[24011] in Perl-Users-Digest
Perl-Users Digest, Issue: 6209 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Mar 3 11:10:44 2004
Date: Wed, 3 Mar 2004 08:10:12 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 3 Mar 2004 Volume: 10 Number: 6209
Today's topics:
Perl & Sessions? <thomas.deschepper.ecol@sintjozefscollege.be>
Re: Perl & Sessions? <jwillmore@remove.adelphia.net>
Re: Perl & Sessions? (another one)
Re: Perl & Sessions? <vetro@online.no>
Re: Perl & Sessions? <jwillmore@remove.adelphia.net>
Problem open'ing a file to read utf16 (alex)
Re: Problem open'ing a file to read utf16 <usenet@morrow.me.uk>
Re: Regex comparison <bart.lateur@pandora.be>
Removing accents from spanish characters (Duke of Hazard)
Re: Removing accents from spanish characters (another one)
Re: Removing accents from spanish characters <noreply@gunnar.cc>
Re: Removing accents from spanish characters <jurgenex@hotmail.com>
Re: webservices <hillmw@charter.net>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 03 Mar 2004 14:42:19 +0100
From: Thomas Deschepper <thomas.deschepper.ecol@sintjozefscollege.be>
Subject: Perl & Sessions?
Message-Id: <pan.2004.03.03.13.42.18.850947@sintjozefscollege.be>
I would like to make a perl script that lets the user log in and checks if
the username and password are correct. After authentication, I want to
track that user. I understand that HTTP is "stateless", so I read
something about sessions and how to implent them (GET, cookies, hidden
fields).
But I don't really understand the whole process. After the user logs in,
do I have to produce a unique hash or something like that??
Can someone explain this to me? I've also read the docs about CGI::Session.
Thanks in advance,
mvg Thomas Deschepper
------------------------------
Date: Wed, 03 Mar 2004 09:04:34 -0500
From: James Willmore <jwillmore@remove.adelphia.net>
Subject: Re: Perl & Sessions?
Message-Id: <pan.2004.03.03.14.04.32.286070@remove.adelphia.net>
On Wed, 03 Mar 2004 14:42:19 +0100, Thomas Deschepper wrote:
> I would like to make a perl script that lets the user log in and checks if
> the username and password are correct. After authentication, I want to
> track that user. I understand that HTTP is "stateless", so I read
> something about sessions and how to implent them (GET, cookies, hidden
> fields).
>
> But I don't really understand the whole process. After the user logs in,
> do I have to produce a unique hash or something like that??
>
> Can someone explain this to me? I've also read the docs about CGI::Session.
Have a look at ...
http://www.stonehenge.com/merlyn/WebTechniques/col61.html
There are several ways to deal with sessions. However, I find the above
URL one of the better ways to do so. Basically, you want to make sure
that what the user has as credentials is the same thing the server sees as
valid credentials. One of the better ways to do this is using cookies.
That's what is explained in better detail in the above URL. It is,
however, not the only way to do it :-)
HTH
--
Jim
Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.
a fortune quote ...
"Whatever the missing mass of the universe is, I hope it's not
cockroaches!" -- Mom
------------------------------
Date: Wed, 03 Mar 2004 14:53:52 +0000
From: "Steve (another one)" <y66y@56yu4b6.com>
Subject: Re: Perl & Sessions?
Message-Id: <c24ri0$3ij$1@news.liv.ac.uk>
James Willmore wrote:
> On Wed, 03 Mar 2004 14:42:19 +0100, Thomas Deschepper wrote:
>
>
>>I would like to make a perl script that lets the user log in and checks if
>>the username and password are correct. After authentication, I want to
>>track that user. I understand that HTTP is "stateless", so I read
>>something about sessions and how to implent them (GET, cookies, hidden
>>fields).
>>
>>But I don't really understand the whole process. After the user logs in,
>>do I have to produce a unique hash or something like that??
>>
>>Can someone explain this to me? I've also read the docs about CGI::Session.
>
>
> Have a look at ...
> http://www.stonehenge.com/merlyn/WebTechniques/col61.html
>
> There are several ways to deal with sessions. However, I find the above
> URL one of the better ways to do so. Basically, you want to make sure
> that what the user has as credentials is the same thing the server sees as
> valid credentials. One of the better ways to do this is using cookies.
> That's what is explained in better detail in the above URL. It is,
> however, not the only way to do it :-)
>
> HTH
After a sucessful login I usually send a hard-to-guess string in a
hidden field and then use this to identify the user. The value is held
in a table with a date/time stamp that I update whenever I hear from the
user, or delete after a given period of non-use or a log-off. This
allows the user to do what they like while the identifier is valid -
including reject cookies and maintain multiple sessions. It seems
simpler than cookies and just as secure. Or am I missing something ?
