[27471] in Perl-Users-Digest

home help back first fref pref prev next nref lref last post

Perl-Users Digest, Issue: 9084 Volume: 10

daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Fri Mar 24 09:10:14 2006

Date: Fri, 24 Mar 2006 06:10:07 -0800 (PST)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)

Perl-Users Digest           Fri, 24 Mar 2006     Volume: 10 Number: 9084

Today's topics:
        Posting Guidelines for comp.lang.perl.misc ($Revision:  tadmc@augustmail.com
    Re: Posting Guidelines for comp.lang.perl.misc ($Revisi <Diana@hotmail.com>
    Re: Security implications of taking a stylesheet URL fr <dorward@yahoo.com>
    Re: Security implications of taking a stylesheet URL fr <bumens@dingens.org>
    Re: Security implications of taking a stylesheet URL fr <cajunk@marenger.com>
    Re: Security implications of taking a stylesheet URL fr <jasen@free.net.nz>
        sockaddr_in() timeout or asynchone call ? <no@thanks.com>
    Re: Would like to make a system call without displaying <jurgenex@hotmail.com>
    Re: Would like to make a system call without displaying <tadmc@augustmail.com>
        Digest Administrivia (Last modified: 6 Apr 01) (Perl-Users-Digest Admin)

----------------------------------------------------------------------

Date: 24 Mar 2006 08:22:04 GMT
From: tadmc@augustmail.com
Subject: Posting Guidelines for comp.lang.perl.misc ($Revision: 1.5 $)
Message-Id: <4423ac2c$0$56209$ae4e5890@news.nationwide.net>

Outline
   Before posting to comp.lang.perl.misc
      Must
       - Check the Perl Frequently Asked Questions (FAQ)
       - Check the other standard Perl docs (*.pod)
      Really Really Should
       - Lurk for a while before posting
       - Search a Usenet archive
      If You Like
       - Check Other Resources
   Posting to comp.lang.perl.misc
      Is there a better place to ask your question?
       - Question should be about Perl, not about the application area
      How to participate (post) in the clpmisc community
       - Carefully choose the contents of your Subject header
       - Use an effective followup style
       - Speak Perl rather than English, when possible
       - Ask perl to help you
       - Do not re-type Perl code
       - Provide enough information
       - Do not provide too much information
       - Do not post binaries, HTML, or MIME
      Social faux pas to avoid
       - Asking a Frequently Asked Question
       - Asking a question easily answered by a cursory doc search
       - Asking for emailed answers
       - Beware of saying "doesn't work"
       - Sending a "stealth" Cc copy
      Be extra cautious when you get upset
       - Count to ten before composing a followup when you are upset
       - Count to ten after composing and before posting when you are upset
-----------------------------------------------------------------

Posting Guidelines for comp.lang.perl.misc ($Revision: 1.5 $)
    This newsgroup, commonly called clpmisc, is a technical newsgroup
    intended to be used for discussion of Perl related issues (except job
    postings), whether it be comments or questions.

    As you would expect, clpmisc discussions are usually very technical in
    nature and there are conventions for conduct in technical newsgroups
    going somewhat beyond those in non-technical newsgroups.

    The article at:

        http://www.catb.org/~esr/faqs/smart-questions.html

    describes how to get answers from technical people in general.

    This article describes things that you should, and should not, do to
    increase your chances of getting an answer to your Perl question. It is
    available in POD, HTML and plain text formats at:

     http://mail.augustmail.com/~tadmc/clpmisc.shtml

    For more information about netiquette in general, see the "Netiquette
    Guidelines" at:

     http://andrew2.andrew.cmu.edu/rfc/rfc1855.html

    A note to newsgroup "regulars":

       Do not use these guidelines as a "license to flame" or other
       meanness. It is possible that a poster is unaware of things
       discussed here.  Give them the benefit of the doubt, and just
       help them learn how to post, rather than assume 

    A note about technical terms used here:

       In this document, we use words like "must" and "should" as
       they're used in technical conversation (such as you will
       encounter in this newsgroup). When we say that you *must* do
       something, we mean that if you don't do that something, then
       it's unlikely that you will benefit much from this group.
       We're not bossing you around; we're making the point without
       lots of words.

    Do *NOT* send email to the maintainer of these guidelines. It will be
    discarded unread. The guidelines belong to the newsgroup so all
    discussion should appear in the newsgroup. I am just the secretary that
    writes down the consensus of the group.

Before posting to comp.lang.perl.misc
  Must
    This section describes things that you *must* do before posting to
    clpmisc, in order to maximize your chances of getting meaningful replies
    to your inquiry and to avoid getting flamed for being lazy and trying to
    have others do your work.

