Re: [cgiapp] LinkIntegrity vs ValidateQuery plugin?
Hi Mark On Tue, 2009-04-14 at 11:16 -0400, Mark Stosberg wrote: However, only validation can check if in fact I have all parameters I need in the right format. That protects against the case where my application generates a link with a valid checksum, but somehow has the wrong data in it. If I skipped validation in the receiving run mode, I open myself up for a garbage-in/garbage-out problem, or perhaps worse. Since validation on the server side is inescapable, are you /sure/ link checksumming adds something worth the effort. For instance, in menus, I renumber all items 1 .. N, no matter what db record they point to. At the same time, in the session, I save another map which reverts that 1 .. N to the 'real' id of each item. OK, so it doesn't protest against everything, but it helps validation. I did not put the logic in a separate module yet. -- Ron Savage r...@savage.net.au http://savage.net.au/index.html # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] Re: [OT] HTML::Parser::Simple, now with attribute parsing
git://github.com/ronsavage/html--parser--simple.git I've now added an attribute parser to this, and my work is in Ron's repo now. The attribute parsing is not happening by default now, but the core parsing function is available now. It looks like this, or a sub-class of it, could be fairly pure perl HTML parser that would be fairly compatible with the HTML::Parser API. I'm not sure how I feel about storing the whole document in Tree::Simple, since it means using more memory than the size of the current document. However, depending on how it was sub-classed, the use of Tree::Simple might be avoidable. My interest in this is to have a pure-perl alternative to HTML::FillInForm (which depends on the XS HTML::Parser). And the reason I want *that* is to create a cross-platform distribution of Titanium and it's dependencies. That would include the ValidateRM plugin, which depends on HTML::FillInForm. Mark -- http://mark.stosberg.com/ # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] CGI::Application::Plugin::FormBuilder?
I tried using CGI::FormBuilder but it breaks CGI::Application::Plugin::Authentication and it always shows the page as if the person is logged out. Is there a recommended way to use CGI::FormBuilder from within CGI::Application? Also, is there also a reason why there isn't a CGI::FormBuilder plugin for CGI::Application? If there isn't a reason other than it just hasn't been done, I'd like to consider that for my first public module. Thanks, Adam # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] Proposed new look and branding for cgi-app.org
Lyle Hopkins has generously worked with me to prepare this proposed redesign for cgi-app.org. I'm interested in your feedback before moving forward: http://cosmicsitedesign.com/cgi-app/ It should go without saying that the image rights will be purchased to remove the watermark, and we'll get some real text for the page. :) I'm personally very pleased with the design and see it has a huge step forward. The update addresses long standing complaints about the genericness of the name CGI::Application or that the project name includes CGI at all. The words CGI::Application also just hard to create a brand and marketing materials around. So the update emphasises the Titanium name and branding, although all the content will generally continue to refer to CGI::Application and related plugins as it does now. I realize Titanium is just one possible direction to go with CGI::Application, but overall I think it's a better name to brand and market around than CGI::Application. After collecting community feedback, I'll continue work with Lyle on refinements, and then we'll work on getting the design applied to the current wiki content. Thanks for your input, and thanks again to Lyle for making this possible. Mark -- http://mark.stosberg.com/ # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] LinkIntegrity vs ValidateQuery plugin?
On Tue, Apr 14, 2009 at 8:16 AM, Mark Stosberg m...@summersault.com wrote: However, only validation can check if in fact I have all parameters I need in the right format. That protects against the case where my application generates a link with a valid checksum, but somehow has the wrong data in it. If I skipped validation in the receiving run mode, I open myself up for a garbage-in/garbage-out problem, or perhaps worse. Wouldn't this be best solved by storing the links (or the checksum for a link) in a session? When they perform their next activity, the runmode checks to see if it (and the parameters on the URL) was one of the expected run modes when the previous page was displayed? Mark # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
[cgiapp] Re: CAP:Authentication with an enum credential
On Tue, 14 Apr 2009 01:06:38 -0400
Mark Rajcok mraj...@gmail.com wrote:
I'm using CAP:Authentication and I have a u_state field in my Users table.
The u_state field is a MySQL enum, and can be set to created, active,
restricted, or disabled.
I'm trying to figure out how I can display a Sorry, your account has been
disabled error page if a user with u_state=disabled tries to log in.
