[23270] in Perl-Users-Digest
Perl-Users Digest, Issue: 5490 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu Sep 11 18:10:39 2003
Date: Thu, 11 Sep 2003 15:10:14 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Thu, 11 Sep 2003 Volume: 10 Number: 5490
Today's topics:
split() matching regular expression question - openwebm <ken@pacific.net>
Re: split() matching regular expression question - open <mpapec@yahoo.com>
Re: split() matching regular expression question - open <ak+usenet@freeshell.org>
Re: split() matching regular expression question - open <xx087@freenet.carleton.ca>
Re: split() matching regular expression question - open <bart-news@NOSPAMtvreclames.nl>
Re: split() matching regular expression question - open <ak+usenet@freeshell.org>
Re: split() matching regular expression question - open <bart-news@NOSPAMtvreclames.nl>
Re: split() matching regular expression question - open <ak+usenet@freeshell.org>
Wierd result from hash array <piercer@nospam_pacbell.net>
Re: Wierd result from hash array <piercer@nospam_pacbell.net>
Re: Wierd result from hash array <mpapec@yahoo.com>
XML/XSLT module usage in web apps <deeknow@pobox.com>
Re: <bwalton@rochester.rr.com>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 11 Sep 2003 12:21:53 -0700
From: Ken A <ken@pacific.net>
Subject: split() matching regular expression question - openwebmail bug...
Message-Id: <vm1iqi4pcfed5a@corp.supernews.com>
Openwebmail seems to have a bug in the way it stores and retrieves data,
especially passwords from a file called .pop3book.
In .pop3book there are stored entries for host,port,user,pass,etc.. They
are delimited by @@@.
Here's the line with the problem in openwebmail-main.pl:
my ($pop3host,$pop3port, $pop3user,$pop3passwd, $pop3del,
$enable)=split(/\@\@\@/,$_);
If the user's password ends in a '@' character, the split() causes the @
to be cut off the $pop3passwd and added to the $pop3del variable.
Any way to fix this with a better matching regular expression in the
call to split ?
Otherwise, it seems I have to rewrite every part of openwebmail that
uses the @@@ delimiter and change it to some more sensible (less likely
to conflict with passwords) delimiter. That also would mean changing all
.pop3book files on the server, which isn't a good thing either..
Thanks for any ideas,
Ken A.
------------------------------
Date: Thu, 11 Sep 2003 21:37:48 +0200
From: Matija Papec <mpapec@yahoo.com>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <3lj1mvocbugfplc8d1qvcpt8t8ebsltvh8@4ax.com>
X-Ftn-To: Ken A
Ken A <ken@pacific.net> wrote:
>my ($pop3host,$pop3port, $pop3user,$pop3passwd, $pop3del,
>$enable)=split(/\@\@\@/,$_);
>
>If the user's password ends in a '@' character, the split() causes the @
>to be cut off the $pop3passwd and added to the $pop3del variable.
>
>Any way to fix this with a better matching regular expression in the
>call to split ?
>
>Otherwise, it seems I have to rewrite every part of openwebmail that
>uses the @@@ delimiter and change it to some more sensible (less likely
>to conflict with passwords) delimiter. That also would mean changing all
>.pop3book files on the server, which isn't a good thing either..
>
>Thanks for any ideas,
You could reverse $_ but then you're vulnerable if some field begins with
'@' :)
--
Matija
------------------------------
Date: Thu, 11 Sep 2003 19:41:49 +0000 (UTC)
From: Andreas Kahari <ak+usenet@freeshell.org>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <slrnbm1jvs.1dm.ak+usenet@vinland.freeshell.org>
In article <vm1iqi4pcfed5a@corp.supernews.com>, Ken A wrote:
> Openwebmail seems to have a bug in the way it stores and retrieves data,
> especially passwords from a file called .pop3book.
>
> In .pop3book there are stored entries for host,port,user,pass,etc.. They
> are delimited by @@@.
>
> Here's the line with the problem in openwebmail-main.pl:
>
> my ($pop3host,$pop3port, $pop3user,$pop3passwd, $pop3del,
> $enable)=split(/\@\@\@/,$_);
>
> If the user's password ends in a '@' character, the split() causes the @
> to be cut off the $pop3passwd and added to the $pop3del variable.