Steve
------------------------------
Date: Wed, 03 Mar 2004 16:02:58 +0100
From: Vetle Roeim <vetro@online.no>
Subject: Re: Perl & Sessions?
Message-Id: <m3llmiug65.fsf@quimby.dirtyhack.org>
* y66y@56yu4b6.com
[...]
> After a sucessful login I usually send a hard-to-guess string in a
> hidden field and then use this to identify the user. The value is held
> in a table with a date/time stamp that I update whenever I hear from
> the user, or delete after a given period of non-use or a log-off. This
> allows the user to do what they like while the identifier is valid -
> including reject cookies and maintain multiple sessions. It seems
> simpler than cookies and just as secure. Or am I missing something ?
You have it in a hidden field? Are all requests to your system POST
requests, then?
With cookies you don't have to pass the value around everywhere, as
it's done for you.
--
#!/usr/bin/vr
------------------------------
Date: Wed, 03 Mar 2004 10:18:35 -0500
From: James Willmore <jwillmore@remove.adelphia.net>
Subject: Re: Perl & Sessions?
Message-Id: <pan.2004.03.03.15.18.33.629154@remove.adelphia.net>
On Wed, 03 Mar 2004 14:53:52 +0000, Steve (another one) wrote:
> James Willmore wrote:
>> On Wed, 03 Mar 2004 14:42:19 +0100, Thomas Deschepper wrote:
>>>I would like to make a perl script that lets the user log in and checks
>>>if the username and password are correct. After authentication, I want
>>>to track that user. I understand that HTTP is "stateless", so I read
>>>something about sessions and how to implent them (GET, cookies, hidden
>>>fields).
>>>
>>>But I don't really understand the whole process. After the user logs
>>>in, do I have to produce a unique hash or something like that??
>>>
>>>Can someone explain this to me? I've also read the docs about
>>>CGI::Session.
>>
>>
>> Have a look at ...
>> http://www.stonehenge.com/merlyn/WebTechniques/col61.html
>>
>> There are several ways to deal with sessions. However, I find the
>> above URL one of the better ways to do so. Basically, you want to make
>> sure that what the user has as credentials is the same thing the server
>> sees as valid credentials. One of the better ways to do this is using
>> cookies. That's what is explained in better detail in the above URL.
>> It is, however, not the only way to do it :-)
>>
>> HTH
> After a sucessful login I usually send a hard-to-guess string in a
> hidden field and then use this to identify the user. The value is held
> in a table with a date/time stamp that I update whenever I hear from the
> user, or delete after a given period of non-use or a log-off. This
> allows the user to do what they like while the identifier is valid -
> including reject cookies and maintain multiple sessions. It seems
> simpler than cookies and just as secure. Or am I missing something ?
Hidden fields are not *really* hidden and can be altered by the user.
This is why *most* who do CGI applications don't use hidden fields at all.
And, if you *read* the URL, you would see *why* the author does what he
does. Basically, one single cookie is used. This cookie contains an MD5
hash (which is, in theory, hard to recontruct). This session id is match
to a file on the server. You can place "stuff" in the file, but I don't
see it as required.
"Logging off" is a real mis-conception. The session between the browser
and the server is closed after information is sent to and fro - meaning,
there is no state like telnet or ftp. Because HTTP is stateless, there
really is no logging in or logging out per se. Which is why some
identifier between the browser and the server is created.
The bottom line with this whole thing is really rather simple - create an
identifer unique for the browser that can can be matched in some way on
the server. The identifier *must* be something the user *can not* alter
(at least, not easily). Hidden fields is *not* the way to do it.
You can go crazy and store all types of information in a database, but I
don't see the point unless you need security "bumped up a notch".
There are Perl modules that can handle sessions, but it's really up to the
programmer to figure out the requirements and needs of the application.
--
Jim
Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.
a fortune quote ...
Real Programs don't use shared text. Otherwise, how can they use
functions for scratch space after they are finished calling them?
------------------------------
Date: 3 Mar 2004 06:55:24 -0800
From: alex522@mailinator.com (alex)
Subject: Problem open'ing a file to read utf16
Message-Id: <90030f0e.0403030655.b07d916@posting.google.com>
I have a (little endian) UTF-16 unicode file which i want
to read. I use code looking like:
open(F, "<:encoding(utf16)", $file)
or die "can't open $file: $!\n";
while (<F>) {
print;
}
This works fine for the first few lines of the file,
before it throws an exception:
UTF-16:Unrecognised BOM 2400
What appears to be happening is that chunks of 1024 bytes
are being passed to Encode::Unicode::decode to break into
characters, and that on the second chunk there isn't (of
course!) a BOM and so it throws an exception.
The same also happens with
open(F, "<$file")
or die "can't open $file: $!\n";
binmode(F, ":encoding(utf16)");
So, what is the correct incantation of open'ing utf16 files?
