[9498] in Perl-Users-Digest
Perl-Users Digest, Issue: 3092 Volume: 8
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Wed Jul 8 06:07:24 1998
Date: Wed, 8 Jul 98 03:00:22 -0700
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Wed, 8 Jul 1998 Volume: 8 Number: 3092
Today's topics:
Re: -w on production code (was Re: better way of gettin <Harald.Joerg@mch.sni.de>
Content Management zaheed@yahoo.com
Cookies & Javascript+Perl (Antti-Jussi Korjonen)
Re: Cookies & Javascript+Perl (brian d foy)
Re: Gateway (John Stanley)
Re: Getting Yesterday's Date (Richard Parker)
Re: How do you delete arbitrary elements of an array in <quednauf@nortel.co.uk>
Re: How do you delete arbitrary elements of an array in <quednauf@nortel.co.uk>
Indexing servers <clint@netcomuk.co.ukXX>
Re: Indexing servers <jwb79@mail.idt.net>
Re: Is posting via CGI script that dangerous? <jwb79@mail.idt.net>
Re: locking in perl (Allan Hawdon)
OLE and Perl <dreyer@ttc.thyssen.de>
Re: on the fly subs with special tag markers Re: method (Larry Rosler)
Re: open2 problems <Borre.Fjeldso@ericsson.no>
Re: Passing open file descriptor to an unrelated proces <htakhar@hotmail.com>
Re: Perl trivia: hash definition w/o initialization? (Larry Rosler)
Please let me have a binary perl5.004 <scgyong@dev.bbcom.co.kr>
RE: print <<STRING <jwb79@mail.idt.net>
Protecting a HTML <chinhw@postone.com>
Re: Protecting a HTML <jwb79@mail.idt.net>
Re: Protecting a HTML (brian d foy)
Re: Retrieving Links From a Search Engine Results Page? <quednauf@nortel.co.uk>
Running cgi executables in Windows http server <htakhar@hotmail.com>
Re: Running cgi executables in Windows http server <jwb79@mail.idt.net>
Re: Running cgi executables in Windows http server <quednauf@nortel.co.uk>
Re: syscall <qdtcall@esb.ericsson.se>
XML/Perl zaheed@yahoo.com
Digest Administrivia (Last modified: 8 Mar 97) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Wed, 08 Jul 1998 10:57:43 +0200
From: Harald Joerg <Harald.Joerg@mch.sni.de>
Subject: Re: -w on production code (was Re: better way of getting the last modified file?)
Message-Id: <35A33487.93DF2802@mch.sni.de>
Abigail wrote:
>
> Tina Marie Holmboe (tina@scandinaviaonline.se) wrote on MDCCLXXI
> September MCMXCIII in <URL: news:6ntfa9$c7l$1@news1.sol.no>:
> ++ In article <6nte3m$6gl$2@client3.news.psi.net>,
> ++ abigail@fnx.com (Abigail) writes:
> ++
> ++ > ++ My .5c: think twice before leaving -w on production code. It might not
> ++ > ++ always be productive...
> ++ > [...]
>
> You wrote:
> ++ And when people then use -w the net result is a furiously scrolling
> ++ screen, with absolutely *no* way of seeing any of the more serious
> ++ errors that might occur.
>
> Anything that contains "serious errors" is alpha code in my book.
In an error log the errors of *all* actions performed by the server
are concatenated. It is hard to spot a serious error in program A
when program B will print some screenfuls of warnings twice per
minute.
This does not make program B alpha code in your book ;-)
I feel that we have some confusion about the term "production code".
Not all production code is CGI. CGI itself is not "production" at all.
> ++ [...]
> ++ In other words, and again, leave off -w in *production* code. IMnsHO.
>
> Just for those once in more than a year events of upgrading Perl?
> Don't you want to know what might be broken now, or will be broken
> in the next release? Ever considered *testing* your scripts before
> installing a new version of Perl?
All scripts should be tested. With -w.
Having scripts tested by web users invoking a CGI is a different story.