    The perl distribution includes documentation that is copied to your hard
    drive when you install perl. Also installed is a program for looking
    things up in that (and other) documentation named 'perldoc'.

    You should either find out where the docs got installed on your system,
    or use perldoc to find them for you. Type "perldoc perldoc" to learn how
    to use perldoc itself. Type "perldoc perl" to start reading Perl's
    standard documentation.

    Check the Perl Frequently Asked Questions (FAQ)
        Checking the FAQ before posting is required in Big 8 newsgroups in
        general, there is nothing clpmisc-specific about this requirement.
        You are expected to do this in nearly all newsgroups.

        You can use the "-q" switch with perldoc to do a word search of the
        questions in the Perl FAQs.

    Check the other standard Perl docs (*.pod)
        The perl distribution comes with much more documentation than is
        available for most other newsgroups, so in clpmisc you should also
        see if you can find an answer in the other (non-FAQ) standard docs
        before posting.

    It is *not* required, or even expected, that you actually *read* all of
    Perl's standard docs, only that you spend a few minutes searching them
    before posting.

    Try doing a word-search in the standard docs for some words/phrases
    taken from your problem statement or from your very carefully worded
    "Subject:" header.

  Really Really Should
    This section describes things that you *really should* do before posting
    to clpmisc.

    Lurk for a while before posting
        This is very important and expected in all newsgroups. Lurking means
        to monitor a newsgroup for a period to become familiar with local
        customs. Each newsgroup has specific customs and rituals. Knowing
        these before you participate will help avoid embarrassing social
        situations. Consider yourself to be a foreigner at first!

    Search a Usenet archive
        There are tens of thousands of Perl programmers. It is very likely
        that your question has already been asked (and answered). See if you
        can find where it has already been answered.

        One such searchable archive is:

         http://groups.google.com/advanced_group_search

  If You Like
    This section describes things that you *can* do before posting to
    clpmisc.

    Check Other Resources
        You may want to check in books or on web sites to see if you can
        find the answer to your question.

        But you need to consider the source of such information: there are a
        lot of very poor Perl books and web sites, and several good ones
        too, of course.

Posting to comp.lang.perl.misc
    There can be 200 messages in clpmisc in a single day. Nobody is going to
    read every article. They must decide somehow which articles they are
    going to read, and which they will skip.

    Your post is in competition with 199 other posts. You need to "win"
    before a person who can help you will even read your question.

    These sections describe how you can help keep your article from being
    one of the "skipped" ones.

  Is there a better place to ask your question?
    Question should be about Perl, not about the application area
        It can be difficult to separate out where your problem really is,
        but you should make a conscious effort to post to the most
        applicable newsgroup. That is, after all, where you are the most
        likely to find the people who know how to answer your question.

        Being able to "partition" a problem is an essential skill for
        effectively troubleshooting programming problems. If you don't get
        that right, you end up looking for answers in the wrong places.

        It should be understood that you may not know that the root of your
        problem is not Perl-related (the two most frequent ones are CGI and
        Operating System related), so off-topic postings will happen from
        time to time. Be gracious when someone helps you find a better place
        to ask your question by pointing you to a more applicable newsgroup.

  How to participate (post) in the clpmisc community
    Carefully choose the contents of your Subject header
        You have 40 precious characters of Subject to win out and be one of
        the posts that gets read. Don't waste them. Take care while
        composing them, they are the key that opens the door to getting an
        answer.

        Spend them indicating what aspect of Perl others will find if they
        should decide to read your article.

        Do not spend them indicating "experience level" (guru, newbie...).

        Do not spend them pleading (please read, urgent, help!...).

        Do not spend them on non-Subjects (Perl question, one-word
        Subject...)

        For more information on choosing a Subject see "Choosing Good
        Subject Lines":

         http://www.cpan.org/authors/id/D/DM/DMR/subjects.post

        Part of the beauty of newsgroup dynamics, is that you can contribute
        to the community with your very first post! If your choice of
        Subject leads a fellow Perler to find the thread you are starting,
        then even asking a question helps us all.

    Use an effective followup style
        When composing a followup, quote only enough text to establish the
        context for the comments that you will add. Always indicate who
        wrote the quoted material. Never quote an entire article. Never
        quote a .signature (unless that is what you are commenting on).

        Intersperse your comments *following* each section of quoted text to
        which they relate. Unappreciated followup styles are referred to as
        "top-posting", "Jeopardy" (because the answer comes before the
        question), or "TOFU" (Text Over, Fullquote Under).

        Reversing the chronology of the dialog makes it much harder to
        understand (some folks won't even read it if written in that style).
        For more information on quoting style, see:

         http://web.presby.edu/~nnqadmin/nnq/nquote.html

    Speak Perl rather than English, when possible
        Perl is much more precise than natural language. Saying it in Perl
        instead will avoid misunderstanding your question or problem.

