[24904] in Perl-Users-Digest
Perl-Users Digest, Issue: 7154 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Sep 17 21:06:48 2004
Date: Fri, 17 Sep 2004 18:05:12 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Fri, 17 Sep 2004 Volume: 10 Number: 7154
Today's topics:
Re: $| (undocumented) magic? (krakle)
Re: $| (undocumented) magic? <pinyaj@rpi.edu>
Re: anonymous hash notation question <abigail@abigail.nl>
Re: anonymous hash notation question (wana)
Re: anonymous hash notation question <noreply@gunnar.cc>
apache mod perl dbi mysql : Premature end of script hea (wana)
CPAN - not working $_@_.%_
Re: CPAN - not working <spamtrap@dot-app.org>
Re: CPAN - not working $_@_.%_
Re: cron manipulation using perl <noreply@gunnar.cc>
Re: cron manipulation using perl <wolf@code-wizards.com>
Re: cron manipulation using perl (siddhartha mulpuru)
Re: cron manipulation using perl <noreply@gunnar.cc>
Re: Delete text after a known position in a text file (Jay Tilton)
Re: Delete text after a known position in a text file <jurgenex@hotmail.com>
Re: Delete text after a known position in a text file <jurgenex@hotmail.com>
Re: Need more efficient use of the substitution operato <miknrene@drizzle.com>
Re: Need more efficient use of the substitution operato <noreply@gunnar.cc>
Re: Need more efficient use of the substitution operato <miknrene@drizzle.com>
Re: Need more efficient use of the substitution operato <abigail@abigail.nl>
problem fetching *only one* value. (Nitin)
Re: problem fetching *only one* value. <jgibson@mail.arc.nasa.gov>
Re: Protecting passwords in Perl scripts? (Malcolm Dew-Jones)
Re: Protecting passwords in Perl scripts? <emschwar@pobox.com>
Re: Protecting passwords in Perl scripts? (David Filmer)
Re: Rounding error in program <abigail@abigail.nl>
VBA to Perl macro conversion <matthew.garrish@sympatico.ca>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 17 Sep 2004 15:40:31 -0700
From: krakle@visto.com (krakle)
Subject: Re: $| (undocumented) magic?
Message-Id: <237aaff8.0409171440.5b293bdf@posting.google.com>
Michele Dondi <bik.mido@tiscalinet.it> wrote in message news:<60olk0d79evnjqgkb8rcegha97bvfv09iv@4ax.com>...
> On 16 Sep 2004 21:48:53 -0700, krakle@visto.com (krakle) wrote:
>
> >> It seems you don't waste your time with JAPHs, because you only spend
> >> your efforts in "productive code"
> >
> >My point: Programs can be written in 4 lines of code. The rest of your
> >post was ignored.
>
> Thank you so much for having informed us all that
> "programs can be written in 4 lines of code". I can't imagine where we
> could be without your contribution!
Michele, Not sure why you are taking offense to any of my replies.. It
was in response to T. Ogawas "we can't write _any_ valid program in
four lines". Ofcourse you can... So hostile in here...
------------------------------
Date: Fri, 17 Sep 2004 20:18:22 -0400
From: Jeff 'japhy' Pinyan <pinyaj@rpi.edu>
Subject: Re: $| (undocumented) magic?
Message-Id: <Pine.SGI.3.96.1040917201725.66659A-100000@vcmr-64.server.rpi.edu>
On 17 Sep 2004, krakle wrote:
>Michele Dondi <bik.mido@tiscalinet.it> wrote in message news:<60olk0d79evnjqgkb8rcegha97bvfv09iv@4ax.com>...
>> On 16 Sep 2004 21:48:53 -0700, krakle@visto.com (krakle) wrote:
>>
>> >> It seems you don't waste your time with JAPHs, because you only spend
>> >> your efforts in "productive code"
>> >
>> >My point: Programs can be written in 4 lines of code. The rest of your
>> >post was ignored.
>>
>> Thank you so much for having informed us all that
>> "programs can be written in 4 lines of code". I can't imagine where we
>> could be without your contribution!
>
>Michele, Not sure why you are taking offense to any of my replies.. It
>was in response to T. Ogawas "we can't write _any_ valid program in
>four lines". Ofcourse you can... So hostile in here...
I think Ogawas meant "any" as "every", that is: "we can't write _every_
valid program".
