Re: [mp2]"opaque string-content tables"

Jie Gao wrote: On Tue, 15 Feb 2005, Stas Bekman wrote: Date: Tue, 15 Feb 2005 18:26:07 -0500 From: Stas Bekman <[EMAIL PROTECTED]> To: Jie Gao <[EMAIL PROTECTED]> Cc: modperl@perl.apache.org Subject: Re: [mp2]"opaque string-content tables" Jie Gao wrote: [please try to trim the irrelevant chunks

Re: [mp2]"opaque string-content tables"

On Tue, 15 Feb 2005, Stas Bekman wrote: > Date: Tue, 15 Feb 2005 18:26:07 -0500 > From: Stas Bekman <[EMAIL PROTECTED]> > To: Jie Gao <[EMAIL PROTECTED]> > Cc: modperl@perl.apache.org > Subject: Re: [mp2]"opaque string-content tables" > > Jie Gao wrote: > > [please try to trim the irrelevant ch

Re: [mp2]"opaque string-content tables"

Jie Gao wrote: When you will want a performance boost, you will want to switch to libapreq2 (Apache::Request). Where is it? http://httpd.apache.org/apreq/ Thanks. I've got it over but am having trouble doing "make test": waiting 60 seconds for server to start: .Syntax error on line 29 of /opt/loc

Re: [mp2]"opaque string-content tables"

On Tue, 15 Feb 2005, Stas Bekman wrote: > Date: Tue, 15 Feb 2005 18:26:07 -0500 > From: Stas Bekman <[EMAIL PROTECTED]> > To: Jie Gao <[EMAIL PROTECTED]> > Cc: modperl@perl.apache.org > Subject: Re: [mp2]"opaque string-content tables" > > Jie Gao wrote: > > [please try to trim the irrelevant ch

Re: securing web form interaction

Hi Folks> I usually use placeholders in DBI. Is this enough for avoiding SQL > injections? Keywords: Inject, SQL, Oraclehttp://online.securityfocus.com/infocus/1644http://www.nextgenss.com/papers.htmlhttp://www.ngssoftware.com/research/papers.htmlhttp://www.ngssoftware.com/papers/advanced_sql_injec

Re: [mp2] make test errors

William McKee wrote: -8<-- Start Bug Report 8<-- 1. Problem Description: While installing mod_perl2 on a FreeBSD 5.3 jail environment, I received the following test errors: Failed Test Stat Wstat Total Fail Failed List of Failed --

Re: [mp2] Documentation patch for install.pod

William McKee wrote: I finally took the plunge and installed mp2 onto my FreeBSD virtual server. Here are a few updates to the install.pod which would have made the installation process a bit easier for me. I'm not sure about the modification I made at line ~617. I installed a static mod_perl so pr

Re: RES: MP2 Forking - Untie socket

Stas, Thank you for all this usefull informations. Regards, Vitor > vsmori wrote: > > Thanks Stas, that was usefull. > > > > From my undestanding, the right solution in MP2 would be using > > Apache::SubProcess::spawn_proc_prog function instead of forking the > > apache request child process a

Re: [mp2]"opaque string-content tables"

Jie Gao wrote: [please try to trim the irrelevant chunks from your replies :) thanks ] When you will want a performance boost, you will want to switch to libapreq2 (Apache::Request). Where is it? http://httpd.apache.org/apreq/ -- __ S

Re: [mp2]"opaque string-content tables"

On Tue, 15 Feb 2005, Stas Bekman wrote: > Date: Tue, 15 Feb 2005 18:12:26 -0500 > From: Stas Bekman <[EMAIL PROTECTED]> > To: Jie Gao <[EMAIL PROTECTED]> > Cc: modperl@perl.apache.org > Subject: Re: [mp2]"opaque string-content tables" > > Jie Gao wrote: > > What does it mean by "opaque"? >

Re: [mp2]"opaque string-content tables"

Jie Gao wrote: What does it mean by "opaque"? On the C level that means: you can put in strings and whatever you put in your get out. On the Perl level that means that we convert any scalars into strings and store that. Any special information that was in the perl scalar is not stored. So for exam

Re: RES: MP2 Forking - Untie socket

vsmori wrote: Thanks Stas, that was usefull. From my undestanding, the right solution in MP2 would be using Apache::SubProcess::spawn_proc_prog function instead of forking the apache request child process and call cleanup_for_exec (forget compat, i want to be MP2 native). Right, Vitor. But there is

Re: [mp2]"opaque string-content tables"

On Tue, 15 Feb 2005, Stas Bekman wrote: > Date: Tue, 15 Feb 2005 17:52:19 -0500 > From: Stas Bekman <[EMAIL PROTECTED]> > To: Jie Gao <[EMAIL PROTECTED]> > Cc: modperl@perl.apache.org > Subject: Re: [mp2]"opaque string-content tables" > > Jie Gao wrote: > > > > > > On Tue, 15 Feb 2005, Jie Gao

Re: [mp2]"opaque string-content tables"

Jie Gao wrote: On Tue, 15 Feb 2005, Jie Gao wrote: Date: Tue, 15 Feb 2005 08:26:07 +1100 (EST) From: Jie Gao <[EMAIL PROTECTED]> To: modperl@perl.apache.org Subject: [mp2]"opaque string-content tables" Hi All, "APR::Table allows its users to manipulate opaque string-content tables." What does it

Re: PerlMagick in an output filter

Dean Maslic wrote: Hi, Im trying to implement an output filter that modifies images using PerlMagick in a proxy environment. Since magick reads an image from a file-handle/stdin I guess I need to write the response data to a temp-file, Im not sure if its better to use the stream api's $f->read(my $

Re: measuring shared memory on linux (was [Fwd: Re: /proc/*/statm, exactly what does "shared" mean?)]