        Do not say: I have variable with "foo\tbar" in it.

        Instead say: I have $var = "foo\tbar", or I have $var = 'foo\tbar',
        or I have $var = <DATA> (and show the data line).

    Ask perl to help you
        You can ask perl itself to help you find common programming mistakes
        by doing two things: enable warnings (perldoc warnings) and enable
        "strict"ures (perldoc strict).

        You should not bother the hundreds/thousands of readers of the
        newsgroup without first seeing if a machine can help you find your
        problem. It is demeaning to be asked to do the work of a machine. It
        will annoy the readers of your article.

        You can look up any of the messages that perl might issue to find
        out what the message means and how to resolve the potential mistake
        (perldoc perldiag). If you would like perl to look them up for you,
        you can put "use diagnostics;" near the top of your program.

    Do not re-type Perl code
        Use copy/paste or your editor's "import" function rather than
        attempting to type in your code. If you make a typo you will get
        followups about your typos instead of about the question you are
        trying to get answered.

    Provide enough information
        If you do the things in this item, you will have an Extremely Good
        chance of getting people to try and help you with your problem!
        These features are a really big bonus toward your question winning
        out over all of the other posts that you are competing with.

        First make a short (less than 20-30 lines) and *complete* program
        that illustrates the problem you are having. People should be able
        to run your program by copy/pasting the code from your article. (You
        will find that doing this step very often reveals your problem
        directly. Leading to an answer much more quickly and reliably than
        posting to Usenet.)

        Describe *precisely* the input to your program. Also provide example
        input data for your program. If you need to show file input, use the
        __DATA__ token (perldata.pod) to provide the file contents inside of
        your Perl program.

        Show the output (including the verbatim text of any messages) of
        your program.

        Describe how you want the output to be different from what you are
        getting.

        If you have no idea at all of how to code up your situation, be sure
        to at least describe the 2 things that you *do* know: input and
        desired output.

    Do not provide too much information
        Do not just post your entire program for debugging. Most especially
        do not post someone *else's* entire program.

    Do not post binaries, HTML, or MIME
        clpmisc is a text only newsgroup. If you have images or binaries
        that explain your question, put them in a publically accessible
        place (like a Web server) and provide a pointer to that location. If
        you include code, cut and paste it directly in the message body.
        Don't attach anything to the message. Don't post vcards or HTML.
        Many people (and even some Usenet servers) will automatically filter
        out such messages. Many people will not be able to easily read your
        post. Plain text is something everyone can read.

  Social faux pas to avoid
    The first two below are symptoms of lots of FAQ asking here in clpmisc.
    It happens so often that folks will assume that it is happening yet
    again. If you have looked but not found, or found but didn't understand
    the docs, say so in your article.

    Asking a Frequently Asked Question
        It should be understood that you may have missed the applicable FAQ
        when you checked, which is not a big deal. But if the Frequently
        Asked Question is worded similar to your question, folks will assume
        that you did not look at all. Don't become indignant at pointers to
        the FAQ, particularly if it solves your problem.

    Asking a question easily answered by a cursory doc search
        If folks think you have not even tried the obvious step of reading
        the docs applicable to your problem, they are likely to become
        annoyed.

        If you are flamed for not checking when you *did* check, then just
        shrug it off (and take the answer that you got).

    Asking for emailed answers
        Emailed answers benefit one person. Posted answers benefit the
        entire community. If folks can take the time to answer your
        question, then you can take the time to go get the answer in the
        same place where you asked the question.

        It is OK to ask for a *copy* of the answer to be emailed, but many
        will ignore such requests anyway. If you munge your address, you
        should never expect (or ask) to get email in response to a Usenet
        post.

        Ask the question here, get the answer here (maybe).

    Beware of saying "doesn't work"
        This is a "red flag" phrase. If you find yourself writing that,
        pause and see if you can't describe what is not working without
        saying "doesn't work". That is, describe how it is not what you
        want.

    Sending a "stealth" Cc copy
        A "stealth Cc" is when you both email and post a reply without
        indicating *in the body* that you are doing so.

  Be extra cautious when you get upset
    Count to ten before composing a followup when you are upset
        This is recommended in all Usenet newsgroups. Here in clpmisc, most
        flaming sub-threads are not about any feature of Perl at all! They
        are most often for what was seen as a breach of netiquette. If you
        have lurked for a bit, then you will know what is expected and won't
        make such posts in the first place.

        But if you get upset, wait a while before writing your followup. I
        recommend waiting at least 30 minutes.

