[25304] in Perl-Users-Digest
Perl-Users Digest, Issue: 7549 Volume: 10
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Dec 22 00:05:44 2004
Date: Tue, 21 Dec 2004 21:05:08 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Tue, 21 Dec 2004 Volume: 10 Number: 7549
Today's topics:
[OT] ASCIIgram for square root (was Re: Is zero even or <emurphy42@socal.rr.com>
Re: generating a session id xhoster@gmail.com
Re: generating a session id <uri@stemsystems.com>
Re: generating a session id <jgibson@mail.arc.nasa.gov>
Re: generating a session id <1usa@llenroc.ude.invalid>
Re: generating a session id ioneabu@yahoo.com
Re: generating a session id <uri@stemsystems.com>
Re: generating a session id ioneabu@yahoo.com
Re: generating a session id <1usa@llenroc.ude.invalid>
Re: generating a session id <1usa@llenroc.ude.invalid>
Re: How to navigate the docs? <matthew.garrish@sympatico.ca>
Re: How to navigate the docs? <wksmith@optonline.net>
input <>; not working? <bustanut2020@yahoo.com>
Re: input <>; not working? <1usa@llenroc.ude.invalid>
Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 22 Dec 2004 04:44:35 GMT
From: Ed Murphy <emurphy42@socal.rr.com>
Subject: [OT] ASCIIgram for square root (was Re: Is zero even or odd?)
Message-Id: <pan.2004.12.22.04.46.02.876577@socal.rr.com>
On Wed, 22 Dec 2004 01:56:47 +0000, Nicholas O. Lindan wrote:
> Slightly OT,
Only slightly?
> is there an accepted ASCII-gram for square root?
_______
_ /(x+y)*z
v2 would be my suggestion, or / ------- for more complex expressions.
v a+2
sqrt(2) or 2^.5 is generally more manageable, though.
> And shouldn't someone add a travel cruise group to the distribution.
*scratches head* *googles* Ah, there's a cruise line named Infinity.
------------------------------
Date: 21 Dec 2004 23:35:28 GMT
From: xhoster@gmail.com
Subject: Re: generating a session id
Message-Id: <20041221183528.531$9E@newsreader.com>
ioneabu@yahoo.com wrote:
> #!/usr/bin/perl
>
> use strict;
> use warnings;
> use Digest::MD5;
>
> #Their way
> my $length = 32;
> print substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}.
> rand(). $$)), 0, $length),"\n";
>
> #my way
> my @array = ('a' .. 'z', '0' .. '9');
> my $out;
> for (my $i=0;$i<$length;$i++) {$out .= $array[rand(36)]}
> print "$out\n";
>
> The first method is from Apache:Session:MySQL. Why is it any better
> than my version for generating a random 32 character string? If it's a
> big difference in 'randomness'
Yep, that is what it is. Although I'm not sure how big the
difference is.
> I could just use their way to generate
> my ids. I still don't need the whole implementation of
> Apache:Session:MySQL for my current purposes.
Until the next time you need something which you will implement
yourself using their code. And then the next time. And the time
after that. And then eventually you have copied the entire module
into your code in a haphazard fashion. Well, it is something
to think about anyway.
Xho
--
-------------------- http://NewsReader.Com/ --------------------
Usenet Newsgroup Service $9.95/Month 30GB
------------------------------
Date: Tue, 21 Dec 2004 23:35:56 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: generating a session id
Message-Id: <x7r7ljkyw3.fsf@mail.sysarch.com>
>>>>> "i" == ioneabu <ioneabu@yahoo.com> writes:
i> And they're not even using the whole alphabet! Just hex. I use a-z
i> and 0-9 :-)
ENOCLUE
even with the smiley.
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
--Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
------------------------------
Date: Tue, 21 Dec 2004 15:45:33 -0800
From: Jim Gibson <jgibson@mail.arc.nasa.gov>
Subject: Re: generating a session id
Message-Id: <211220041545333005%jgibson@mail.arc.nasa.gov>
In article <1103668714.136707.223230@f14g2000cwb.googlegroups.com>,
<ioneabu@yahoo.com> wrote:
> #!/usr/bin/perl
>
> use strict;
> use warnings;
> use Digest::MD5;
>
> #Their way
> my $length = 32;
> print substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}.