You can (and should) test your CGI *with* -w, you can do so in automated
procedures if you like. Just invoke it with "perl -w mycgi".
You can test the CGI interface itself with automated web clients.
The -w flag can then tell you about errors in your HTML form
(misspelled NAME attribute), and you know *when* to look at the
error log.
You should not even consider testing production code per hand only.
But then, what more could you learn from -w on the web server?
If your script starts to produce errors you can guess that a new
version of perl (or of some module you use) has been installed.
Great.
I'd prefer to have the sysadmin send a mail when he updates the
perl installation so that I can rerun my tests. For *all*
production code, not just for the CGIs.
--
Oook,
--haj--
------------------------------
Date: Wed, 08 Jul 1998 08:45:45 GMT
From: zaheed@yahoo.com
Subject: Content Management
Message-Id: <6nvbjo$54r$1@nnrp1.dejanews.com>
Hi,
Is there any content management tool (free/com/share) out there written in
Perl? All I find is a Web Page editing not a comprehensive content
management. Any pointers/hints is welcome.
Best Regds
Zaheed
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum
------------------------------
Date: 8 Jul 1998 08:26:24 GMT
From: aajii@aajii.ton.tut.fi (Antti-Jussi Korjonen)
Subject: Cookies & Javascript+Perl
Message-Id: <6nvafg$4v6$1@baker.cc.tut.fi>
Hi!
I'm using cookies to set username and password. I use javascript to set
the cookies and perl to read them.
My problem is that is that it's ok with one session, but if I open two
browsers and try with different username and password, it f**ks up. Both
browsers start to use the username and the password, which was entered
last.
Any ideas, how the sessions could be separated?
----
@nvpairs=split(/;/, $ENV{'HTTP_COOKIE'});
foreach $pair (@nvpairs) {
($name, $value) = split(/=/, $pair);
$cookie{$name} = $value;
}
--
__/ __/ __/ __/ Antti-Jussi Korjonen
__/ __/ __/ __/ __/__/ Vaajakatu 5 D 85
__/ __/ __/ __/ __/__/ 33720 TAMPERE, FINLAND
__/ __/ __/__/__/ __/ __/ tel. +358-(0)40-577 83 23
Antti-Jussi.Korjonen@sonera.fi
--------->> http://www.students.tut.fi/~k150556 <<---------
------------------------------
Date: Wed, 08 Jul 1998 04:53:19 -0400
From: comdog@computerdog.com (brian d foy)
Subject: Re: Cookies & Javascript+Perl
Message-Id: <comdog-ya02408000R0807980453190001@news.panix.com>
Keywords: from just another new york perl hacker
In article <6nvafg$4v6$1@baker.cc.tut.fi>, Antti-Jussi.Korjonen@sonera.fi posted:
>I'm using cookies to set username and password. I use javascript to set
>the cookies and perl to read them.
>My problem is that is that it's ok with one session, but if I open two
>browsers and try with different username and password, it f**ks up. Both
>browsers start to use the username and the password, which was entered
>last.
>Any ideas, how the sessions could be separated?
give the cookies a session dependent name. see the cookie resources
in the CGI Meta FAQ.
further questions should be asked elsewhere.
good luck :)
--
brian d foy <comdog@computerdog.com>
CGI Meta FAQ <URL:http://computerdog.com/CGI_MetaFAQ.html>
Comprehensive Perl Archive Network (CPAN) <URL:http://www.perl.com>
Perl Mongers Travel Deals! <URL:http://www.pm.org/travel.html>
------------------------------
Date: 8 Jul 1998 08:29:10 GMT
From: stanley@skyking.OCE.ORST.EDU (John Stanley)
Subject: Re: Gateway
Message-Id: <6nvakm$l6f$1@news.NERO.NET>
In article <35a30170.2234785@nntp.idsonline.com>,
- <root.noharvest.\@not_even\here.com> wrote:
>"Just this guy, you know" <aaron@soltec.net> Said this:
>>is there a news to email gateway for comp.lang.perl.misc like there is for
>>the sendmail newsgroup?