    Count to ten after composing and before posting when you are upset
        After you have written your followup, wait *another* 30 minutes
        before committing yourself by posting it. You cannot take it back
        once it has been said.

AUTHOR
    Tad McClellan <tadmc@augustmail.com> and many others on the
    comp.lang.perl.misc newsgroup.



------------------------------

Date: Fri, 24 Mar 2006 12:28:35 GMT
From: "Diana" <Diana@hotmail.com>
Subject: Re: Posting Guidelines for comp.lang.perl.misc ($Revision: 1.5 $)
Message-Id: <TBRUf.24845$Nb2.453434@news1.nokia.com>

tadmc@augustmail.com wrote:

> Outline
>    Before posting to comp.lang.perl.misc
>       Must
>        - Check the Perl Frequently Asked Questions (FAQ)
>        - Check the other standard Perl docs (*.pod)
>       Really Really Should
>        - Lurk for a while before posting
>        - Search a Usenet archive
>       If You Like
>        - Check Other Resources
>    Posting to comp.lang.perl.misc
>       Is there a better place to ask your question?
>        - Question should be about Perl, not about the application area
>       How to participate (post) in the clpmisc community
>        - Carefully choose the contents of your Subject header
>        - Use an effective followup style
>        - Speak Perl rather than English, when possible
>        - Ask perl to help you
>        - Do not re-type Perl code
>        - Provide enough information
>        - Do not provide too much information
>        - Do not post binaries, HTML, or MIME
>       Social faux pas to avoid
>        - Asking a Frequently Asked Question
>        - Asking a question easily answered by a cursory doc search
>        - Asking for emailed answers
>        - Beware of saying "doesn't work"
>        - Sending a "stealth" Cc copy
>       Be extra cautious when you get upset
>        - Count to ten before composing a followup when you are upset
>        - Count to ten after composing and before posting when you are
> upset
> -----------------------------------------------------------------
> 
> Posting Guidelines for comp.lang.perl.misc ($Revision: 1.5 $)
>     This newsgroup, commonly called clpmisc, is a technical newsgroup
>     intended to be used for discussion of Perl related issues (except
> job     postings), whether it be comments or questions.
> 
>     As you would expect, clpmisc discussions are usually very
> technical in     nature and there are conventions for conduct in
> technical newsgroups     going somewhat beyond those in non-technical
> newsgroups.
> 
>     The article at:
> 
>         http://www.catb.org/~esr/faqs/smart-questions.html
> 
>     describes how to get answers from technical people in general.
> 
>     This article describes things that you should, and should not, do
> to     increase your chances of getting an answer to your Perl
> question. It is     available in POD, HTML and plain text formats at:
> 
>      http://mail.augustmail.com/~tadmc/clpmisc.shtml
> 
>     For more information about netiquette in general, see the
> "Netiquette     Guidelines" at:
> 
>      http://andrew2.andrew.cmu.edu/rfc/rfc1855.html
> 
>     A note to newsgroup "regulars":
> 
>        Do not use these guidelines as a "license to flame" or other
>        meanness. It is possible that a poster is unaware of things
>        discussed here.  Give them the benefit of the doubt, and just
>        help them learn how to post, rather than assume 
> 
>     A note about technical terms used here:
> 
>        In this document, we use words like "must" and "should" as
>        they're used in technical conversation (such as you will
>        encounter in this newsgroup). When we say that you must do
>        something, we mean that if you don't do that something, then
>        it's unlikely that you will benefit much from this group.
>        We're not bossing you around; we're making the point without
>        lots of words.
> 
>     Do NOT send email to the maintainer of these guidelines. It will
> be     discarded unread. The guidelines belong to the newsgroup so all
>     discussion should appear in the newsgroup. I am just the
> secretary that     writes down the consensus of the group.
> 
> Before posting to comp.lang.perl.misc
>   Must
>     This section describes things that you must do before posting to
>     clpmisc, in order to maximize your chances of getting meaningful
> replies     to your inquiry and to avoid getting flamed for being
> lazy and trying to     have others do your work.
> 
>     The perl distribution includes documentation that is copied to
> your hard     drive when you install perl. Also installed is a
> program for looking     things up in that (and other) documentation
> named 'perldoc'.
> 
>     You should either find out where the docs got installed on your
> system,     or use perldoc to find them for you. Type "perldoc
> perldoc" to learn how     to use perldoc itself. Type "perldoc perl"
> to start reading Perl's     standard documentation.
> 
>     Check the Perl Frequently Asked Questions (FAQ)
>         Checking the FAQ before posting is required in Big 8
> newsgroups in         general, there is nothing clpmisc-specific
> about this requirement.          You are expected to do this in
> nearly all newsgroups.
> 
>         You can use the "-q" switch with perldoc to do a word search
> of the         questions in the Perl FAQs.
> 
>     Check the other standard Perl docs (*.pod)
>         The perl distribution comes with much more documentation than
> is         available for most other newsgroups, so in clpmisc you
> should also         see if you can find an answer in the other
> (non-FAQ) standard docs         before posting.
> 
>     It is not required, or even expected, that you actually read all
> of     Perl's standard docs, only that you spend a few minutes
> searching them     before posting.
> 
>     Try doing a word-search in the standard docs for some