> rand(). $$)), 0, $length),"\n";
>
> #my way
> my @array = ('a' .. 'z', '0' .. '9');
> my $out;
> for (my $i=0;$i<$length;$i++) {$out .= $array[rand(36)]}
> print "$out\n";
>
> The first method is from Apache:Session:MySQL. Why is it any better
> than my version for generating a random 32 character string? If it's a
> big difference in 'randomness' I could just use their way to generate
> my ids. I still don't need the whole implementation of
> Apache:Session:MySQL for my current purposes. If their is no
> significant difference in the secure randomness of the generated
> strings, I prefer not to use extra modules unnecessarily.
> Thanks!
The Apache method starts with a string that contains two parts that are
almost guaranteed to be unique: the process ID ($$) and current time
(time()). While either of these can be the same for two executions of
your script, the combination can virtually never be the same. They
throw in some randomness (rand()), a random hash code ({}), and munge
it through Digest::MD5 to make it irrecoverable and non-quessable.
Your method depends upon the output of rand() to produce non-unique
values. What if the seed for rand() gets reset? You will start
repeating your values. Even it it doesn't, there is some, very small
probability you will re-use a session key too soon. There is also a
possibilty someone can start guessing your keys -- all they have to do
is start with the same seed for rand() and generate keys.
Which you use is up to you. I am just pointing out one difference in
the two methods.
-----------== Posted via Newsfeed.Com - Uncensored Usenet News ==----------
http://www.newsfeed.com The #1 Newsgroup Service in the World!
-----= Over 100,000 Newsgroups - Unlimited Fast Downloads - 19 Servers =-----
------------------------------
Date: 22 Dec 2004 00:52:38 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: generating a session id
Message-Id: <Xns95C6CA34DCCAAasu1cornelledu@132.236.56.8>
ioneabu@yahoo.com wrote in news:1103668714.136707.223230
@f14g2000cwb.googlegroups.com:
> The first method is from Apache:Session:MySQL. Why is it any better
> than my version for generating a random 32 character string?
How old are you? I would like to know because the statement above could be
tolerated if you were too young to get a driver's license. So, if you could
confirm that, I would explain it at length taking into account that you are
a youngster who does not know any better.
You can read about what MD5 and think real hard about how Apache::Session
mixes information from various sources.
Anyway, see also
http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session.pm
> I could just use their way to generate my ids. I still
> don't need the whole implementation of Apache:Session:MySQL
> for my current purposes. If their is no significant difference
> in the secure randomness of the generated strings, I prefer not
> to use extra modules unnecessarily.
It sounds like you are under the impression that I care what you use. I
don't. It is for others' benefit that I feel obliged to point out that what
you regard as an achievement is, in fact, not.
ioneabu@yahoo.com wrote in news:1103668886.899769.238400
@f14g2000cwb.googlegroups.com:
> And they're not even using the whole alphabet! Just hex. I use a-z
> and 0-9 :-)
It looks like you misunderstood the source.
Sinan.
--
A. Sinan Unur
1usa@llenroc.ude.invalid
(remove '.invalid' and reverse each component for email address)
------------------------------
Date: 21 Dec 2004 19:05:06 -0800
From: ioneabu@yahoo.com
Subject: Re: generating a session id
Message-Id: <1103684706.646202.74540@z14g2000cwz.googlegroups.com>
A. Sinan Unur wrote:
> ioneabu@yahoo.com wrote in news:1103668714.136707.223230
> @f14g2000cwb.googlegroups.com:
>
> > The first method is from Apache:Session:MySQL. Why is it any
better
> > than my version for generating a random 32 character string?
>
> How old are you? I would like to know because the statement above
could be
> tolerated if you were too young to get a driver's license. So, if you
could
> confirm that, I would explain it at length taking into account that
you are
> a youngster who does not know any better.
>
> You can read about what MD5 and think real hard about how
Apache::Session
> mixes information from various sources.
>
> Anyway, see also
>
> http://search.cpan.org/~sherzodr/CGI-Session-3.95/Session.pm
>
> > I could just use their way to generate my ids. I still
> > don't need the whole implementation of Apache:Session:MySQL
> > for my current purposes. If their is no significant difference
> > in the secure randomness of the generated strings, I prefer not
> > to use extra modules unnecessarily.
>
> It sounds like you are under the impression that I care what you use.
I
> don't. It is for others' benefit that I feel obliged to point out
that what
> you regard as an achievement is, in fact, not.