>>
>>Unfortunately, I can't read newsgroups at work, and would like to keep up
>>with this one
>
>Why not? just get free agent or any usenet client, or use (if you
>absolutely have to) deja news.
Perhaps there is a rule about reading news at work. Perhaps there is no
news server available. The correct answer is not always "just install
your own software ...".
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac at ruby.oce.orst.edu.
------------------------------
Date: Wed, 08 Jul 1998 10:51:51 GMT
From: rparker@ims.ltd.uk (Richard Parker)
Subject: Re: Getting Yesterday's Date
Message-Id: <35a33424.1622369@thenews.slurp.net>
On 8 Jul 1998 04:46:13 GMT, Tom Christiansen <tchrist@mox.perl.com>
wrote:
> [courtesy cc of this posting sent to cited author via email]
>
>In comp.lang.perl.misc,
> allbery@kf8nh.apk.net writes:
>:Technically, though, he's correct: what about leap seconds? :-) :-)
>
>Leap seconds are ignored. time() is 29 seconds wrong, be definition.
>
Expain please? Checked man -s 2 time and can't see why...
Rich
------------------------------
Date: Wed, 08 Jul 1998 09:44:50 +0100
From: "F.Quednau" <quednauf@nortel.co.uk>
Subject: Re: How do you delete arbitrary elements of an array in one go?
Message-Id: <35A33182.D893C521@nortel.co.uk>
F.Quednau wrote:
>
> &sorthing(5,4,6);
>
> Gives: 546456
>
> What happens there??
perl -v
This is perl, version 5.003 with EMBED
built under hpux at Nov 21 1996 13:03:00
+ suidperl security patch
Haven't tested it at home, where I've got a newer version. Blame it on Perl, if
no one else is left!
--
____________________________________________________________
Frank Quednau
http://www.surrey.ac.uk/~me51fq
________________________________________________
------------------------------
Date: Wed, 08 Jul 1998 09:44:50 +0100
From: "F.Quednau" <quednauf@nortel.co.uk>
Subject: Re: How do you delete arbitrary elements of an array in one go?
Message-Id: <35A32182.D893C521@nortel.co.uk>
F.Quednau wrote:
>
> &sorthing(5,4,6);
>
> Gives: 546456
>
> What happens there??
perl -v
This is perl, version 5.003 with EMBED
built under hpux at Nov 21 1996 13:03:00
+ suidperl security patch
Haven't tested it at home, where I've got a newer version. Blame it on Perl, if
no one else is left!
--
____________________________________________________________
Frank Quednau
http://www.surrey.ac.uk/~me51fq
________________________________________________
------------------------------
Date: Wed, 8 Jul 1998 10:07:13 +0100
From: "Clinton Gormley" <clint@netcomuk.co.ukXX>
Subject: Indexing servers
Message-Id: <6nvcrn$hds$1@taliesin.netcom.net.uk>
I want to build a web site that works a bit like the Microsoft Knowledge
Base - so a searchable index of articles - probably a key word search rather
than full text indexing.
I'd like to do this with Perl as it's the scripting language with which I am
most familiar.
I don't have buckets of money to fling around, and ISPs in this country are
not crazy about putting huge databases onto their own servers meaning I'd
have to buy my own, unless I can build something simple.
Any ideas?
Clint
------------------------------
Date: 8 Jul 1998 09:27:28 GMT
From: "jim babbington" <jwb79@mail.idt.net>
Subject: Re: Indexing servers
Message-Id: <01bddb09$dab81e50$6488fdc7@dixon>
> I want to build a web site that works a bit like the Microsoft Knowledge
> Base - so a searchable index of articles - probably a key word search
rather
> than full text indexing.
>
> I'd like to do this with Perl as it's the scripting language with which I
am
> most familiar.
>
> I don't have buckets of money to fling around, and ISPs in this country
are
> not crazy about putting huge databases onto their own servers meaning I'd
> have to buy my own, unless I can build something simple.
>
> Any ideas?