> words/phrases     taken from your problem statement or from your very
> carefully worded     "Subject:" header.
> 
>   Really Really Should
>     This section describes things that you *really should* do before
> posting     to clpmisc.
> 
>     Lurk for a while before posting
>         This is very important and expected in all newsgroups.
> Lurking means         to monitor a newsgroup for a period to become
> familiar with local         customs. Each newsgroup has specific
> customs and rituals. Knowing         these before you participate
> will help avoid embarrassing social         situations. Consider
> yourself to be a foreigner at first!
> 
>     Search a Usenet archive
>         There are tens of thousands of Perl programmers. It is very
> likely         that your question has already been asked (and
> answered). See if you         can find where it has already been
> answered.
> 
>         One such searchable archive is:
> 
>          http://groups.google.com/advanced_group_search
> 
>   If You Like
>     This section describes things that you can do before posting to
>     clpmisc.
> 
>     Check Other Resources
>         You may want to check in books or on web sites to see if you
> can         find the answer to your question.
> 
>         But you need to consider the source of such information:
> there are a         lot of very poor Perl books and web sites, and
> several good ones         too, of course.
> 
> Posting to comp.lang.perl.misc
>     There can be 200 messages in clpmisc in a single day. Nobody is
> going to     read every article. They must decide somehow which
> articles they are     going to read, and which they will skip.
> 
>     Your post is in competition with 199 other posts. You need to
> "win"     before a person who can help you will even read your
> question.
> 
>     These sections describe how you can help keep your article from
> being     one of the "skipped" ones.
> 
>   Is there a better place to ask your question?
>     Question should be about Perl, not about the application area
>         It can be difficult to separate out where your problem really
> is,         but you should make a conscious effort to post to the most
>         applicable newsgroup. That is, after all, where you are the
> most         likely to find the people who know how to answer your
> question.
> 
>         Being able to "partition" a problem is an essential skill for
>         effectively troubleshooting programming problems. If you
> don't get         that right, you end up looking for answers in the
> wrong places.
> 
>         It should be understood that you may not know that the root
> of your         problem is not Perl-related (the two most frequent
> ones are CGI and         Operating System related), so off-topic
> postings will happen from         time to time. Be gracious when
> someone helps you find a better place         to ask your question by
> pointing you to a more applicable newsgroup.
> 
>   How to participate (post) in the clpmisc community
>     Carefully choose the contents of your Subject header
>         You have 40 precious characters of Subject to win out and be
> one of         the posts that gets read. Don't waste them. Take care
> while         composing them, they are the key that opens the door to
> getting an         answer.
> 
>         Spend them indicating what aspect of Perl others will find if
> they         should decide to read your article.
> 
>         Do not spend them indicating "experience level" (guru,
> newbie...).
> 
>         Do not spend them pleading (please read, urgent, help!...).
> 
>         Do not spend them on non-Subjects (Perl question, one-word
>         Subject...)
> 
>         For more information on choosing a Subject see "Choosing Good
>         Subject Lines":
> 
>          http://www.cpan.org/authors/id/D/DM/DMR/subjects.post
> 
>         Part of the beauty of newsgroup dynamics, is that you can
> contribute         to the community with your very first post! If
> your choice of         Subject leads a fellow Perler to find the
> thread you are starting,         then even asking a question helps us
> all.
> 
>     Use an effective followup style
>         When composing a followup, quote only enough text to
> establish the         context for the comments that you will add.
> Always indicate who         wrote the quoted material. Never quote an
> entire article. Never         quote a .signature (unless that is what
> you are commenting on).
> 
>         Intersperse your comments following each section of quoted
> text to         which they relate. Unappreciated followup styles are
> referred to as         "top-posting", "Jeopardy" (because the answer
> comes before the         question), or "TOFU" (Text Over, Fullquote
> Under).
> 
>         Reversing the chronology of the dialog makes it much harder to
>         understand (some folks won't even read it if written in that
> style).          For more information on quoting style, see:
> 
>          http://web.presby.edu/~nnqadmin/nnq/nquote.html
> 
>     Speak Perl rather than English, when possible
>         Perl is much more precise than natural language. Saying it in
> Perl         instead will avoid misunderstanding your question or
> problem.
> 
>         Do not say: I have variable with "foo\tbar" in it.
> 
>         Instead say: I have $var = "foo\tbar", or I have $var =
> 'foo\tbar',         or I have $var = <DATA> (and show the data line).
> 
>     Ask perl to help you
>         You can ask perl itself to help you find common programming
> mistakes         by doing two things: enable warnings (perldoc
> warnings) and enable         "strict"ures (perldoc strict).
> 
>         You should not bother the hundreds/thousands of readers of the
>         newsgroup without first seeing if a machine can help you find
> your         problem. It is demeaning to be asked to do the work of a
> machine. It         will annoy the readers of your article.
