[19325] in Perl-Users-Digest

home help back first fref pref prev next nref lref last post

Perl-Users Digest, Issue: 1520 Volume: 10

daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Tue Aug 14 11:10:31 2001

Date: Tue, 14 Aug 2001 08:10:12 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <997801812-v10-i1520@ruby.oce.orst.edu>
Content-Type: text

Perl-Users Digest           Tue, 14 Aug 2001     Volume: 10 Number: 1520

Today's topics:
        regexp help please! (JB Lewis)
    Re: regexp help please! <bart.lateur@skynet.be>
    Re: shell error output grabbing (Tad McClellan)
    Re: Socket Question <bkennedy99@Home.com>
    Re: Stateful CGI - user auth <dan@nospam_dtbakerprojects.com>
    Re: Stateful CGI <Dave.Stafford@globis.net>
    Re: Uh Oh: URL Encode <flavell@mail.cern.ch>
    Re: Uh Oh: URL Encode <comdog@panix.com>
    Re: unwanted ARGV[0] passing to "<>;" as input (Christopher Dillon)
        use strict (was Re: How do I assing an entire array?) (Tad McClellan)
        Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)

----------------------------------------------------------------------

Date: 14 Aug 2001 06:19:51 -0700
From: jblewisoh@yahoo.com (JB Lewis)
Subject: regexp help please!
Message-Id: <9387eabc.0108140519.686d3dfe@posting.google.com>

From the Win32::EventLog module I can extract this typical {Strings}
value for an event.

domname\cwilliam COM6 06/01/2001 11:51am 06/01/2001 11:56am 5 6 21965
3826 16800 user request

Using s/^domname\\// I can easily trim off the domain name, but what I
want is the username, the COM port, the first date, the first time,
and then the two numbers after the second time (the elapsed minutes
and seconds)

/^(\w+)/ gets me the username.
/(\w{3}\d+)/ or /(COM\d+)/ gets me the COM Port.
/(\d+\/\d+\/\d+)/ gets me the date.
/(\d+:\d+(?:a|p)m)/ gets me the time.

Even though that is one continuous sequence, I haven't been able to
combine the regexps, as I thought I would.

Can the regexps be combined to collect each of the values with a
single regexp (not including the s/// I mentioned above)?
How would I go about getting the numbers after the second time entry??

Thanks for all your help!!!

just another PERL wannabe
jblewis


------------------------------

Date: Tue, 14 Aug 2001 13:46:19 GMT
From: Bart Lateur <bart.lateur@skynet.be>
Subject: Re: regexp help please!
Message-Id: <icaintc8edfq2g6n0rps3l8sg6tffl1ga8@4ax.com>

JB Lewis wrote:

>domname\cwilliam COM6 06/01/2001 11:51am 06/01/2001 11:56am 5 6 21965
>3826 16800 user request
>
>Using s/^domname\\// I can easily trim off the domain name, but what I
>want is the username, the COM port, the first date, the first time,
>and then the two numbers after the second time (the elapsed minutes
>and seconds)

>Can the regexps be combined to collect each of the values with a
>single regexp (not including the s/// I mentioned above)?
>How would I go about getting the numbers after the second time entry??

Yes.

	m%^domname\\	# dom name
	  (\S+)		# user name
	  \s+COM(\d+)	# com port
	  \s+(\d+/\d+/\d+)\s+(\d+:\d+[ap]m)	#first date and time
	  \s+\d+/\d+/\d+\s+\d+:\d+[ap]m	#second date and time
	  \s+(\d+)\s+(\d+)			#minutes and seconds
	# that's all we care about
	%x	# ignore (unescaped) whitespace and comments
# See what we've got?
  and print "$1, COM$2, on $3 at $4 for $5:$6\n";

-->
	cwilliam, COM6, on 06/01/2001 at 11:51am for 5:6

You can either use $1 and friends (but do check if the regex succeeds,
or they won't contain what you're after), or assign to a bunch of
scalars:

	if(my($user, $com, $date, $time, $min, $sec) = /$REGEX/) {
	     print "$user, COM$com, on $date at $time for $min:$sec\n";
	}

-- 
	Bart.


------------------------------

Date: Tue, 14 Aug 2001 09:36:30 -0400
From: tadmc@augustmail.com (Tad McClellan)
Subject: Re: shell error output grabbing
Message-Id: <slrn9niaau.9fb.tadmc@tadmc26.august.net>

Tassos Chatzithomaoglou <achatz@forthnet.gr> wrote:

>Just a very simple question:
        ^    ^      ^
        ^    ^      ^

It is not only a VSQ, it is also a FAQ.

In fact, when you find yourself saying that, you should think
that maybe it has been asked already and then try and find
the answers given.