--
Jeff "japhy" Pinyan % How can we ever be the sold short or
RPI Acacia Brother #734 % the cheated, we who for every service
Senior Dean, Fall 2004 % have long ago been overpaid?
RPI Corporation Secretary %
http://japhy.perlmonk.org/ % -- Meister Eckhart
------------------------------
Date: 17 Sep 2004 22:02:30 GMT
From: Abigail <abigail@abigail.nl>
Subject: Re: anonymous hash notation question
Message-Id: <slrnckmnnm.qm8.abigail@alexandra.abigail.nl>
wana (ioneabu@yahoo.com) wrote on MMMMXXXV September MCMXCIII in
<URL:news:bf0b47ca.0409170842.6f195504@posting.google.com>:
&& what is the difference between:
&&
&& {a=>b, c=>d}
&&
&& and
&&
&& {-a=>b, -c=>d}
&&
&& ?
&&
&& Specifically, what is the significance of the dash?
Do you understand the difference between:
{a => b, c => d}
and
{qa => b, qc => d}
?
Do you understand the significance of the q?
Abigail
--
perl -le 's[$,][join$,,(split$,,($!=85))[(q[0006143730380126152532042307].
q[41342211132019313505])=~m[..]g]]e and y[yIbp][HJkP] and print'
------------------------------
Date: 17 Sep 2004 17:39:48 -0700
From: ioneabu@yahoo.com (wana)
Subject: Re: anonymous hash notation question
Message-Id: <bf0b47ca.0409171639.2ad59a90@posting.google.com>
Gunnar Hjalmarsson <noreply@gunnar.cc> wrote in message news:<2r0jbvF14lkjjU1@uni-berlin.de>...
> wana wrote:
> > what is the difference between:
> >
> > {a=>b, c=>d}
> >
> > and
> >
> > {-a=>b, -c=>d}
> >
> > ?
>
> None of them compiles if you have strictures enabled (which you really
> should have!).
>
> Why are you asking?
>
> > Specifically, what is the significance of the dash?
>
> Now I understand even less why you are asking. Isn't it obvious how
> the string 'a' differs from the string '-a'?
Oh, that's what it is? I was wondering about it because in some
classes, the examples show their properties being set with hashes with
keys that begin with a dash as shown above. I thought it might be an
operator that only acts as an operator in that particular situation or
something like that. It didn't occur to me that it was just a
different way to write a variable name. Sorry. You have to admit
that the language sets people up for a little confusion the way that
the same symbol has different meanings in different contexts. For
example, the '?' in regular expressions.
------------------------------
Date: Sat, 18 Sep 2004 02:57:28 +0200
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: anonymous hash notation question
Message-Id: <2r1fkoF1584beU1@uni-berlin.de>
wana wrote:
> Gunnar Hjalmarsson wrote:
>> Isn't it obvious how the string 'a' differs from the string '-a'?
>
> Oh, that's what it is? I was wondering about it because in some
> classes, the examples show their properties being set with hashes
> with keys that begin with a dash as shown above. I thought it
> might be an operator that only acts as an operator in that
> particular situation or something like that. It didn't occur to me
> that it was just a different way to write a variable name.
I thought they were keys in a couple of anonymous hashes, not variable
names...
> Sorry. You have to admit that the language sets people up for a
> little confusion the way that the same symbol has different
> meanings in different contexts. For example, the '?' in regular
> expressions.
Yeah, there is a lot to learn. :) http://learn.perl.org/
Btw, "context", as you mentioned, has a special significance in Perl,
so that's one of the first things you should get an understanding of
if you want to learn Perl.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: 17 Sep 2004 14:52:45 -0700
From: ioneabu@yahoo.com (wana)
Subject: apache mod perl dbi mysql : Premature end of script headers:
Message-Id: <bf0b47ca.0409171352.43453d36@posting.google.com>
I am posting this through groups.google.com in case anyone has the
same problem I had and, like me, searches like crazy all over the web
in vain.
I am working through the early examples in "MySQL and Perl for the
Web."
The sample script 'intro7.pl' runs fine from the command line but
gives me the error Premature end of script headers: in my browser. I
try all advice to no avail. I try chmod 755 intro7.pl, etc...