> 
>         You can look up any of the messages that perl might issue to
> find         out what the message means and how to resolve the
> potential mistake         (perldoc perldiag). If you would like perl
> to look them up for you,         you can put "use diagnostics;" near
> the top of your program.
> 
>     Do not re-type Perl code
>         Use copy/paste or your editor's "import" function rather than
>         attempting to type in your code. If you make a typo you will
> get         followups about your typos instead of about the question
> you are         trying to get answered.
> 
>     Provide enough information
>         If you do the things in this item, you will have an Extremely
> Good         chance of getting people to try and help you with your
> problem!          These features are a really big bonus toward your
> question winning         out over all of the other posts that you are
> competing with.
> 
>         First make a short (less than 20-30 lines) and complete
> program         that illustrates the problem you are having. People
> should be able         to run your program by copy/pasting the code
> from your article. (You         will find that doing this step very
> often reveals your problem         directly. Leading to an answer
> much more quickly and reliably than         posting to Usenet.)
> 
>         Describe precisely the input to your program. Also provide
> example         input data for your program. If you need to show file
> input, use the         DATA token (perldata.pod) to provide the file
> contents inside of         your Perl program.
> 
>         Show the output (including the verbatim text of any messages)
> of         your program.
> 
>         Describe how you want the output to be different from what
> you are         getting.
> 
>         If you have no idea at all of how to code up your situation,
> be sure         to at least describe the 2 things that you do know:
> input and         desired output.
> 
>     Do not provide too much information
>         Do not just post your entire program for debugging. Most
> especially         do not post someone else's entire program.
> 
>     Do not post binaries, HTML, or MIME
>         clpmisc is a text only newsgroup. If you have images or
> binaries         that explain your question, put them in a publically
> accessible         place (like a Web server) and provide a pointer to
> that location. If         you include code, cut and paste it directly
> in the message body.          Don't attach anything to the message.
> Don't post vcards or HTML.          Many people (and even some Usenet
> servers) will automatically filter         out such messages. Many
> people will not be able to easily read your         post. Plain text
> is something everyone can read.
> 
>   Social faux pas to avoid
>     The first two below are symptoms of lots of FAQ asking here in
> clpmisc.      It happens so often that folks will assume that it is
> happening yet     again. If you have looked but not found, or found
> but didn't understand     the docs, say so in your article.
> 
>     Asking a Frequently Asked Question
>         It should be understood that you may have missed the
> applicable FAQ         when you checked, which is not a big deal. But
> if the Frequently         Asked Question is worded similar to your
> question, folks will assume         that you did not look at all.
> Don't become indignant at pointers to         the FAQ, particularly
> if it solves your problem.
> 
>     Asking a question easily answered by a cursory doc search
>         If folks think you have not even tried the obvious step of
> reading         the docs applicable to your problem, they are likely
> to become         annoyed.
> 
>         If you are flamed for not checking when you did check, then
> just         shrug it off (and take the answer that you got).
> 
>     Asking for emailed answers
>         Emailed answers benefit one person. Posted answers benefit the
>         entire community. If folks can take the time to answer your
>         question, then you can take the time to go get the answer in
> the         same place where you asked the question.
> 
>         It is OK to ask for a copy of the answer to be emailed, but
> many         will ignore such requests anyway. If you munge your
> address, you         should never expect (or ask) to get email in
> response to a Usenet         post.
> 
>         Ask the question here, get the answer here (maybe).
> 
>     Beware of saying "doesn't work"
>         This is a "red flag" phrase. If you find yourself writing
> that,         pause and see if you can't describe what is not working
> without         saying "doesn't work". That is, describe how it is
> not what you         want.
> 
>     Sending a "stealth" Cc copy
>         A "stealth Cc" is when you both email and post a reply without
>         indicating *in the body* that you are doing so.
> 
>   Be extra cautious when you get upset
>     Count to ten before composing a followup when you are upset
>         This is recommended in all Usenet newsgroups. Here in
> clpmisc, most         flaming sub-threads are not about any feature
> of Perl at all! They         are most often for what was seen as a
> breach of netiquette. If you         have lurked for a bit, then you
> will know what is expected and won't         make such posts in the
> first place.
> 
>         But if you get upset, wait a while before writing your
> followup. I         recommend waiting at least 30 minutes.
> 
>     Count to ten after composing and before posting when you are upset
>         After you have written your followup, wait another 30 minutes
>         before committing yourself by posting it. You cannot take it
> back         once it has been said.
> 
> AUTHOR
>     Tad McClellan <tadmc@augustmail.com> and many others on the
>     comp.lang.perl.misc newsgroup.