>system "snmpwalk $router $community > $interfaces_file";

[snip]

>Timeout: No Response from router
>
>Is there a way i can grab this error output into a perl var?


Perl FAQ, part 8:

   "How can I capture STDERR from an external command?"


Please check the Perl FAQs *before* posting to the Perl newsgroup.


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: Tue, 14 Aug 2001 13:28:42 GMT
From: "Ben Kennedy" <bkennedy99@Home.com>
Subject: Re: Socket Question
Message-Id: <eI9e7.102814$EP6.26264476@news1.rdc2.pa.home.com>


"spurcell" <skpurcell@hotmail.com> wrote in message
news:3b78412b$0$141@wodc7nh6.news.uu.net...
> I have a piece of server software that talks sockets. I cannot use
> IO::Socket because of a mod_perl/apache bug. So I need to use the most
> simplest form I can in order to send the server a question, and get back a
> response.

Sure about that bug?  Perhaps its a IO::Socket scoping issue, you may be
able to get a fix if you post that code

> while (read HANDLE, $buf, 16384) {
>     print "$buf";
> }

Perhaps read is blocking on the large buffer size?  If you are using the
same protocol as the send, try reading just the message size (packed into 4
byte long, or two byte short if you can), then unpack that value and you
exactly what to read.  The only reason I say pack them is to fix the length
so you know what to read, you could also just pad the numbers with 0's.
Also, you may want to try sysread - I'm not exactly sure of the technical
differences, but read() uses the fread system call, which seems to be
designed for file handle pointers while sysread() uses read internally which
works on file descriptors, which may be what you want since you are working
with sockets.  Good luck!

--Ben Kennedy




------------------------------

Date: Tue, 14 Aug 2001 14:45:31 GMT
From: Dan Baker <dan@nospam_dtbakerprojects.com>
Subject: Re: Stateful CGI - user auth
Message-Id: <3B7939D7.29AC0F65@nospam_dtbakerprojects.com>



Sean Hamilton wrote:

> I was wondering what the best way of having a user authentication system is.
-------
the simplest *fairly* secure method is not perl at all, but to use the
webserver's auth system by adding a .htaccess file to the tree you are
trying to restrict. The problem is that not all webservers support the
 .htaccess scheme. Check with your host, if they run apache, you are
probably all set. The nice thing about .htaccess is that the auth dialog
only pops up once per session,and once they are in you can pretty much
count on ENV{'REMOTE_USER'}.  The bad thing is that the only way for
them to log out is to close their browser session.

There are tons of docs and tutorials on how to use .htaccess if you want
to look into that a little. There is a good article at
http://apachetoday.com/news_story.php3?ltsn=2000-07-19-002-01-NW-LF-SW

There are other *secure* schemes, (but cookies are NOT one of them!).
But they can get pretty involved. I wish I knew more about how some of
the big boys do it, and if it would be reasonable to implement for
smaller clients...

Dan


------------------------------

Date: Tue, 14 Aug 2001 13:53:41 GMT
From: "Dave Stafford" <Dave.Stafford@globis.net>
Subject: Re: Stateful CGI
Message-Id: <F3ae7.417442$XL1.6994407@nlnews00.chello.com>

> I was wondering what the best way of having a user authentication system
is.
> I was thinking one of the following:
>
> - Server keeps a list of session IDs, stating the client's IP address.
> Client supplies that ID with every request. Problem is that then if the
> client idles for a long time, the session times out, ...

IP addresses are not reliable by themselves. They can be faked, multiple
users can have the same address etc. Also if you are using a load-balancing
proxy to reach the internet your IP address as seen by the server may
change.

That said, I normally use the IP address as part of the solution.

> - Client sends login and password with every request. Has the advantage of
> having pages bookmarked, but if the system is accessed from a public
system,
> people can refer to the history, and bring up a session.

Definitely not, do not do this.

> - Cookies, etc, etc...

Cookies or session strings as a hidden form fields are best. If your
application is entirely cgi driven you could use session strings, otherwise
cookies are best. Process could be:

1. User logs in via basic authentication (or cgi form), preferably via a
secured session.
2. If the login is OK, create a session string based on the userid, a
timeout (eg. system time + 30 minutes) plus any other data e.g. user's IP
address.
3. Hash this string with a secret held on the server and add the result to a
cookie, so it has the following fields:

      Userid=123
      Username=Joe.Bloggs
      IP=173.32.1.1
      Time=54645655
      SessionID=df234ab4b77c7d7e7ff72 etc.

*not there is no expiry date set for the cookie, this means it is only held
in memory

4. Everytime the user connects you read the cookie, check the hash
(SessionID) is correct, if it is the data in cannot have been be tampered
with.

