
>>quarrels or relevancy issues with Unix - the birthplace of Perl?
Just because Unix was the birthplace of Perl doesn't mean any Unix
question is relevant to a Perl newsgroup. You don't ask questions
about Windows in a Photoshop group, do you?
> As I read it, what he was trying to say was that one of the posts
> referred to a unix issue that was not relevant to perl.
This is what I got out of it, too. I certainly wouldn't want to read
an essay about Harry Truman and in it see statistics about how many
cattle are shipped through the Kansas City stockyards. While it's
true that Truman was born and raised in Independence, Missouri which
is in the Kansas City metropolitan area, it is not true that current
stockyard statistics for Kansas City have anything to do with Truman
as a president or as a man.</strangeanalogy>
To my fellow Americans, happy Thanksgiving tomorrow. To everyone
else, have a wonderful day tomorrow regardless of its holiday
status.
Chris
--
Christopher E. Stith - mischief@motion.net - mischief@bornnaked.com ;)
"What the hell is a Kibo anyway?"
------------------------------
Date: 22 Nov 2000 09:32:35 -0800
From: merlyn@stonehenge.com (Randal L. Schwartz)
Subject: Re: Tom Christiansons' 'style'
Message-Id: <m1r943zzd8.fsf@halfdome.holdit.com>
>>>>> "Chris" == Chris Stith <mischief@velma.motion.net> writes:
Chris> Just because Unix was the birthplace of Perl doesn't mean any Unix
Chris> question is relevant to a Perl newsgroup. You don't ask questions
Chris> about Windows in a Photoshop group, do you?
To complete the analogy, that'd be "..._MacOS_ questions in a
Photoshop group...", wouldn't it? (Photoshop ran on Macs first, then
got ported to Windows later when it looked like PHBs were requiring
those poor artists to finally cope with Windows.)
How quickly we forget. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
------------------------------
Date: Wed, 22 Nov 2000 18:05:53 GMT
From: webbgroup@my-deja.com
Subject: What is the difference in these???
Message-Id: <8vh1tp$ve$1@nnrp1.deja.com>
Hey what is the difference in these two statements??
$a=system("echo hi");
-AND-
$a=`print "echo hi"`;
What does the system call do that the other doesn't??
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 4951
**************************************