I once wrote a "search engine" using grep to grep my html document base
and format the results to anchors that the user could click if the were
interested.
open(YAHOO,"grep -i $string *.html"|) || die "a sorry death";
while(<YAHOO>) {
($url,$match) = split(/:/);
print "<a href=$url>$match</a><hr>";
}
or somthing like that.
But to do actuall indexing requires the enforcement of business rules, and
therfore,
a database. What I mean by that, is if your dairy farmer, you may want to
explicity
map the word "utter" to several documents regarding and interested parties
needs:
$search = "utter"
select url, title from doc_base where term = $search;
results:
URL TITLE
__________ _______________
milking.html How to extract milk from a cow.
finance.html Revenue projections from Bessie, the 24 teeted bovine.
If you get my drift....
You could also enforce these rules in your perl script, but thats more of
an AI question, that would be way over my head, you may want to post this
problem
to the LISP folks......
Another way, perhaps, is to use the isindex tag, that would mark each
document
to a particular business function. This works great if the number of
documents is
small (< 50). This reuires someone to examine the document, and select the
whatever pidgeon hole it may belong in.
Jim
------------------------------
Date: 8 Jul 1998 08:05:21 GMT
From: "jim babbington" <jwb79@mail.idt.net>
Subject: Re: Is posting via CGI script that dangerous?
Message-Id: <01bddafe$616613f0$6488fdc7@dixon>
>
> I've seen loads of messages talking about how people can EASILY intercept
> information that is not passed through a secure server (SSL), I've also
noted
> some IP sniffers. IS it really that EASY to take information sent via
web
> forms/shopping carts that are not SSL?
The only "easy" thing about it is that they would not have to decrypt your
data. They would require not only sniffing tools (thats _easy_), but direct
network access where your packets pass through (like a tier 1-2 ISP).
However, if gathering sensitive information, there is no reason not to use
SSL,
since browsers will automatically switch to the httpSecure protocol. Doing
SSL
is only a minor inconvenience as a cgi script writer, and it does provide a
comfort
layer that your users WILL appreciate.
Read up on SSLEAY for providing ssl access. And/Or pick up WEB Commerce &
Security by Simson Garfinkle and Gene Spafford ISBN 1-56592-269-7 if your
serious
about making moola on the WEB
Regards,
Jim
------------------------------
Date: 8 Jul 98 10:41:30 GMT
From: udaa460@alder.cc.kcl.ac.uk (Allan Hawdon)
Subject: Re: locking in perl
Message-Id: <dUYkIeeTGUeV@alder.cc.kcl.ac.uk>
In article <6ntt2u$1i5@mozo.cc.purdue.edu>, gebis@albrecht.ecn.purdue.edu (Michael J Gebis) writes:
> Ramesh Nagarajan <ran@sgi.com> writes:
>
> }Hi,
> }Does anyone know how to lock a part of a file?? I came across flock()
> }which locks the whole file but not a small chunk of code.
>
> Assuming you're using Unix, the answer might be to use fcntl. Read
> the man pages, and I'd also suggest getting "Advanced Programming in
> the UNIX environment" by Stevens which describes the usage. The perl
> function is little more than a wrapper to the underlying C call.
> It's tricky to get it working, and it's far too ugly for this day and
> age, but them's the breaks.
Or get a proper grown up OS like VMS. The sort that knows that a file
is more than just a bag o' bytes ;-)
------------------------------
Date: Wed, 08 Jul 1998 08:58:14 +0200
From: Helmut Dreyer <dreyer@ttc.thyssen.de>
Subject: OLE and Perl
Message-Id: <35A31886.CCB576AA@ttc.thyssen.de>
Hi,
I'm trying to build some scripts in Perl doing OLE automation with
german MS Office applications (Excel and Access). At the moment I have
problems at two points:
(1)
I'm looking for the the names of objects, methods and properties of
the OLE servers in the german MS Office 97 package ... but until now
with only little success. Can anybody give me a hint where I can find
a german documentation of the OLE servers in the german MS Office 97
??