[cut]
IMHO, the best way to fix this is to store the passwords
encrypted, just like the passwords in /etc/passwd on a Unix
system. Use a cipher that does not generate '@' characters.
If that's too involved, store them as strings consisting of the
3-digit ASCII codes, or something.
If that's too involved, change the regex to /@@@(?=[^@])/, but
this assumes that $pop3del won't ever start with '@'. Look for
"zero-width positive look-ahead assertion" in the perlre manual.
Cheers,
Andreas
--
Andreas Kähäri
------------------------------
Date: 11 Sep 2003 19:41:11 GMT
From: Glenn Jackman <xx087@freenet.carleton.ca>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <slrnbm1jve.osr.xx087@smeagol.ncf.ca>
Ken A <ken@pacific.net> wrote:
[...]
> Here's the line with the problem in openwebmail-main.pl:
>
> my ($pop3host,$pop3port, $pop3user,$pop3passwd, $pop3del,
> $enable)=split(/\@\@\@/,$_);
>
> If the user's password ends in a '@' character, the split() causes the @
> to be cut off the $pop3passwd and added to the $pop3del variable.
Change the RE to check that the character after the third @ is not an @:
$str = 'f1@@@f2@@@pass@@@@f4';
@fields = split /\@{3}(?!@)/, $str;
--
Glenn Jackman
NCF Sysadmin
glennj@ncf.ca
------------------------------
Date: Thu, 11 Sep 2003 22:23:10 +0200
From: "Bart van den Burg" <bart-news@NOSPAMtvreclames.nl>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <bjqm07$5ic$1@reader11.wxs.nl>
"Ken A" <ken@pacific.net> wrote in message
news:vm1iqi4pcfed5a@corp.supernews.com...
> Openwebmail seems to have a bug in the way it stores and retrieves data,
> especially passwords from a file called .pop3book.
>
> In .pop3book there are stored entries for host,port,user,pass,etc.. They
> are delimited by @@@.
>
> Here's the line with the problem in openwebmail-main.pl:
>
> my ($pop3host,$pop3port, $pop3user,$pop3passwd, $pop3del,
> $enable)=split(/\@\@\@/,$_);
>
> If the user's password ends in a '@' character, the split() causes the @
> to be cut off the $pop3passwd and added to the $pop3del variable.
>
> Any way to fix this with a better matching regular expression in the
> call to split ?
>
> Otherwise, it seems I have to rewrite every part of openwebmail that
> uses the @@@ delimiter and change it to some more sensible (less likely
> to conflict with passwords) delimiter. That also would mean changing all
> .pop3book files on the server, which isn't a good thing either..
>
> Thanks for any ideas,
> Ken A.
>
>
>
You could also use \t (tab) as a delimiter. I use it myself often, without
any problems.
Bart
------------------------------
Date: Thu, 11 Sep 2003 20:37:08 +0000 (UTC)
From: Andreas Kahari <ak+usenet@freeshell.org>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <slrnbm1n7j.ncd.ak+usenet@vinland.freeshell.org>
In article <bjqm07$5ic$1@reader11.wxs.nl>, Bart van den Burg wrote:
>
> "Ken A" <ken@pacific.net> wrote in message
> news:vm1iqi4pcfed5a@corp.supernews.com...
[cut]
>> If the user's password ends in a '@' character, the split() causes the @
>> to be cut off the $pop3passwd and added to the $pop3del variable.
>>
>> Any way to fix this with a better matching regular expression in the
>> call to split ?
[cut]
>
> You could also use \t (tab) as a delimiter. I use it myself often, without
> any problems.
What if I decide to use a tab at the end of my password?
(assuming it still makes a valid password) You've just replaced
the trouble character with another trouble character.
--
Andreas Kähäri
------------------------------
Date: Thu, 11 Sep 2003 22:43:27 +0200
From: "Bart van den Burg" <bart-news@NOSPAMtvreclames.nl>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <bjqmsu$6nd$1@reader11.wxs.nl>
"Andreas Kahari" <ak+usenet@freeshell.org> wrote in message
news:slrnbm1n7j.ncd.ak+usenet@vinland.freeshell.org...