TIA
------------------------------
Date: Wed, 3 Mar 2004 15:39:04 +0000 (UTC)
From: Ben Morrow <usenet@morrow.me.uk>
Subject: Re: Problem open'ing a file to read utf16
Message-Id: <c24u6o$jeo$1@wisteria.csv.warwick.ac.uk>
alex522@mailinator.com (alex) wrote:
> I have a (little endian) UTF-16 unicode file which i want
> to read. I use code looking like:
>
> open(F, "<:encoding(utf16)", $file)
> or die "can't open $file: $!\n";
> while (<F>) {
> print;
> }
>
> This works fine for the first few lines of the file,
> before it throws an exception:
>
> UTF-16:Unrecognised BOM 2400
>
> What appears to be happening is that chunks of 1024 bytes
> are being passed to Encode::Unicode::decode to break into
> characters, and that on the second chunk there isn't (of
> course!) a BOM and so it throws an exception.
Hmmmm.... try ':encoding(utf16le)': you'll have to strip the BOM
yourself.
Ben
--
Musica Dei donum optimi, trahit homines, trahit deos. |
Musica truces molit animos, tristesque mentes erigit. | ben@morrow.me.uk
Musica vel ipsas arbores et horridas movet feras. |
------------------------------
Date: Wed, 03 Mar 2004 15:16:43 GMT
From: Bart Lateur <bart.lateur@pandora.be>
Subject: Re: Regex comparison
Message-Id: <ritb40lqb83aje5o4dojbcpn6cbg3kuou1@4ax.com>
Ben Morrow wrote:
>I would start by writing a bit of XS to get at the compiled representation of
>the pattern.
Heh? Why that? I'd start by looking at YAPE::Regex (on CPAN) instead. A
demo for use of the module can be found in another module
YAPE::Regex::Explain.
--
Bart.
------------------------------
Date: 3 Mar 2004 07:12:14 -0800
From: faraz_hussain@yahoo.com (Duke of Hazard)
Subject: Removing accents from spanish characters
Message-Id: <d5052c5d.0403030712.5200ad79@posting.google.com>
If a user types in a spanish word with accents on some characters
(e.g. ~ on top of a), how can i remove just the accents and keep the
word?
Thanks,
Faraz
------------------------------
Date: Wed, 03 Mar 2004 15:21:19 +0000
From: "Steve (another one)" <y66y@56yu4b6.com>
Subject: Re: Removing accents from spanish characters
Message-Id: <c24t5g$3ul$1@news.liv.ac.uk>
Duke of Hazard wrote:
> If a user types in a spanish word with accents on some characters
> (e.g. ~ on top of a), how can i remove just the accents and keep the
> word?
>
> Thanks,
>
> Faraz
tipex
------------------------------
Date: Wed, 03 Mar 2004 16:43:26 +0100
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: Removing accents from spanish characters
Message-Id: <c24uau$1ot3vn$1@ID-184292.news.uni-berlin.de>
Duke of Hazard wrote:
> If a user types in a spanish word with accents on some characters
> (e.g. ~ on top of a), how can i remove just the accents and keep
> the word?
Why would you like to do that?
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Wed, 03 Mar 2004 15:59:34 GMT
From: "Jürgen Exner" <jurgenex@hotmail.com>
Subject: Re: Removing accents from spanish characters
Message-Id: <Ghn1c.37055$C65.15042@nwrddc01.gnilink.net>
Duke of Hazard wrote:
> If a user types in a spanish word with accents on some characters
> (e.g. ~ on top of a), how can i remove just the accents and keep the
> word?
That's a contradiction in terms. If you change a letter then you have a
different word or more likely no word.
Or do you believe "in" and "ln" are the same word? After all "l" and "i" are
the same character, just that the "l" does not have the funny dot on top?
jue
------------------------------
Date: Wed, 3 Mar 2004 09:17:37 -0600
From: "Michael Hill" <hillmw@charter.net>
Subject: Re: webservices
Message-Id: <104btnqj6rfd091@corp.supernews.com>
Greg,
Hmmmm, I'm not understanding how that works. LWP can pull data from other
web pages, parse it and then re-display it. Thinking .....
So, in terms of it being a web service I can create a LWP script that takes
input i.e. query sting and then display the results in a different manner.
So, if I had 3 separate web pages that take data from 3 different tables and
the result of each of these scripts were xml, then a LWP script could call
all 3 web pages, parse the data, and display a 4th page that uses data from
the other 3 in a unique format.
Is that what you are thinking?
Mike
"Gregory Toomey" <nospam@bigpond.com> wrote in message
news:4881562.lYQKc4rPMD@GMT-hosting-and-pickle-farming...
> Michael Hill wrote:
>
> > Does anyone know of a good example of a perl webservice?
>
> LWP::Simple; print
>
> gtoomey
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 6209
***************************************