(2)
Some of the methods in the german OLE servers use
non-international-characters (e. g. "Vffnen" for "Open"). When I use
these words in a Perl script I get comilation Errors and the prog is
not executed. Can anybody give me a hint how to solve this problem ??
Thanks,
Helmut
------------------------------
Date: Wed, 8 Jul 1998 00:12:47 -0700
From: lr@hpl.hp.com (Larry Rosler)
Subject: Re: on the fly subs with special tag markers Re: methods to insert/substitute blocks of text?
Message-Id: <MPG.100cbbcac412039a989725@nntp.hpl.hp.com>
In article <35A2ECBE.2D46@flash.net> on Tue, 07 Jul 1998 22:51:26 -0500,
Dan Baker <dtbaker_@flash.net> says...
...
> TC> print template("/home/httpd/templates/simple.template", \%fields);
> TC>
> TC> sub template {
> TC> my ($filename, $fillings) = @_;
...
> ok, I'm sorta getting this, but just to make sure... I can see how the
> scalar "/home/httpd/templates/simple.template" maps right into
> $filename, but am a little confused on how the %fields list gets
> flattened into the string $fillings ??? Why wouldn't the assignment have
> to match types like:
> my ($filename, @fillings) = @_;
The second argument is a *reference* to a hash; a reference is a scalar.
Note how it is used to access the hash: $fillings->{key} which you
might find easier at first to understand as ${$fillings}{key} (where
the braces around $fillings are included only for clarity).
...
> LR> All this is somewhat beyond 'Learning Perl' but certainly clear enough
> LR> from 'Programming Perl' or perlre.
> ---------
> well I'm barely at "learning perl" when it comes to some of the subtle
> syntax... so thanx for explaining!
Reading, reproducing and playing with code written by experts like Tom C
or abigail is a good way to develop one's skills -- provided you already
have a firm grasp of the fundamentals. As I observed in response to
brian d foy, 'Learning Perl' isn't much help for answering the questions
you raised, but it is nevertheless essential that you understand it fully
and completely.
Analogy: Elementary-school students reading novels by Faulkner or Joyce.
First -- basic reading skills; second -- lots of reading and life
experience; finally -- insight and understanding of mature works.
--
Larry Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: 08 Jul 1998 10:39:53 +0200
From: =?ISO-8859-1?Q?B=F8rre_Fjelds=F8?= <Borre.Fjeldso@ericsson.no>
Subject: Re: open2 problems
Message-Id: <gvl7m1on3c6.fsf@eto.ericsson.se>
hbamford@marconi.ih.lucent.com (Harold Bamford) writes:
> In article <gvl4swt28lg.fsf@eto.ericsson.se>,
> =?ISO-8859-1?Q?B=F8rre_Fjelds=F8?= <Borre.Fjeldso@ericsson.no> wrote:
> >NEVER EVER fix a script after you paste it into a message <sigh>, hope
> >this supersede catches it...
>
> Why?
Because the first one didn't even compile.
>
> In any case, this seems to work well. Thanks. However, I really don't
> understand what the critical change was. Clearly the script is not
> hanging on the read anymore (due to checking with select), but I would
> THINK that this shouldn't be necessary -- 'cat -u' is supposed to
> output immediately. Obviously not. But it does when I use it
> interactively. Can anybody explain what is happening here?
It seems to be something with the FileHandle module. As Tom C. shows
in another post it works with glob's. I was thinking that open2's
autoflush on the writer might be messed up but neither
"$WTR->autoflush 1" nor 'select $WTR; $| = 1;' fixed the problem.
I'm stumped, anybody with an explanation?
//Bxrre
--
Bxrre Fjeldsx - bgf@dod.no - Honda VFR750 - Dod# daf - NMCU #26215
Who would have predicted... that Dubcek, who brought the tanks in in
Czechoslovakia in 1968 is now being proclaimed a hero in Czechoslovakia.
Unbelievable. -- Dan Quayle
------------------------------
Date: Wed, 08 Jul 1998 12:23:55 +0530
From: Harinder Pal Singh Takhar <htakhar@hotmail.com>
Subject: Re: Passing open file descriptor to an unrelated process
Message-Id: <35A31783.1B96@hotmail.com>
I don't think it can be done in C in UNIX.