> In article <bjqm07$5ic$1@reader11.wxs.nl>, Bart van den Burg wrote:
> >
> > "Ken A" <ken@pacific.net> wrote in message
> > news:vm1iqi4pcfed5a@corp.supernews.com...
> [cut]
> >> If the user's password ends in a '@' character, the split() causes the
@
> >> to be cut off the $pop3passwd and added to the $pop3del variable.
> >>
> >> Any way to fix this with a better matching regular expression in the
> >> call to split ?
> [cut]
> >
> > You could also use \t (tab) as a delimiter. I use it myself often,
without
> > any problems.
>
> What if I decide to use a tab at the end of my password?
> (assuming it still makes a valid password) You've just replaced
> the trouble character with another trouble character.
Because that's hard to do if it's in a web environment, cause if you press
[tab], you'll go to the next input box. Ok, you could go and copy/paste one,
but would you really wanna do that everytime you wanna login there?
Bart
------------------------------
Date: Thu, 11 Sep 2003 21:16:24 +0000 (UTC)
From: Andreas Kahari <ak+usenet@freeshell.org>
Subject: Re: split() matching regular expression question - openwebmail bug...
Message-Id: <slrnbm1ph7.u4.ak+usenet@norge.freeshell.org>
In article <bjqmsu$6nd$1@reader11.wxs.nl>, Bart van den Burg wrote:
>
> "Andreas Kahari" <ak+usenet@freeshell.org> wrote in message
> news:slrnbm1n7j.ncd.ak+usenet@vinland.freeshell.org...
>> In article <bjqm07$5ic$1@reader11.wxs.nl>, Bart van den Burg wrote:
>> >
>> > "Ken A" <ken@pacific.net> wrote in message
>> > news:vm1iqi4pcfed5a@corp.supernews.com...
>> [cut]
>> >> If the user's password ends in a '@' character, the split() causes the
[cut]
>> >> Any way to fix this with a better matching regular expression in the
>> >> call to split ?
[cut]
>> > You could also use \t (tab) as a delimiter. I use it myself often,
> without
>> > any problems.
>>
>> What if I decide to use a tab at the end of my password?
>> (assuming it still makes a valid password) You've just replaced
>> the trouble character with another trouble character.
>
> Because that's hard to do if it's in a web environment, cause if you press
> [tab], you'll go to the next input box. Ok, you could go and copy/paste one,
> but would you really wanna do that everytime you wanna login there?
Point taken, kinda'. Are you sure it's not as simple as typing
<shift><tab> or something similar in one browser or another?
My point is that you should try to come up with a solid solution
to the problem, not a quick workaround that might prove to be
just as faulty as the original solution. Especially since this
involves passwords giving access to personal information.
In this particular case, I would opt for an encoding of the
passwords that ensures that no character or substring in the
encoded password collides with a record separator. Encryption
would be even better.
--
Andreas Kähäri
------------------------------
Date: Thu, 11 Sep 2003 20:18:49 GMT
From: Pacman <piercer@nospam_pacbell.net>
Subject: Wierd result from hash array
Message-Id: <110920031318586753%piercer@nospam_pacbell.net>
I'm getting 'used' to hash arrays and am writing a perl script to
backup my harddrive automatically. I couldn't figure out how to get
the following code to work, so I must be making a mistake I can't see.
Here's my expected result:
foreaching on key one
result: red/green
instead I get the following:
foreaching on key one
two:three
foreaching on key HASH(0x804c014)
:
#!/usr/bin/perl
$BLAH = "one:red:green";
%NADA = {};
($b1,@b2) = split(/:/,$BLAH);
$NADA{$b1} = [@b2];
foreach $k(keys %NADA) {
print "foreaching on key $k\n";
@x = @{$NADA{$k}};
print "result: $x[0]/$x[1]\n";
}
Any help would be great...remove the nospam_ from the email address...