-- 



------------------------------

Date: Fri, 24 Mar 2006 08:09:38 +0000
From: David Dorward <dorward@yahoo.com>
Subject: Re: Security implications of taking a stylesheet URL from a CGI parameter
Message-Id: <e009je$h4i$1$8300dec7@news.demon.co.uk>

Scott W Gifford wrote:

> I only have a rough knowledge of the full power of cascading
> stylesheets.  Are there any other security concerns I should be
> thinking about?  In particular, is there any way to embed
> client-executed code (like JavaScript) into a stylesheet, implement
> some other kind of cross-site scripting attack, or otherwise cause the
> stylesheet to do anything besides alter the display of the page?

In standards conformant CSS? No 

In a file served with a text/css media type? Yes.

http://archivist.incutio.com/viewlist/css-discuss/44263 has a simple
example, but expression lets any JavaScript be executed in Internet
Explorer (and can call ActiveX controls etc).

(Follow up set)
-- 
David Dorward       <http://blog.dorward.me.uk/>   <http://dorward.me.uk/>
                     Home is where the ~/.bashrc is


------------------------------

Date: 24 Mar 2006 09:33:46 +0100
From: Volker Birk <bumens@dingens.org>
Subject: Re: Security implications of taking a stylesheet URL from a CGI parameter
Message-Id: <4423aeea@news.uni-ulm.de>

In comp.security.misc Scott W Gifford <gifford@umich.edu> wrote:
> We will escape $stylesheet so it can only contain letters, numbers,
> underscore, dash, slashes, colons, and dots (to avoid cross-site
> scripting), ensure it starts with "http://" or "https://" and contains
> no port specification after the host

The latter is a drawback.

> and
> require the filename to end with ".css" (to make it more difficult to
> cause a script to run).

This is unneccessary.

> Something like this:
>     /^https?:\/\/[\w.-]+\/[\w\/:.-]+\.css$/

Why not implementing RFC1738, 3.3 exactly?

> I only have a rough knowledge of the full power of cascading
> stylesheets.  Are there any other security concerns I should be
> thinking about? 

With :before and :after there may be risks by inserting local scripting
code.

Yours,
VB.
-- 
At first there was the word. And the word was Content-type: text/plain


------------------------------

Date: Fri, 24 Mar 2006 06:21:28 -0500
From: Carolyn Marenger <cajunk@marenger.com>
Subject: Re: Security implications of taking a stylesheet URL from a CGI parameter
Message-Id: <55a76$4423d638$cf701c97$6263@PRIMUS.CA>

Scott W Gifford wrote:

> Hello,
> 
> We've got a Web-based application written in Perl that is designed to
> integrate as a frame into many different Web sites.  We currently have
> several stylesheets available to allow the user to match the look and
> feel to their existing Web site.  We're considering allowing our users
> to host their own stylesheet, and just pass in its URL as a CGI
> parameter.  Something like this:

<snip>

> Of course, we have no control over what gets passed in to the
> stylesheet parameter, so we have to be prepared for the possibility
> that a malicious person sets it to something nasty.

<snip>

I may be missing something here, but from the way you describe it, I as a
webmaster, can load your application in a frame within my site.  The users
that come and browse my site, can access your application through the
frame.

To make it nice and pretty, you are allowing me to create a stylesheet for
your application so that it will fit with the look and feel of my site. 
You are worried that I might insert malicious code into my user's computer
via the style sheet for your application's frame within my site.

If that understanding is correct, then here are my thoughts on the matter.

As a webmaster, my concern is that I get lots of traffic on my site.  If I
introduce malicious code on my site that harms a user in any way, then I am
shooting myself in the foot.  I will not get many return customers, and I
will probably not get many customers at all.  I would in fact be concerned
that by offering your application, I am not introducing something harmful
to my customers.

The only feasible way that I can see to do extensive damage with your
application in a frame on my site, would be to heavily market my site, have
a nice, clean and SAFE presentation.  When I have thousands of regular
users coming on a daily basis, then I could insert something malicious into
the site to attack them all.  At that point, what I introduce does not even
have to be in your application, or in the css related to your application. 
If it can go there, it can go in the css for my own site.  Anyway, at that
point, I will very quickly lose my customers, my revenue, and probably
start collecting lawsuits.