>
> ioneabu@yahoo.com wrote in news:1103668886.899769.238400
> @f14g2000cwb.googlegroups.com:
>
> > And they're not even using the whole alphabet! Just hex. I use
a-z
> > and 0-9 :-)
>
> It looks like you misunderstood the source.
>
> Sinan.
>
> --
> A. Sinan Unur
> 1usa@llenroc.ude.invalid
> (remove '.invalid' and reverse each component for email address)
Great, I ask a simple question and get attacked personally by a big
Cornell Economics professor. Sorry to ask such stupid questions,
'doctor'. Boy, am I glad I'm not in your class!
------------------------------
Date: Wed, 22 Dec 2004 04:12:13 GMT
From: Uri Guttman <uri@stemsystems.com>
Subject: Re: generating a session id
Message-Id: <x7sm5zj7j7.fsf@mail.sysarch.com>
>>>>> "i" == ioneabu <ioneabu@yahoo.com> writes:
i> Great, I ask a simple question and get attacked personally by a big
i> Cornell Economics professor. Sorry to ask such stupid questions,
i> 'doctor'. Boy, am I glad I'm not in your class!
ok, i will attack for that stupid and infantile response. you haven't
listened to a word of what people have said. you have shown no
inclination to actually understand the tricky issues regarding making a
session key. this attitude of yours (and yes it is hard to isolare a
comment about your attitude from 'you') is leading you to be a very bad
programmer. is that the type of student of computer stuff that you want
to be? i wouldn't want to be your teacher, it will be like talking to a
wall that knows nothing.
uri
--
Uri Guttman ------ uri@stemsystems.com -------- http://www.stemsystems.com
--Perl Consulting, Stem Development, Systems Architecture, Design and Coding-
Search or Offer Perl Jobs ---------------------------- http://jobs.perl.org
------------------------------
Date: 21 Dec 2004 20:45:44 -0800
From: ioneabu@yahoo.com
Subject: Re: generating a session id
Message-Id: <1103690744.041045.156420@f14g2000cwb.googlegroups.com>
I have made an effort to understand a process by exploring it in its
most basic form, as if I had to create for the first time. Of course
my simple minded code is not as good as the real thing, but why? There
have been some intelligent and thought provoking responses from others,
which I greatly appreciate. If you don't have an interesting response,
how about a link?
------------------------------
Date: 22 Dec 2004 04:59:33 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: generating a session id
Message-Id: <Xns95C6F4116614asu1cornelledu@132.236.56.8>
ioneabu@yahoo.com wrote in news:1103684706.646202.74540
@z14g2000cwz.googlegroups.com:
> Great, I ask a simple question and get attacked personally by a big
> Cornell Economics professor. Sorry to ask such stupid questions,
> 'doctor'. Boy, am I glad I'm not in your class!
Please don't put yourself in the same category as the people who pay my
salary, who show up in my classes day after day, who do the homeworks I
assign and who sweat my exams. Those people deserve and get quality
individual attention and all the help I can provide and still realize that
they are making an investment in their intellectual capital. In most cases,
they realize having answers spoon-fed actually reduces the returns on that
investment.
In case you were curious, I am just as elated as you are that you are not
in my class. I hate failing people.
The fact that I hold a number of degrees etc is completely irrelevant here
which is why you cannot find them mentioned anywhere other than my Cornell
home page where it is appropriate to mention them.
You did not ask a simple question. Such a question might have been
something along the lines of "What is a good way of generating session
ids?"
Instead, you came up with a bad method, demonstrated that you had not
actually researched the issue at all and proceeded to make fun of the
proper method without having understood what it does. That is infantile.
Information on how to generate session id's in a way that makes it
difficult for some cracker to guess current and valid session id's is
readily available.
Of course, you do not need to use Apache::Session::MySQL just to generate
session ids. You could just use the module that package depends on:
Apache::Session::Generate::MD5 (see http://tinyurl.com/5n65q)
--
A. Sinan Unur
1usa@llenroc.ude.invalid
(remove '.invalid' and reverse each component for email address)
------------------------------
Date: 22 Dec 2004 05:00:11 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: generating a session id
Message-Id: <Xns95C793764asu1cornelledu@132.236.56.8>
ioneabu@yahoo.com wrote in news:1103690744.041045.156420
@f14g2000cwb.googlegroups.com:
> If you don't have an interesting response, how about a link?
Have you heard of Google?