5. The timeout is important to limit replay attacks, so update the cookie
with the new timeout time.

If you want to tighten up the process you could also encrypt the data, i.e.
create a single session ID string from point 3 above, join them with ":" and
encrypt it with the same secret key you use for the hash check.

etc. etc.

Check the mod_Perl book as it has some good examples of this process.

Dave








------------------------------

Date: Tue, 14 Aug 2001 15:31:22 +0200
From: "Alan J. Flavell" <flavell@mail.cern.ch>
Subject: Re: Uh Oh: URL Encode
Message-Id: <Pine.LNX.4.30.0108141520400.32180-100000@lxplus023.cern.ch>

On Aug 14, Tassilo von Parseval twiddled the eigenstates thus:

> Take the following string:
> "?arg1=Q&A=A&Q&arg2=val"

It's broken.

> How should a module guess the grouping?

It mustn't guess.

> Sure, that is an unlikely example but it shows that the whole query
> string can't just be correctly escaped in one step.

No: what it shows is the wrong way of going about building a query
string.  Once you've built a mish-mash of incorrectly-handled query
strings, you are lost.

Your specimen is clearly intended to be a form submission using GET
(or a simulation of one) - (as opposed to an ISINDEX query, for
example).

But the procedure for constructing a form submission using GET is
clearly documented in the HTML specifications.  The individual
"successful controls" (to use the terminology of the HTML4 spec.) MUST
be encoded, before assembling them together separated by the '&'
character.

[note - encoding of form GET submissions is subtly different from mere
uri-encoding, but the one is entirely compatible with the other, in
the sense that the encoded form query a la HTML4.01 etc. is fully
acceptable as a uri-encoded URI a la RFC2396]



------------------------------

Date: Tue, 14 Aug 2001 10:58:51 -0400
From: brian d foy <comdog@panix.com>
Subject: Re: Uh Oh: URL Encode
Message-Id: <comdog-49C801.10585114082001@news.panix.com>

In article <vi2ints0sj956e03qletgcf9ptagdsgo40@4ax.com>, Bart Lateur 
<bart.lateur@skynet.be> wrote:

> brian d foy wrote:
> 
> >> It DOES NOT escape the most dangerous characters "=" and "&". It's a
> >> know bug, or feature, depending on what side you're on.

> >i think you want to say "it does not, by default, escape all
> >of the special characters that matter to the CGI".  after all, 
> >HTTP is only one scheme out of many. :)

> The problem is that it doesn't do what people expect it to do. They
> expect it to be safe if they do

well, people expect all sorts of things.  it doesn't mean that
what they expect is correct. ;)

-- 
brian d foy <comdog@panix.com>
CGI Meta FAQ - http://www.perl.org/CGI_MetaFAQ.html
Troubleshooting CGI scripts - http://www.perl.org/troubleshooting_CGI.html



------------------------------

Date: 14 Aug 2001 06:45:50 -0700
From: monkfunk@my-deja.com (Christopher Dillon)
Subject: Re: unwanted ARGV[0] passing to "<>;" as input
Message-Id: <af8f4877.0108140545.83f5ade@posting.google.com>

Thank you all.  Three great ideas/answers.

gnari <gnarinn@hotmail.com> wrote in message news:<997487898.244006633758545.gnarinn@hotmail.com>...
> In article <af8f4877.0108101038.3090de39@posting.google.com>,
> Christopher Dillon <monkfunk@my-deja.com> wrote:
> >if I do perl convert.pl tracks.txt it passes tracks.txt to the first
> ><>; which is supposed to prompt to create a new directory.
> >
> >----------------------------
> >#!/usr/bin/perl
> >
> >$track_list=$ARGV[0];
> >
> >print "Enter a new dir\n";
> >my $r = <>; chomp $r;
> 
> my $r = <STDIN>; chomp $r;
> 
> 
> 
> gnari


------------------------------

Date: Tue, 14 Aug 2001 09:27:41 -0400
From: tadmc@augustmail.com (Tad McClellan)
Subject: use strict (was Re: How do I assing an entire array?)
Message-Id: <slrn9ni9qd.9fb.tadmc@tadmc26.august.net>

Tassilo von Parseval <Tassilo.Parseval@post.rwth-aachen.de> wrote:

>I remember my first programms that I had written with the 
>strict-pragma...it was hell. In first instance I always received a few 
>hundred messages as for global symbols requiring explicit package names.


Oh yes, retrofitting strictures is a pain.

That's why you should always put it in from the git-go  :-)


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin) 
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>


Administrivia:

The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc.  For subscription or unsubscription requests, send
the single line:

	subscribe perl-users
or:
	unsubscribe perl-users

to almanac@ruby.oce.orst.edu.  

To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.

To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.

For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.


------------------------------
End of Perl-Users Digest V10 Issue 1520
***************************************


home help back first fref pref prev next nref lref last post