From your point of view - are you being more concerned with a possibly
unrealistic security threat, than you need to?  In my mind security boils
down to making it more expensive to 'steal' something than they get in
reward for having done it.  Are you going beyond this?

Just my thoughts,

Carolyn
-- 
Carolyn Marenger



------------------------------

Date: Fri, 24 Mar 2006 11:35:54 -0000
From: Jasen Betts <jasen@free.net.nz>
Subject: Re: Security implications of taking a stylesheet URL from a CGI parameter
Message-Id: <2b7a.4423d99a.3d8ce@clunker.homenet>

> In particular, is there any way to embed client-executed code (like
> JavaScript) into a stylesheet, 

yes. 


Bye.
   Jasen


------------------------------

Date: Fri, 24 Mar 2006 14:55:27 +0100
From: Asterbing <no@thanks.com>
Subject: sockaddr_in() timeout or asynchone call ?
Message-Id: <MPG.1e8e18b63959a2469897a0@news.tiscali.fr>

Hello,

Is it possible to do that a code like the one described on the chapter 
42.6.2 called "WebGet Client" on the Perl manual, be not a locking point 
for the rest of the script ?

Effectively, the sockaddr_in() freeze the script if the remote host is 
not available. 

Is there a way to reduce the timeout or, better, to do that this call be 
asynchroneous (don't taliking about waiting of the response since in the 
first case I've to treat, this GET response isn't necessary for the rest 
of the script - the matter is just to launch a remote cgi which will 
live its life by itself).


------------------------------

Date: Fri, 24 Mar 2006 12:38:35 GMT
From: "Jürgen Exner" <jurgenex@hotmail.com>
Subject: Re: Would like to make a system call without displaying msg to STD OUT
Message-Id: <fLRUf.12753$wD1.5834@trnddc02>

desert.fox11@yahoo.com wrote:
> I'll try to say this succinctly. I make a call using system "unzip
> -o", "$filename" which calls a utility unzip that has 'status'
> messages display to std out. This is fine, however, can I re-direct

On most command shells that I know about you can use the ">" to redirect 
stdout into a file. Just redirect it to /dev/null

> (or at the very least suppress ) these messages.

Typically that question would be answered in the documentation of the tool 
that you are using.
Many applications have an option like "-s" for silent or similar.

Now, what's your Perl question?

jue 




------------------------------

Date: Fri, 24 Mar 2006 06:58:13 -0600
From: Tad McClellan <tadmc@augustmail.com>
Subject: Re: Would like to make a system call without displaying msg to STD OUT
Message-Id: <slrne27r75.3rd.tadmc@magna.augustmail.com>

desert.fox11@yahoo.com <u55389404@spawnkill.ip-mobilphone.net> wrote:
> Hi,
> I'll try to say this succinctly. I make a call using system "unzip -o",
> "$filename" 


   perldoc -q vars


> which calls a utility unzip that has 'status' messages
> display to std out. 


Is that really what your system() call looks like?

It is a strange hybrid of the one arg form:

   system "unzip -o $filename"

and the LIST form

   system "unzip -o", $filename

where the list form attempts to run a command whose name is
eight characters long.

The proper LIST form would be something like:

   system 'unzip', '-o', $filename


> This is fine, however, can I re-direct ( or at the
> very least suppress ) these messages.


You can use shell redirection with the one arg form:

   system "unzip -o $filename >/dev/null"


-- 
    Tad McClellan                          SGML consulting
    tadmc@augustmail.com                   Perl programming
    Fort Worth, Texas


------------------------------

Date: 6 Apr 2001 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin) 
Subject: Digest Administrivia (Last modified: 6 Apr 01)
Message-Id: <null>


Administrivia:

#The Perl-Users Digest is a retransmission of the USENET newsgroup
#comp.lang.perl.misc.  For subscription or unsubscription requests, send
#the single line:
#
#	subscribe perl-users
#or:
#	unsubscribe perl-users
#
#to almanac@ruby.oce.orst.edu.  

NOTE: due to the current flood of worm email banging on ruby, the smtp
server on ruby has been shut off until further notice. 

To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.

#To request back copies (available for a week or so), send your request
#to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
#where x is the volume number and y is the issue number.

#For other requests pertaining to the digest, send mail to
#perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
#sending perl questions to the -request address, I don't have time to
#answer them even if I did know the answer.


------------------------------
End of Perl-Users Digest V10 Issue 9084
***************************************


home help back first fref pref prev next nref lref last post