File descriptors can only be passed to child process through a parent.
I do not know of any other way to do so.
If you know a way, please let me know.
------------------------------
Date: Wed, 8 Jul 1998 00:23:49 -0700
From: lr@hpl.hp.com (Larry Rosler)
Subject: Re: Perl trivia: hash definition w/o initialization?
Message-Id: <MPG.100cbe5e9f5d2728989726@nntp.hpl.hp.com>
In article <6nuu43$9nm@news1.panix.com> on 8 Jul 1998 04:55:31 GMT, k y n
n <NOSPAMkEynOn@panix.comNOSPAM> says...
...
> Quoth the camel: "A hash element... can only be defined if it exists,
> but the reverse doesn't necessarily hold true...". So I was curious
> about whether there was a way to define a hash corresponding to a
> whole list of key values, without initializing the individual hash
> elements. (Of course, this question falls under the heading of "Perl
> trivia"; there's nothing wrong with "%some_set = map { $_, 1 }
> @items".)
Nothing except speed. The following 'hash slice' approach is
*much* faster:
my %some_set;
@some_set{@items} = (); # The elements exist but are undefined.
Of course, you could instead set the values to 1, if you like:
@some_set{@items} = (1) x @items;
use Benchmark; to put some numbers of your own behind my speed assertion.
--
Larry Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Wed, 08 Jul 1998 17:28:55 +0900
From: "Kim, Ki-Yong" <scgyong@dev.bbcom.co.kr>
Subject: Please let me have a binary perl5.004
Message-Id: <35A32DC7.DB020129@dev.bbcom.co.kr>
I am building perl5.004_04 on the AViiON-dgux all day long.
I got so many errors installing it.
I must install a program developed on my Pentium-Linux with mSQL,
but the dgux machine refuses perl installing.
Has anyone any problem installing perl5 into dgux?
Would you help me?
- scgyong@nownuri.net -
------------------------------
Date: 8 Jul 1998 08:51:44 GMT
From: "jim babbington" <jwb79@mail.idt.net>
Subject: RE: print <<STRING
Message-Id: <01bddb04$d9edbbb0$6488fdc7@dixon>
"James Lee" <james@soft.net.uk> Said this:
>Hi People
>
>Just a quick one. I'm having a few problems with this
>
>if ()
>{
>}
>else
>{
> print <<STRING;
> text
> STRING
>}
>
>I'm getting error 'Can't find string terminator "STRING" anywhere before
>EOF'.
>
>Can anybody, shed some light.
Your indentation looks pretty, but STRING should be at the begining of the
line in your home document:
{
print <<STRING;
text
STRING
}
Perl is not finding "STRING", perl is finding "\tSTRING", and assuming that
this is
part of your home document.
Jim
------------------------------
Date: Wed, 8 Jul 1998 16:48:53 -0700
From: "Chin Heng Wee" <chinhw@postone.com>
Subject: Protecting a HTML
Message-Id: <6nvbqp$imq$1@newton2.pacific.net.sg>
Hi,
I am trying to create a Perl Script that will allow user to update an html
page.
However, for security reason, I can not allow any web user who access the
html to change it manually. At the same time I need to give the perl script
enough access to update and change the html.
All in all, changes of the HTML can be only through the Perl Script.
Questions.
1) How can I protect the html and at the same time allow the perl script the
ability to update it?
2) Where can I find extensive information about CGI and Perl security?
I am running perl 5 on unix using Apache as the web server.
Thanks for spending your precious time reading this. Any form of help is
appreciated.
Regards,
Heng Wee
------------------------------
Date: 8 Jul 1998 09:01:58 GMT
From: "jim babbington" <jwb79@mail.idt.net>
Subject: Re: Protecting a HTML
Message-Id: <01bddb06$4a848f10$6488fdc7@dixon>
> I am trying to create a Perl Script that will allow user to update an
html
> page.