--
A. Sinan Unur
1usa@llenroc.ude.invalid
(remove '.invalid' and reverse each component for email address)
------------------------------
Date: Tue, 21 Dec 2004 18:55:52 -0500
From: "Matt Garrish" <matthew.garrish@sympatico.ca>
Subject: Re: How to navigate the docs?
Message-Id: <aK2yd.14377$GK5.958299@news20.bellglobal.com>
"Mike" <please@send.replies.to.ng> wrote in message
news:cq9g28$8tt$1@reader2.panix.com...
>
> Is there anything like this for Perl, or maybe a
> search-engine-assisted doc page for Perl? (Google is not good enough
> for this task; too many of the Perl keywords are too widely used
> for a basic Google search to produce useful hits.)
>
Have you tried the search engine at perldoc.com? Or if all else fails,
googling just that site.
Matt
------------------------------
Date: Tue, 21 Dec 2004 22:48:08 -0500
From: "Bill Smith" <wksmith@optonline.net>
Subject: Re: How to navigate the docs?
Message-Id: <Wc6yd.10947$vd6.1488@fe12.lga>
"Mike" <please@send.replies.to.ng> wrote in message
news:cq9g28$8tt$1@reader2.panix.com...
>
>
>
> What do you do when you want to find something in the Perl
> documentation, and you have *no idea* in which of the many perlxxxx
> it is? I've tried perltoc in the past with little success.
>
> At this point someone would reply "But WHAT are you looking for???",
> which would miss the point of my question, which is finding general
> strategies for using the Perl docs.
Many of us "senior citizens" are good at finding info in books, but have
not developed the analogous skills for using electronic documentation.
I start with my well worn copy of "Perl in a Nutshell". It usually
provides the key to find full documentation with perldoc. My copy of
the book improves with age as I add margin notes and cross-references.
When this fails, I also grep the .pod files. I wish that someone would
write a program that uses the algorithm in perldloc to find the .pod
files of interest, and then searches through each of them with a regular
expression the way that grep does.
------------------------------
Date: Wed, 22 Dec 2004 04:17:59 GMT
From: "Billy" <bustanut2020@yahoo.com>
Subject: input <>; not working?
Message-Id: <Wz6yd.270491$HA.29043@attbi_s01>
I ran into a problem that I went round-and-round on until I broke an input
to the simplest test code I could think of and it still doesn't work...
print "Enter a number: ";
$number = <>;
print "The number is $number.\n";
or
$number = <STDIN>;
print STDOUT "The number is $number.\n";
What happens with both attempts is it prints:
Enter a number: The number is.
without pausing for an input.....
All other parts of my code works except when I want to get an input from the
keyboard....
What am I missing?
Billy
------------------------------
Date: 22 Dec 2004 04:33:24 GMT
From: "A. Sinan Unur" <1usa@llenroc.ude.invalid>
Subject: Re: input <>; not working?
Message-Id: <Xns95C6EFA2B8759asu1cornelledu@132.236.56.8>
"Billy" <bustanut2020@yahoo.com> wrote in
news:Wz6yd.270491$HA.29043@attbi_s01:
> I ran into a problem that I went round-and-round on until I broke an
> input to the simplest test code I could think of and it still doesn't
> work...
...
> $number = <STDIN>;
> print STDOUT "The number is $number.\n";
>
> What happens with both attempts is it prints:
>
> Enter a number: The number is.
>
> without pausing for an input.....
>
> All other parts of my code works except when I want to get an input
> from the keyboard....
> What am I missing?
I am not sure:
use strict;
use warnings;
$| = 1;
print 'Enter a number: ';
my $number = <STDIN>;
chomp $number;
print "The number is $number.\n";
__END__
C:\Dload> t.pl
Enter a number: 5
The number is 5.
C:\Dload> perl -v
This is perl, v5.8.6 built for MSWin32-x86-multi-thread
(with 3 registered patches, see perl -V for more detail)
Copyright 1987-2004, Larry Wall
Binary build 811 provided by ActiveState Corp. http://www.ActiveState.com
C:\Dload> ver
Microsoft Windows XP [Version 5.1.2600]
--
A. Sinan Unur
1usa@llenroc.ude.invalid
(remove '.invalid' and reverse each component for email address)
------------------------------
Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>
Administrivia:
#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc. For subscription or unsubscription requests, send
#the single line:
#
# subscribe perl-users
#or:
# unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.
NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.
#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V10 Issue 7549
***************************************