Then I find the great advice to check my server error log, which in my
case is located at:
/var/log/apache2/error_log (I found this location through my
httpd.conf)
where I see: Can't connect to local MySQL server through socket
'/var/lib/mysql/mysql.sock'
Luckily, this is a frustrating problem I have dealt with. My rpm
installed version of MySQL insists on using this location for the
socket file. I thought I had fixed this, but apparently not in the
case when DBI tries to access it for some reason.
The final fix:
change the first string in DBI->connect from
"DBI:mysql:host=localhost;...
to
"DBI:mysql:host=127.0.0.1:/tmp/mysql.sock;...
Turns out, like in PHP, the DBI module allows us to specify the mysql
socket to use.
I am sorry if this is the wrong forum for this, I just lost 2-3 hours
of my life trying to figure this one out if this posting had existed,
I might have saved a little time.
------------------------------
Date: Fri, 17 Sep 2004 19:01:54 GMT
From: $_@_.%_
Subject: CPAN - not working
Message-Id: <CwG2d.42$Ec4.5@trndny04>
CPAN / Scripts Repository has not been working for over a week now.
Where is another place on the web to post free Perl script/programs?
------------------------------
Date: Fri, 17 Sep 2004 15:16:03 -0400
From: Sherm Pendley <spamtrap@dot-app.org>
Subject: Re: CPAN - not working
Message-Id: <O5SdnZ5xSs5pqtbcRVn-vw@adelphia.com>
$_@_.%_ wrote:
> CPAN / Scripts Repository has not been working for over a week now.
Try a different mirror - that can't *all* be down.
sherm--
--
Cocoa programming in Perl: http://camelbones.sourceforge.net
Hire me! My resume: http://www.dot-app.org
------------------------------
Date: Fri, 17 Sep 2004 19:22:00 GMT
From: $_@_.%_
Subject: Re: CPAN - not working
Message-Id: <sPG2d.94$Ec4.39@trndny04>
Sherm Pendley <spamtrap@dot-app.org> wrote in message-id:
<O5SdnZ5xSs5pqtbcRVn-vw@adelphia.com>
>
>$_@_.%_ wrote:
>
>> CPAN / Scripts Repository has not been working for over a week now.
>
>Try a different mirror - that can't *all* be down.
>
>sherm--
>
>--
>Cocoa programming in Perl: http://camelbones.sourceforge.net
>Hire me! My resume: http://www.dot-app.org
More specifically PAUSE is not updating the HTML portion of the site,
nor are newly uploaded scripts being moved from the PAUSE directory to
the CPAN directory. It's been down since last thursday.
------------------------------
Date: Fri, 17 Sep 2004 20:26:11 +0200
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: cron manipulation using perl
Message-Id: <2r0ojtF14a6s8U1@uni-berlin.de>
siddhartha mulpuru wrote:
> I am trying to develop a webpage with login,password and Unix box name
> as input fields which will post to a perl script that would do the
> following in CRON:
> - Allow you to access and LOGIN to specific UNIX boxes
> - Display the entries
> - Allow Editing of an entry
> - Allow searching for a specific entry
<snip>
> I need to know ideas on how i can go about implementing this. Any
> sample code or just some ideas how this can be done ?
Webpage means CGI, I suppose. Are you talking about letting users edit
root files that way? Then you would need a setuid script, with
significant security implications.
To be honest, the fact that you need to ask for advice in the way you
just did indicates that you are not experienced enough to make such a
script available to 'the world'.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Fri, 17 Sep 2004 20:48:02 +0200
From: Wolfgang Hommel <wolf@code-wizards.com>
Subject: Re: cron manipulation using perl
Message-Id: <cifbh2$clh$05$1@news.t-online.com>
Hello,
> - The returned page for each entry must display the page in "laymen's"
> english, not cryptically as found in CRON
You might want to have a look at
http://freshmeat.net/projects/cromagnon/
It probably does what you want, except for being a web interface. :-)
Regards,
Wolfgang
------------------------------
Date: 17 Sep 2004 17:03:58 -0700
From: justkule@yahoo.com (siddhartha mulpuru)
Subject: Re: cron manipulation using perl
Message-Id: <78e9cb22.0409171528.46184265@posting.google.com>
Well i have done perl scirpting with basic perl-cgi scripts . This is
something i never really tried .. so i would like to know how i can go
about getting this done even if it means a lot of learning.. And if it
is not possible to do it then i should know what are the reasons so i
can convince people who want me to do this ...
Thanks
Sid
Gunnar Hjalmarsson <noreply@gunnar.cc> wrote in message news:<2r0ojtF14a6s8U1@uni-berlin.de>...