>
> However, for security reason, I can not allow any web user who access the
> html to change it manually. At the same time I need to give the perl
script
> enough access to update and change the html.
>
> All in all, changes of the HTML can be only through the Perl Script.
>
> Questions.
>
> 1) How can I protect the html and at the same time allow the perl script
the
> ability to update it?
Apache CGI is configured to run as "nobody" or something like that, you
should
change that to some other GID (like "perlgroup"). Then make all html docs a
group of
"perlgroup" and give group write permission to this GID, and read access to
all others:
chmod g+w *.html
chmod o+
>
> 2) Where can I find extensive information about CGI and Perl security?
CGI progrgramming on the World Wide Web, Shishir Gundavaram, $32.95USD,
ISBN 1-56592-168-2
I don't know much about perl security, or what it might be.
>
> I am running perl 5 on unix using Apache as the web server.
>
> Thanks for spending your precious time reading this. Any form of help is
> appreciated.
>
> Regards,
> Heng Wee
------------------------------
Date: Wed, 08 Jul 1998 05:21:34 -0400
From: comdog@computerdog.com (brian d foy)
Subject: Re: Protecting a HTML
Message-Id: <comdog-ya02408000R0807980521340001@news.panix.com>
Keywords: from just another new york perl hacker
[X-Newsreader: Microsoft Internet News 4.70.1155 deleted the
citation for the previously quoted text i guess.]
In article <01bddb06$4a848f10$6488fdc7@dixon>, "jim babbington" <jwb79@_DELETE_ME_mail.idt.net> posted:
>> 1) How can I protect the html and at the same time allow the perl script
>the
>> ability to update it?
>Apache CGI is configured to run as "nobody" or something like that, you
>should
>change that to some other GID (like "perlgroup"). Then make all html docs a
>group of
>"perlgroup" and give group write permission to this GID, and read access to
>all others:
bad. bad. bad. exercise as to why left to the reader.
>> 2) Where can I find extensive information about CGI and Perl security?
see the CGI Meta FAQ and the perlsec man page. if you can't answer
your own question after checking these resources you shouldn't be
playing at this level yet. that may sound harsh, but we're talking
about the security of your server.
>I don't know much about perl security, or what it might be.
so why attempt to answer security questions? these are serious
matters best left to people not guessing.
--
brian d foy <comdog@computerdog.com>
CGI Meta FAQ <URL:http://computerdog.com/CGI_MetaFAQ.html>
Comprehensive Perl Archive Network (CPAN) <URL:http://www.perl.com>
Perl Mongers Travel Deals! <URL:http://www.pm.org/travel.html>
------------------------------
Date: Wed, 08 Jul 1998 10:16:51 +0100
From: "F.Quednau" <quednauf@nortel.co.uk>
Subject: Re: Retrieving Links From a Search Engine Results Page???
Message-Id: <35A33903.B36C42AF@nortel.co.uk>
Alan McCoy wrote:
>
> I'm trying to run a search on Metacrawler, parse the results page, retrieve
> the URLs, titles, and descriptions of the results, and return them to the
> browser.
This has been done for you:
http://abiglime.com/webmaster/articles/cgi/111197.htm
--
____________________________________________________________
Frank Quednau
http://www.surrey.ac.uk/~me51fq
________________________________________________
------------------------------
Date: Wed, 08 Jul 1998 12:31:24 +0530
From: Harinder Pal Singh Takhar <htakhar@hotmail.com>
Subject: Running cgi executables in Windows http server
Message-Id: <35A31944.45C5@hotmail.com>
I am not able to run any of my programs in cgi on any windows http
server.
The program gets started as i see an ms-dos window comming up for a
flash but no output appears on the browser which seems to keep waiting
till forever.
I tried a c program that writes to stdout
It is a simple program with
printf("Hello World");
and also Content-type: text/html
messages.
But no output apppears on the browser, it just keeps on waiting.
The web server i am using is frontpage web server.
P.S.: Do i need to make a windows executable?
Also, do i need to write to something else other than stdout?