Me too, but I'm not holding my breath. We can find out how much total memory is free though, at least on Linux. That particular information is far from being useful, since there is the cache. On my (linux) machine I have 0MB of free memory and 400-500MB of cached buffers. So on linux one needs to

Re: measuring shared memory on linux (was [Fwd: Re: /proc/*/statm, exactly what does "shared" mean?)]

Suddenly, Perrin Harkins uttered: On Mon, 2005-02-14 at 18:45 -0500, Stas Bekman wrote: that approach is not very practical if change your code base constantly. Since you will have to retune things every time you change your code. I know, it's terrible, but it's all I've come up with so far. Perhap

Re: Can't get DBD::mysql installed

On Tue, 15 Feb 2005, Boysenberry Payne wrote: > It seems as though it's installed regardless... But the errors may still exist; it's good to correct, or at least fully understand, any `make test` errors you come across. This page has the correct fix for the DBD::Mysql problem:

Re: measuring shared memory on linux (was [Fwd: Re: /proc/*/statm, exactly what does "shared" mean?)]

Perrin Harkins wrote: On Mon, 2005-02-14 at 18:45 -0500, Stas Bekman wrote: that approach is not very practical if change your code base constantly. Since you will have to retune things every time you change your code. I know, it's terrible, but it's all I've come up with so far. Maybe we need t

Re: Is it safe to share a read-only dbm file opened in parent modperl?

On Tue, 15 Feb 2005, Richard Chen wrote: Im a big fan of reading read-only data files, config files, etc at server start up in startup.pl and sharing between children. There could easily be problems with my approach and i welcome the criticism =) The only time I have been burned with parent-ch

Is it safe to share a read-only dbm file opened in parent modperl?

Hi,       I recall that in general it is not a good idea to opena file in the parent modperl process and then share itamong the child modperl processes. One should open thefile separately in each of the child processes. But whatif the file is used just for read-only access? Is it stillnecessary

Re: Apache::Test for online debugging

Geoffrey Young wrote: [...] Also, a few weeks ago Stas mentioned an Apache::Test mailing list, [EMAIL PROTECTED] I joined that list and tried to post a question, but it didn't post. Anyone know if that list is working? it's [EMAIL PROTECTED] and should be ok. That's because this list have moved

Re: securing web form interaction

On Tuesday 15 February 2005 2:11 pm, Adam Prime x443 wrote: >> > $dbh->quote() everything you can. At least some of the DBD's quote numbers, even when such should not be quoted. So "quote() everying" doesn't always work. >> Or make it easy on yourself and just use placeholders. > that too, assu

RE: securing web form interaction

Assuming you aren't doing anything really weird anyway, like passing a table name as a get argument to a script or something. The whole point of using placeholders or $dbh->quote is that you don't trust anything that comes from the client to actually be valid. If you want to be sure that you a

Re: $r->document_root

> First, in my little test, I alternate between five different hosts, and > don't do the cleanup handler to put the docroot back, and everything looks > fine. you will eventually, once you get enough requests to cycle through all of the httpd children. > > Second, I couldn't get this > > $r->d

RE: $r->document_root

Thanks. Using prefork looks like a winner. After running apt-get install apache2-mpm-prefork apache2-prefork-dev My final results look like in /etc/apache2/httpd.conf PerlModule DocRoot PerlTransHandler DocRoot in DocRoot.pm I have package DocRoot; use strict; use warnings; use Apache::

Re: measuring shared memory on linux (was [Fwd: Re: /proc/*/statm, exactly what does "shared" mean?)]

On Mon, 2005-02-14 at 18:45 -0500, Stas Bekman wrote: > that approach is not very practical if change your code base constantly. > Since you will have to retune things every time you change your code. I know, it's terrible, but it's all I've come up with so far. Maybe we need to rethink how the

Re: securing web form interaction

On Feb 15, 2005, at 1:20 PM, Octavian Rasnita wrote: Don't forget to create a sound file also that will contain the pass phrase, because otherwise the blind visitors won't be able to use your site. Wow -- this is a great idea -- do have any links to sites which implement this? I'd like to see how

Re: securing web form interaction

On Tue, 2005-02-15 at 21:19 +0200, Octavian Rasnita wrote: > I usually use placeholders in DBI. Is this enough for avoiding SQL > injections? Yes. It will escape all values. - Perrin

Re: securing web form interaction

Hi, I usually use placeholders in DBI. Is this enough for avoiding SQL injections? I have made a simple test and I have seen that it seems to be enough, but... I am not sure. Thanks. Teddy - Original Message - From: "Ian Joyce" <[EMAIL PROTECTED]> To: "Adam Prime x443" <[EMAIL PROTECTE

Re: securing web form interaction

Don't forget to create a sound file also that will contain the pass phrase, because otherwise the blind visitors won't be able to use your site.