> siddhartha mulpuru wrote:
> > I am trying to develop a webpage with login,password and Unix box name
> > as input fields which will post to a perl script that would do the
> > following in CRON:
> > - Allow you to access and LOGIN to specific UNIX boxes
> > - Display the entries
> > - Allow Editing of an entry
> > - Allow searching for a specific entry
>
> <snip>
>
> > I need to know ideas on how i can go about implementing this. Any
> > sample code or just some ideas how this can be done ?
>
> Webpage means CGI, I suppose. Are you talking about letting users edit
> root files that way? Then you would need a setuid script, with
> significant security implications.
>
> To be honest, the fact that you need to ask for advice in the way you
> just did indicates that you are not experienced enough to make such a
> script available to 'the world'.
------------------------------
Date: Sat, 18 Sep 2004 02:41:32 +0200
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: cron manipulation using perl
Message-Id: <2r1emhF15dbaeU1@uni-berlin.de>
siddhartha mulpuru wrote:
> Gunnar Hjalmarsson wrote:
>> siddhartha mulpuru wrote:
>>> I need to know ideas on how i can go about implementing this.
>>> Any sample code or just some ideas how this can be done ?
>>
>> Webpage means CGI, I suppose. Are you talking about letting users
>> edit root files that way? Then you would need a setuid script,
>> with significant security implications.
>>
>> To be honest, the fact that you need to ask for advice in the way
>> you just did indicates that you are not experienced enough to
>> make such a script available to 'the world'.
>
> Well i have done perl scirpting with basic perl-cgi scripts . This
> is something i never really tried .. so i would like to know how i
> can go about getting this done even if it means a lot of learning..
Well, then you'd better start studying Unix/Perl/CGI and go for it, I
suppose. ;-)
But I think you should check out whether there is a suitable web
interface to cron already written. I'm using Usermin
(http://www.webmin.com/index6.html), which includes a module for users
to schedule cron jobs. Wolfgang gave you another tip.
> And if it is not possible to do it
Of course it is *possible*.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Sat, 18 Sep 2004 00:09:30 GMT
From: tiltonj@erols.com (Jay Tilton)
Subject: Re: Delete text after a known position in a text file
Message-Id: <414b7ca5.162985210@news.erols.com>
"Paul Lalli" <mritty@gmail.com> wrote:
: "Oliver S?der" <osoeder@gmx.de> wrote in message
: news:45c6c8e6.0409170156.2690bed2@posting.google.com...
: > I want to delete all text after the word "lib\" in a line of a text
: > field.
: > IDMLIB=C:\PROGRA~1\Novadigm\Lib\
: >
: > How can I make $_ all text behind the last back slash? Then I would be
: > able to do s/$_//. Or is there a better way?
:
: my $string = 'IDMLIB=C:\PROGRA~1\Novadigm\Lib\';
: $string =~ s/(lib\\).*/$1/i;
:
: Simply search for the marker, and replace the marker and everything that
: follows with just the marker.
Or, if you want to be weird:
#!perl
use warnings;
use strict;
$_ = 'IDMLIB=C:\PROGRA~1\Novadigm\Lib\blah\blah';
{
open my($f), '<', \$_ or die $!;
local $/ = 'Lib\\';
$_ = <$f>;
}
print;
__END__
Don't try this at work, kids. :)
------------------------------
Date: Sat, 18 Sep 2004 00:17:29 GMT
From: "Jürgen Exner" <jurgenex@hotmail.com>
Subject: Re: Delete text after a known position in a text file
Message-Id: <t8L2d.406$464.361@trnddc01>
Oliver S?der wrote:
> I want to delete all text after the word "lib\" in a line of a text
> field.
> IDMLIB=C:\PROGRA~1\Novadigm\Lib\
>
> How can I make $_ all text behind the last back slash? Then I would be
> able to do s/$_//. Or is there a better way?
What's wrong with a simple
s/lib\\.*/lib\\/i;
Replace "lib\" and anything after it with "lib\" and ignore the case, too.
jue
------------------------------
Date: Sat, 18 Sep 2004 00:29:10 GMT
From: "Jürgen Exner" <jurgenex@hotmail.com>
Subject: Re: Delete text after a known position in a text file
Message-Id: <qjL2d.409$464.88@trnddc01>
Oliver S?der wrote:
> I want to delete all text after the word "lib\" in a line of a text
> field.