Thank you in advance
Harinder
------------------------------
Date: 8 Jul 1998 09:07:41 GMT
From: "jim babbington" <jwb79@mail.idt.net>
Subject: Re: Running cgi executables in Windows http server
Message-Id: <01bddb07$1736c000$6488fdc7@dixon>
>
> I tried a c program that writes to stdout
> It is a simple program with
> printf("Hello World");
> and also Content-type: text/html
> messages.
> But no output apppears on the browser, it just keeps on waiting.
>
> The web server i am using is frontpage web server.
>
>
> P.S.: Do i need to make a windows executable?
I think I see 2 problems in your example:
a) your not using perl for your CGI.
b) therefore, your posting in the wrong news group
try either:
a) perl
or
b) comp.infosystems.www.authoring.cgi
Good luck,
Jim
------------------------------
Date: Wed, 08 Jul 1998 10:42:14 +0100
From: "F.Quednau" <quednauf@nortel.co.uk>
Subject: Re: Running cgi executables in Windows http server
Message-Id: <35A33EF6.295E3B4C@nortel.co.uk>
Harinder Pal Singh Takhar wrote:
>
> The program gets started as i see an ms-dos window comming up for a
> flash but no output appears on the browser which seems to keep waiting
> till forever.
please read what cgi is all about. Look on the web. Read. c g i.
please understand that a browser is a browser is a browser. A server serves the
script to the browser. A server serves. A browser browses, and nothing else. It
might know that the system knows the Perl extension, and will ask the system to
do something about that perl script, but a browser essentially browses. b r o w
s e r.
if you want to put a server on your machine, visit my hp. there is a text about
it.
Note:
In the text I recommend the Omnicron Webserver. I am not sure if I should do
that. It is alpha stuff, and yesterday it was leaking all over my memory while
testing a new script, and I could barely shut down win NT ! There you go, it was
late already...
--
____________________________________________________________
Frank Quednau
http://www.surrey.ac.uk/~me51fq
________________________________________________
------------------------------
Date: 08 Jul 1998 10:03:58 +0200
From: Calle Dybedahl <qdtcall@esb.ericsson.se>
Subject: Re: syscall
Message-Id: <is67h8py4x.fsf@godzilla.kiere.ericsson.se>
Darren K Emge <emge@insulae.neurology.umab.edu> writes:
> I am trying to write a scipt to go through and perform some file
> maintenance. I am trying to use syscall but it does not appear to work.
It works just fine, but it doesn't do anything near what you think it
does. The documentation rather assumes that you know what a syscall
is, something which I think can't be taken for granted these days.
So, a bit simplified: a syscall is a call directly into the Unix
kernel. You never need to do this, unless you're doing deeply
system-specific things.
> $SYS_zip = "gzip -r";
It looks like you want the system() function. It's described in the
perlfunc manpage. You may want to have a look at the Compress::Zlib
module as well, depending on what you want to achieve.
--
Calle Dybedahl, UNIX Sysadmin
qdtcall@esavionics.se http://www.lysator.liu.se/~calle/
------------------------------
Date: Wed, 08 Jul 1998 08:32:49 GMT
From: zaheed@yahoo.com
Subject: XML/Perl
Message-Id: <6nvari$42d$1@nnrp1.dejanews.com>
Hi,
I was wondering if anyone could give me some pointers to XML/Perl
information. All I found on the net was "Perl will support XML". But I need
some tech status type info..
Is there any projects going on.. that I can follow?
What are the current development status?
Any good info will be very helpful.
Best Regds
Zaheed
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/rg_mkgrp.xp Create Your Own Free Member Forum
------------------------------
Date: 8 Mar 97 21:33:47 GMT (Last modified)
From: Perl-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 8 Mar 97)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq". The real FAQ, as it
appeared last in the newsgroup, can be retrieved with the request "send
perl-users FAQ". Due to their sizes, neither the Meta-FAQ nor the FAQ
are included in the digest.
The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq". It appears twice
weekly in the group, but is not distributed in the digest.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V8 Issue 3092
**************************************