I looked at (and tried using) custom filters with CAP:Authentication, but
something like the following isn't supported syntax-wise:
CONSTRAINTS = { 'stateFilter:u_state' = (created,active,restricted)
}
Any suggestions?
I think you are right, Mark. I think you may need to write your own driver for
this.
You can copy the DBI driver and modify it, or write one from scratch, which has
the possibility of being simpler and less abstracted because it is designed
just for your case.
You could also ask Cees if he's interested in patch for enum() support in
CGI::Application::Plugin::Authentication.
Mark
# CGI::Application community mailing list
####
## To unsubscribe, or change your message delivery options, ##
## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp##
####
## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ##
## Wiki: http://cgiapp.erlbaum.net/ ##
####
[cgiapp] CGI::Application::Plugin::FormBuilder?
I tried using CGI::FormBuilder but it breaks CGI::Application::Plugin::Authentication and it always shows the page as if the person is logged out. Is there a recommended way to use CGI::FormBuilder from within CGI::Application? Also, is there also a reason why there isn't a CGI::FormBuilder plugin for CGI::Application? If there isn't a reason other than it just hasn't been done, I'd like to consider that for my first public module. Thanks, Adam # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] LinkIntegrity vs ValidateQuery plugin?
Mark Stosberg wrote: Anyone here using LinkIntegrity? How are you doing lightweight query validation? To be honest, I don't do lightweight query validation. For projects that I work on I normally just have 1 validation framework (based on D::FV) and any place that's important enough to validate I just use the same framework. Also, I normally don't care about users changing links and getting ISE's, I consider that their own fault. And if by changing a URL they can see something they aren't supposed to see, I consider that a security design flaw and usually fixed a different way. -- Michael Peters Plus Three, LP # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Proposed new look and branding for cgi-app.org
It looks wonderful. Nicely done. On Tue, Apr 14, 2009 at 11:06 PM, Mark Stosberg m...@summersault.comwrote: Lyle Hopkins has generously worked with me to prepare this proposed redesign for cgi-app.org. I'm interested in your feedback before moving forward: http://cosmicsitedesign.com/cgi-app/ It should go without saying that the image rights will be purchased to remove the watermark, and we'll get some real text for the page. :) I'm personally very pleased with the design and see it has a huge step forward. The update addresses long standing complaints about the genericness of the name CGI::Application or that the project name includes CGI at all. The words CGI::Application also just hard to create a brand and marketing materials around. So the update emphasises the Titanium name and branding, although all the content will generally continue to refer to CGI::Application and related plugins as it does now. I realize Titanium is just one possible direction to go with CGI::Application, but overall I think it's a better name to brand and market around than CGI::Application. After collecting community feedback, I'll continue work with Lyle on refinements, and then we'll work on getting the design applied to the current wiki content. Thanks for your input, and thanks again to Lyle for making this possible. Mark -- http://mark.stosberg.com/ # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## #### # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
Re: [cgiapp] Proposed new look and branding for cgi-app.org
Mark Stosberg wrote: Lyle Hopkins has generously worked with me to prepare this proposed redesign for cgi-app.org. I'm interested in your feedback before moving forward: http://cosmicsitedesign.com/cgi-app/ I like the general look and feel. The update addresses long standing complaints about the genericness of the name CGI::Application or that the project name includes CGI at all. The words CGI::Application also just hard to create a brand and marketing materials around. So the update emphasises the Titanium name and branding, although all the content will generally continue to refer to CGI::Application and related plugins as it does now. I realize Titanium is just one possible direction to go with CGI::Application, but overall I think it's a better name to brand and market around than CGI::Application. My biggest beef with Titanium is the name. It has these problems: 1) It's not googleable you can't find anything by searching for Titanium, Titanium Software or Titanium Framework. Contrast this with Jifty (which is #1) and Catalyst (which is #1 for Catalyst Framework and #6 for Catalyst Software). 2) It's not memorable. While titanium is a nice strong lightweight metal, it is kind of overused in pop-culture, at least imho. 3) It's too long. 4 syllables, come on! Maybe we could drop some syllables (like Southern US English) to make it titane or titaenyum :) Or maybe we can drop some vowels to make it more web 2.0ish: titnm :) I know we've had this debate before and it's probably out of my hands, but I've always liked taking a few swings with a stick at the deceased bodies of equine animals. -- Michael Peters Plus Three, LP # CGI::Application community mailing list #### ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp## #### ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ####