> IDMLIB=C:\PROGRA~1\Novadigm\Lib\
>
> How can I make $_ all text behind the last back slash? Then I would be
> able to do s/$_//. Or is there a better way?
Another way (considering that according to your subject line you already
know the position of the text) is to use substr:
substr ($text, $KnownPosition + length('lib\')) = '';
jue
------------------------------
Date: Fri, 17 Sep 2004 11:05:56 -0700
From: Michael Slass <miknrene@drizzle.com>
Subject: Re: Need more efficient use of the substitution operator
Message-Id: <m34qlw6a9n.fsf@eric.rossnet.com>
Gunnar Hjalmarsson <noreply@gunnar.cc> writes:
>Niall Macpherson wrote:
>> I am trying to find the first occurence of anything between a '['
>> and a ']' and return that string
>
>If you are trying to *find* something, it's not substitution you
>should do, but you'd rather use the m// (matching) operator with
>capturing parentheses (see "perldoc perlop").
>
>
>Indeed.
>
> my $input = " foo [STRING] bar ";
> print "Result = '", $input =~ /\[(.*?)\]/, "'\n";
>
>--
Is there a differnce in regex efficiency between the non-greedy ".*?" as
used above, and the more specific "[^]]*" ? I can't remember the
backtracking rules for NFA non-greedy quantifiers, and my Mastering
Regular Expressions is out on loan.
--
Mike Slass
------------------------------
Date: Fri, 17 Sep 2004 20:15:23 +0200
From: Gunnar Hjalmarsson <noreply@gunnar.cc>
Subject: Re: Need more efficient use of the substitution operator
Message-Id: <2r0nvkF14kqs4U1@uni-berlin.de>
Michael Slass wrote:
> Gunnar Hjalmarsson <noreply@gunnar.cc> writes:
>>
>> my $input = " foo [STRING] bar ";
>> print "Result = '", $input =~ /\[(.*?)\]/, "'\n";
>
> Is there a differnce in regex efficiency between the non-greedy
> ".*?" as used above, and the more specific "[^]]*" ?
Not sure, but I believe the latter is more efficient (but two more
characters to type...).
> I can't remember the backtracking rules for NFA non-greedy
> quantifiers, and my Mastering Regular Expressions is out on loan.
Do a benchmark! ;-)
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
------------------------------
Date: Fri, 17 Sep 2004 12:12:32 -0700
From: Michael Slass <miknrene@drizzle.com>
Subject: Re: Need more efficient use of the substitution operator
Message-Id: <m3zn3o4sm7.fsf@eric.rossnet.com>
Gunnar Hjalmarsson <noreply@gunnar.cc> writes:
>Michael Slass wrote:
>> Gunnar Hjalmarsson <noreply@gunnar.cc> writes:
>>> my $input = " foo [STRING] bar ";
>>> print "Result = '", $input =~ /\[(.*?)\]/, "'\n";
>> Is there a differnce in regex efficiency between the non-greedy
>> ".*?" as used above, and the more specific "[^]]*" ?
>
>Do a benchmark! ;-)
:) Yup, that's the true engineer's answer; I'm more interested in the
professor's answer -- *why* the faster one is faster. A rule from
Mastering Regular Expressions, "Say what you mean", seems to come to
mind --- in this case, we mean "anything that's not ]" --- so "[^]]*"
is more exact.
I'll try to dig up the Dragon book for the regex discussion on NFA
backtracking and *.
--
Mike Slass
------------------------------
Date: 17 Sep 2004 19:49:34 GMT
From: Abigail <abigail@abigail.nl>
Subject: Re: Need more efficient use of the substitution operator
Message-Id: <slrnckmfud.qm8.abigail@alexandra.abigail.nl>
Niall Macpherson (niall.macpherson@moneyline.com) wrote on MMMMXXXV
September MCMXCIII in <URL:news:a3376e0d.0409170219.5fdbf5ce@posting.google.com>:
-: I don't use regexp / substitution handling very often and although I
-: think I have a basic grasp I am having problems with understanding how
-: to make multiple substitutions of different characters within a
-: string. I understand the use of appending a 'g' to the command for
-: multiple substitutions of the same pattern , but the following code
-: looks as if it could be improved.
-:
-: I am trying to find the first occurence of anything between a '[' and
-: a ']'
-: and return that string
-:
-: i.e the following code should print 'STRING'. It appears to work but
-: seems a bit long winded. Is there a better way of doing it ?