D-
------------------------------
Date: Thu, 11 Sep 2003 20:38:08 GMT
From: Pacman <piercer@nospam_pacbell.net>
Subject: Re: Wierd result from hash array
Message-Id: <110920031338188789%piercer@nospam_pacbell.net>
Made a slight mistake...the actual result I get is:
foreaching on key one
result: red/green
foreaching on key HASH(0x804c014)
:
In article <110920031318586753%piercer@nospam_pacbell.net>, Pacman
<piercer@nospam_pacbell.net> wrote:
> I'm getting 'used' to hash arrays and am writing a perl script to
> backup my harddrive automatically. I couldn't figure out how to get
> the following code to work, so I must be making a mistake I can't see.
>
> Here's my expected result:
>
> foreaching on key one
> result: red/green
>
> instead I get the following:
>
> foreaching on key one
> two:three
> foreaching on key HASH(0x804c014)
> :
>
> #!/usr/bin/perl
>
> $BLAH = "one:red:green";
>
> %NADA = {};
> ($b1,@b2) = split(/:/,$BLAH);
> $NADA{$b1} = [@b2];
>
> foreach $k(keys %NADA) {
> print "foreaching on key $k\n";
> @x = @{$NADA{$k}};
> print "result: $x[0]/$x[1]\n";
> }
>
> Any help would be great...remove the nospam_ from the email address...
>
> D-
--
#############
Imagination is more important than knowledge - A. Einstein
------------------------------
Date: Thu, 11 Sep 2003 22:43:48 +0200
From: Matija Papec <mpapec@yahoo.com>
Subject: Re: Wierd result from hash array
Message-Id: <bfn1mvkghvkgg2tbt4b3h3mvkhm8kf2osc@4ax.com>
X-Ftn-To: Pacman
Pacman <piercer@nospam_pacbell.net> wrote:
>backup my harddrive automatically. I couldn't figure out how to get
>the following code to work, so I must be making a mistake I can't see.
>
>Here's my expected result:
>
>foreaching on key one
>result: red/green
>
>instead I get the following:
>
>foreaching on key one
>two:three
>foreaching on key HASH(0x804c014)
use diagnostics;
could tell you lot of useful things.
--
Matija
------------------------------
Date: Fri, 12 Sep 2003 09:51:18 +1200
From: "DeeKnow" <deeknow@pobox.com>
Subject: XML/XSLT module usage in web apps
Message-Id: <1063317078.788344@clint.its.waikato.ac.nz>
Hi folks,
I'm working on a team developing a Perl based web interface to a corporate
back-end that is exposed through a 'web-services-like' interface, ie we send
the back-end an XML formatted request (method name/paramaters etc)
and it produces an XML payload.
We're considering parsing the payload response into an XML/DOM tree,
inspecting it and modifying it (an element here, an attribute there) and
finally
pushing the result through an XSLT transform to produce the final web
output.
We have a prototype up and running using XML::LibXML and
XML::LibXSLT and had previously prototyped it using XML::DOM and
XML::Sablotron. Although we havent properly compared them yet it seems
(from notes/posts) that the XML::LibXSLT/libxslt approach may perform
better than the XML::Sabloton/Expat pairing.
Does anyone see any issues we might have with this handling of application
data entirtely in an XML tree from back-end to final rendering, rather than
application specific variable/data structures. This is a corporate
application
that will ultimately have many (~dozens-to-hundreds) concurrent users.
Would love to hear others experiences, and use of alternatives (AxKit,
other Libraries/platforms etc.)
--
cheers,
Dean Stringer
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
deeknow at pobox dot com http://www.deeknow.com/
------------------------------
Date: Sat, 19 Jul 2003 01:59:56 GMT
From: Bob Walton <bwalton@rochester.rr.com>
Subject: Re:
Message-Id: <3F18A600.3040306@rochester.rr.com>
Ron wrote:
> Tried this code get a server 500 error.
>
> Anyone know what's wrong with it?
>
> if $DayName eq "Select a Day" or $RouteName eq "Select A Route") {
(---^
> dienice("Please use the back button on your browser to fill out the Day
> & Route fields.");
> }
...
> Ron
...
--
Bob Walton
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 5490
***************************************