Re: Apache::Test for online debugging

> I'm transitioning to developing using Apache::Test and like it. It's a > different style of developing. > > Have you looked at the apache test docs? > > http://perl.apache.org/docs/general/testing/testing.html see also http://www.perl.com/pub/a/2003/05/22/testing.html for a kinder, gentl

Re: Apache::Test for online debugging

On Feb 15 Thomas Lochmatter wrote: > Under mod_perl 1, I used the following simple debugging > framework: > 1. apache calls DebugClient > 2. DebugClient connects to DebugServer (Unix socket) > 3. DebugServer calls the request handler with a fake > Apache object (Apache::FakeRequest) and returns

RE: securing web form interaction

that too, assuming that your DBD supports them. -Original Message- From: Ian Joyce [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 15, 2005 2:09 PM To: Adam Prime x443 Cc: Mod-Perl ((E-mail)) Subject: Re: securing web form interaction On Tue, 15 Feb 2005 14:07:22 -0500, Adam Prime x443

Re: securing web form interaction

On Tue, 15 Feb 2005 14:07:22 -0500, Adam Prime x443 <[EMAIL PROTECTED]> wrote: > > $dbh->quote() everything you can. > Or make it easy on yourself and just use placeholders. --Ian

RE: securing web form interaction

> Can anyone give me some tips for securing web form interaction? > > I'm looking specifically for 2 things: > > preemptive defense of potential SQL injection attacks > $dbh->quote() everything you can.

Re: securing web form interaction

On Feb 15, 2005, at 1:02 PM, Jonathan Vanasco wrote: Can anyone give me some tips for securing web form interaction? I'm looking specifically for 2 things: preemptive defense of potential SQL injection attacks See CGI::Untaint on CPAN for routine untainting. Sean

Re: securing web form interaction

On Feb 15, 2005, at 12:02 PM, Jonathan Vanasco wrote: preemptive defense of potential SQL injection attacks Check out mod_security -- it has this built-in. (There's an intro here: , and the main guy is

securing web form interaction

Can anyone give me some tips for securing web form interaction? I'm looking specifically for 2 things: preemptive defense of potential SQL injection attacks 'human only' readable gifs on forms to preemtively defent against bots without using some crazed throttling scheme

Re: Can't get DBD::mysql installed

Nevermind, It seems as though it's installed regardless... On Feb 15, 2005, at 11:51 AM, Boysenberry Payne wrote: Hello everyone, I'm doing a fresh install of my OS X 10.3 and am to the point where I'm trying to get DBD::mysl installed. I found a website that gives good instructions for

Can't get DBD::mysql installed

Hello everyone, I'm doing a fresh install of my OS X 10.3 and am to the point where I'm trying to get DBD::mysl installed. I found a website that gives good instructions for OS X, but I'm getting a few errors on make test (mysql.t 46-48) that stops it from getting to make install. Am

PerlMagick in an output filter

Hi, Im trying to implement an output filter that modifies images using PerlMagick in a proxy environment. Since magick reads an image from a file-handle/stdin I guess I need to write the response data to a temp-file, Im not sure if its better to use the stream api's $f->read(my $buffer, BUFF_LEN)

Re: End result of Wiki-ish system design + final question

Sorry for the double posts -- won't happen again... (grumble... you'd think that OSX's mail.app would be smart enough by now so that when you reply to a message, the default account selected is the account the message was sent to...) - ben

Apache::Test for online debugging

Under mod_perl 1, I used the following simple debugging framework: 1. apache calls DebugClient 2. DebugClient connects to DebugServer (Unix socket) 3. DebugServer calls the request handler with a fake Apache object (Apache::FakeRequest) and returns the response to the DebugClient If an error oc

Re: End result of Wiki-ish system design + final question

On Feb 14, 2005, at 10:40 AM, Martin Moss wrote: I have a few thoughts on this... In my experience writing a daemon process is easy (well ish) but then configuring your system to manage them (have they died, have they crashed etc..) is more trouble than its worth. Maybe -- although thttpd has a gre

Re: End result of Wiki-ish system design + final question

On Feb 14, 2005, at 1:54 PM, Larry Leszczynski wrote: Depending on how bulky the regen process is, one option might be to register a PerlCleanupHandler and let the httpd child do the regen after the user response is sent. I looked into this, but I didn't like the idea of httpd getting tied up. Th

Re: Using mod_php and mod_perl

Perrin Harkins wrote: On Mon, 2005-02-14 at 13:32 -0500, Jonathan Vanasco wrote: some of the general user presentation would probably develop well under php -- but I dont want to consider that at the expense of the mod_perl processes. I think it's pretty much guaranteed that it will be m