Well, it isn't clear what you want to return from:
one [two [three] four] five.
Should it be
a) two [three] four
b) two [three
c) three
Solutions:
a) use Regexp::Common;
my $re = $RE {balanced} {-parens => '[]'} {-keep};
b) my $re = /[[]([^]]*)[]]/;
c) my $re = /[[]([^][]*)[]]/;
Abigail
--
($;,$_,$|,$\)=("\@\x7Fy~*kde~box*Zoxf*Bkiaox","#"x25,1,"\r");
s/./ /;{vec($_=>1+$"=>8)=ord($/^substr$;=>$"=int rand 24=>1);
print&&select$,,$,,$,,$|/($|+tr/#//c);redo if y/#//};sleep 1;
------------------------------
Date: 17 Sep 2004 14:01:14 -0700
From: nitin.thakur@ubs.com (Nitin)
Subject: problem fetching *only one* value.
Message-Id: <ff21db84.0409171239.34815bed@posting.google.com>
I am trying to authenticate the user by using one variable and
checking for that in a oracle table. When I execute my code I always
get authenticated, evenif there is no entry for me in that table. here
is the code: -
---------------------------------------------------
#!/sbcimp/run/pd/perl/prod/bin/perl -w
$USERID = $ENV_ID;
$wobj = new CGI;
print $wobj->header();
print $wobj->start_html();
DBI->trace(1);
print $wobj->hr;
$dbh = DBI->connect('DBI:Oracle:ABC', 'ORACLE_DATA', 'xyz') || die
"Database co
nnection not possible: $DBI::errstr";
$sth = $dbh->prepare("SELECT LOGIN_ID FROM ADMINS WHERE LOGIN_ID =
'$USERID'") or die '$DBI::errstr';
$sth->execute() or die '$DBI::errstr';
$login_id = $sth->fetchrow_array();
if ($login_id = $USERID) {
print '<h1>You Are In</h1>';
print '<hr>';
} else {
print '<H1>You are out</H1>';
}
$sth->finish;
$dbh->disconnect();
print $wobj->end_html;
-------------------------------------------------------------
Thanks in advance,
Nitin
------------------------------
Date: Fri, 17 Sep 2004 15:17:01 -0700
From: Jim Gibson <jgibson@mail.arc.nasa.gov>
Subject: Re: problem fetching *only one* value.
Message-Id: <170920041517012084%jgibson@mail.arc.nasa.gov>
In article <ff21db84.0409171239.34815bed@posting.google.com>, Nitin
<nitin.thakur@ubs.com> wrote:
> I am trying to authenticate the user by using one variable and
> checking for that in a oracle table. When I execute my code I always
> get authenticated, evenif there is no entry for me in that table. here
> is the code: -
> ---------------------------------------------------
> #!/sbcimp/run/pd/perl/prod/bin/perl -w
Always put:
use strict;
use warnings;
at the beginning of your program ('use warnings' replaces the -w).
> $USERID = $ENV_ID;
> $wobj = new CGI;
> print $wobj->header();
> print $wobj->start_html();
> DBI->trace(1);
> print $wobj->hr;
> $dbh = DBI->connect('DBI:Oracle:ABC', 'ORACLE_DATA', 'xyz') || die
> "Database co
> nnection not possible: $DBI::errstr";
Use 'or' instead of '||' for precedence safety.
> $sth = $dbh->prepare("SELECT LOGIN_ID FROM ADMINS WHERE LOGIN_ID =
> '$USERID'") or die '$DBI::errstr';
> $sth->execute() or die '$DBI::errstr';
> $login_id = $sth->fetchrow_array();
fetchrow_array() returns an array. You are assigning the number of
elements in the array, which is one, to $login_id. You should do one of
(untested):
1. my @row = $sth->fetchrow_array(); my $login_id = $row[0];
2. my $login_id = ($sth->fetchrow_array())[0];
3. my ( $login_id ) = $sth_fetchrow_array();
> if ($login_id = $USERID) {
Alas, you are assigning $USERID to $login_id and testing the result,
which will always be true. You want "==" for a numerical comparison or
'eq' for a string compare.
> print '<h1>You Are In</h1>';
> print '<hr>';
> } else {
> print '<H1>You are out</H1>';
> }
> $sth->finish;
> $dbh->disconnect();
> print $wobj->end_html;
------------------------------
Date: 17 Sep 2004 12:41:55 -0800
From: yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones)
Subject: Re: Protecting passwords in Perl scripts?
Message-Id: <414b3e03@news.victoria.tc.ca>
David Filmer (ineverreadanythingsenttome@hotmail.com) wrote:
: I have (for example) a Perl script that connects to a database (or FTP site,
: etc). The database (or ftp) password is either hard-coded (in clear text) in
: the script or contained in an external configuration file (which must be
: readable by the effective uid of the script).
: Someone who was able to browse the code could easily determine the password.
: That's a Bad Thing.
: I could trivially obfuscate it (rot13, etc) but that would only thwart the
: truly ignorant. The password could be symmetrically encrypted, but the
: script somehow needs to determine the encryption key (and the idly curious
: could determine this as well by reading the code).
: How can I shield the database (ftp, etc) password from prying eyes?
Put the config data in a file that belongs to another user, and chmod so
it cannot be read by anyone else.
Now make the script suid or guid so it can read the config file when it
runs.
I don't guarantee this is 100% effective. I'm not sure if it's possible
to hack the running perl script to dump the password after reading it.
------------------------------
Date: Fri, 17 Sep 2004 13:51:15 -0600
From: Eric Schwartz <emschwar@pobox.com>
Subject: Re: Protecting passwords in Perl scripts?
Message-Id: <etoy8j8ekss.fsf@wilson.emschwar>
yf110@vtn1.victoria.tc.ca (Malcolm Dew-Jones) writes:
> David Filmer (ineverreadanythingsenttome@hotmail.com) wrote:
> : How can I shield the database (ftp, etc) password from prying eyes?
>
> Put the config data in a file that belongs to another user, and chmod so
> it cannot be read by anyone else.
If this is on Linux, you may (depending on your support requirements)
be able to take advantage of SELinux. With that, you can define a
security context in which your program will operate, and place the
config file in that context as well, and then even if the permissions
on the file are 777, nobody can read it who is not explicitly allowed.
-=Eric
--
Come to think of it, there are already a million monkeys on a million
typewriters, and Usenet is NOTHING like Shakespeare.
-- Blair Houghton.
------------------------------
Date: 17 Sep 2004 17:14:37 -0700
From: IneverReadAnythingSentToMe@hotmail.com (David Filmer)
Subject: Re: Protecting passwords in Perl scripts?
Message-Id: <e4c916dd.0409171614.8b76054@posting.google.com>
> But I think the OP may find interesting the article "Password
> Authentication with Insecure Communication", by Leslie Lamport.
Dr. Lamport is a researcher with Micro$oft (but I won't hold that
against him - the guy is brilliant, so there is at least one really
smart guy working at Micro$oft). He kindly makes many of his writings
available to the public at
http://research.microsoft.com/users/lamport/pubs/pubs.html.
This paper is interesting, but it is confined to the problem of
password eavesdropping. I don't think the idea he proposes (using
one-time passwords in sequence) applies to this problem.
I agree with the opinions expressed here that the best we can do is to
try to lock down the environment. The problem cannot be solved within
the Perl code, and thus is not really a Perl issue.
------------------------------
Date: 17 Sep 2004 22:20:19 GMT
From: Abigail <abigail@abigail.nl>
Subject: Re: Rounding error in program
Message-Id: <slrnckmop3.qm8.abigail@alexandra.abigail.nl>
Jeff 'japhy' Pinyan (pinyaj@rpi.edu) wrote on MMMMXXXV September MCMXCIII
in <URL:news:Pine.SGI.3.96.1040917114152.55590A-100000@vcmr-64.server.rpi.edu>:
&& On 17 Sep 2004, A. Sinan Unur wrote:
&&
&& >You snipped the relevant part of Helgi's post. Reading what you are
&& >responding to helps:
&& >
&& >Helgi Briem <HelgiBriem_1@hotmail.com> wrote in
&& >news:46olk096ruu12k2spgno4jvjpsgiusvvdo@4ax.com:
&& >
&& >>> Always rounding X.5 *up* as you probably learned in grade school
&& >>> introduces a systematic bias. This was changed by the International
&& >>> Standards Organisation in 1992, to rounding to the nearest even
&& >>> integer.
&&
&& Does anyone know the ISO's reasoning behind it? It seems to create a new
&& bias, which doesn't seem to make sense to me, at least.
It's called "bankers rounding" and has to do with the observation that
many decimals are rational numbers obtained from dividing integers by
small integers. If all your decimal numbers are evenly distributed,
it doesn't matter what your policy of rounding x.5 is - there won't
be enough x.5 numbers to introduce a significant bias.
But now consider the numbers k/4, with k integer. That is:
0, 0.25, 0.5, 0.75, 1, 1.25, 1.5, 1.75, 2, ...
Suppose we're going to round those numbers to integers, using the
common method of rounding x.5 numbers up:
Number Rouding Loss
0 NOT 0
0.25 DOWN 0.25
0.5 UP -0.5
0.75 UP -0.25
1 NOT 0
1.25 DOWN 0.25
1.5 UP -0.5
1.75 UP -0.25
2 NOT 0
2.25 DOWN 0.25
2.5 UP -0.5
2.75 UP -0.25
3 NOT 0
3.25 DOWN 0.25
3.5 UP -0.5
3.75 UP -0.25
Of the 16 numbers, 8 were rounded up, 4 were rounded down, and 4 were
not rounded at all. The total loss (bias) is 2.
Let's do the same exercise with "bankers rounding":
Number Rouding Loss
0 NOT 0
0.25 DOWN 0.25
0.5 DOWN 0.5
0.75 UP -0.25
1 NOT 0
1.25 DOWN 0.25
1.5 UP -0.5
1.75 UP -0.25
2 NOT 0
2.25 DOWN 0.25
2.5 DOWN 0.5
2.75 UP -0.25
3 NOT 0
3.25 DOWN 0.25
3.5 UP -0.5
3.75 UP -0.25
Now we have 6 numbers rounded up, 6 rounded down, 4 not rounded, and
we haven't lost anything due to rounding. No bias.
Abigail
--
perl -wle '(1 x $_) !~ /^(11+)\1+$/ && print while ++ $_'
------------------------------
Date: Fri, 17 Sep 2004 17:20:34 -0400
From: "Matt Garrish" <matthew.garrish@sympatico.ca>
Subject: VBA to Perl macro conversion
Message-Id: <yyI2d.26467$0h7.1853848@news20.bellglobal.com>
Not a question, but a solution.
I had to convert a number of Word files to sgml today and at the same time
retain the font formatting (in the form of <b>, <i>, etc. tags). I know this
can be done by saving to html and cleaning up the other html garbage spit
out, but these files were already nicely styled and the conversion program
was meant to take advantage of this fact.
I also couldn't write this search/replace as a VBA macro, because the
program is automatically launched by a service watching a specific directory
for files dropped into it (and I couldn't find any way to run a Word macro
via OLE; I could use $word->Run() from the command line, but it wouldn't
work when run by the service, even when I changed who the service was run
as).
The code snippet below should be self-explanatory, but it sure was a
headache trying to convert the data structures. Hope this comes in handy for
anyone trying to do the same. I also encourage anyone else to post to this
thread any examples of VBA -> Perl code they think others might find useful,
as I found there is really very little to work from (or feel free to point
out where my code can be optimized).
Original VBA macro to find bolded text:
Dim rngSearch As Word.Range
Set rngSearch = ActiveDocument.Content
With rngSearch.Find
.Format = True
.Forward = True
.Wrap = wdFindStop
.MatchWildcards = False
.Text = ""
.Replacement.Text = ""
.Font.Bold = True
Do While .Execute
With rngSearch
.InsertBefore "<b>"
.InsertAfter "</b>"
.Collapse wdCollapseEnd
End With
Loop
End With
Perl equivalent:
my $word = Win32::OLE->new('Word.Application', 'Quit');
my $doc = $word->Documents->Open($infile) or die Win32::OLE->LastError();
my $range = $doc->Content();
$range->{Find}->{Format} = 1;
$range->{Find}->{Forward} = 1;
$range->{Find}->{Wrap} = wdFindStop;
$range->{Find}->{MatchWildcards} = 0;
$range->{Find}->{Text} = '';
$range->{Find}->{Replacement}->{Text} = '';
$range->{Find}->{Font}->{Bold} = 1;
while ( $range->{Find}->Execute() ) {
$range->InsertBefore('<b>');
$range->InsertAfter('</b>');
$range->Collapse(wdCollapseEnd);
}
Matt
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 7154
***************************************
