Is this list still active, or has my workplace started to filter this...
I have not received anything since 30/Oct/2006.
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdmwebcg.jci.com/
Johnson Controls, Building Efficiency (414) 524-4025
So the big question is: If your CGI script sees an encrypted
password, and it determines that it is valid, are you allowing access
to that user based on that info alone? If so, then you might as well
be using plain text passwords, because all an attacker needs to get in
is the
So all of the perl is run on the web server, not the client. If this is
the case, that changes the nature of your question a bit.
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdm.cg.jci.com/
Johnson Controls, Controls Group (414
How are you running perl in the browser (perlscript)?
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdm.cg.jci.com/
Johnson Controls, Controls Group (414) 524-4025
bits. MD5 has the same theoretical possibility (although the chances
are much smaller).
Back to the original question - If the OP is not running a javascript
implementation of 3des, but is using a perl module, how is he running perl
in the browser?
Brian
--
Brian T. Wightman
, but if you send an encrypted password or a
plaintext password, isn't it still just a repayable token? I am having a
hard time coming up with a scenario where this would buy you more security.
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdm.cg.jci.com
suggested doing that in their manuals (might still?)
in Oracle 6 and 7 (am I dating myself now?).
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdm.cg.jci.com/
Johnson Controls, Controls Group (414) 524-4025
Sorry for the line noise, but I have not received anything from the list in
the since 14 May. Is the list just quiet, or are messages being blocked
here as canned spiced meat product?
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http
Never mind. Looks like it is just quiet.
Thanks,
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdm.cg.jci.com/
Johnson Controls, Controls Group (414) 524-4025
into Apache, rather than having to validate my own, and my
background is in security.
But, as often happens in Perl, TIMTOWTDI (There Is More Than One Way To Do
It).
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http://pdm.cg.jci.com/
Johnson Controls
away, I would probably add it
back by making C::A::HT module that I would use instead. Besides, there is
a lot of existing code out there right now that uses load_tmpl and H::T,
so...
My $0.02,
Brian
--
Brian T. Wightman[EMAIL PROTECTED]
Global Data Management http
Without seeing the Bactual/B error messages, I cannot tell you what is
going on. I can only guess. And I have made quite a few guesses already.
Brian
P.S. I read this list. Please refrain from including me on the responses
sent to the list. Thanks.
At which point you should do a use XML::Simple.
There may be some use statements inside of XML::Simple that are not being
found, because they are looking for XML::Simple::foo, not
Mylib::XML::Simple::foo.
Later,
Brian
|-+
| | [EMAIL
If this is a CGI script, try running the script outside of the web server,
from the command line. The Internal Server Error could be due to a
myriad of things. This will (hopefully) give you a little more detail as
to what is happening. Example:
myscript.cgi 'foo=barbiz=bang'
Some
[EMAIL PROTECTED] writes:
The only case where it could break functionality
is where a person would create multiple templates
and string them together, but then, that kinda
goes against the CGI::Application way where you
only output once.
I would beg to differ :)
I have a set of
of
the parameters and resetting them in the process.
Brian
Brian T. Wightman - Global Data Management
[EMAIL PROTECTED]
414-524-4025
|-+
| | [EMAIL PROTECTED]|
| | com |
| | Sent
remembered this big
potential conflict.
Not trying to flame you or anything, I just think it is a little bit of a
red herring, since any time functionality is added, you run this risk.
Document the addition and let the programmer doing the upgrade make note
of the change.
Brian
Brian T. Wightman
Never mind - missed the local won't work here Didn't have morning
$caffeine yet.
Brian
Brian T. Wightman - Global Data Management
[EMAIL PROTECTED]
414-524-4025
|-+
| | Brian.T.Wightman@|
| | jci.com
My only concern with it is if you want to overwrite a set of cookies. You
would then need to do...
$webapp-header_add(-cookie=$cookies[0]);
$webapp-header_add(-cookie=[(@cookies[1..$#cookies])]);
But trying to remember how often I have had a need to do that.
Brian
Brian T
this? Just asking before I go off and
implement it on my own.
Thanks,
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
-
Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
http
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
-
Web Archive: http://www.mail-archive.com/[EMAIL PROTECTED]/
http://marc.theaimsgroup.com/?l=cgiappr=1w=2
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
. Thanks
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
|-+
| | [EMAIL PROTECTED]|
| | edu |
| ||
| | 08/29/2003 11:52 |
| | AM
Depends what you are using on the server. The client is responsible to
encode it and send it to the server.
You will want to check the documentation in the Perl CGI module for
filefield(old old old) or upload(current).
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
eval {
$appl-run();
}
if ($@) {
$appl-Exception...
}
/CODE
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
|-+
| | [EMAIL PROTECTED]|
| ||
| | 08/19/2003 05:41
provided). C::A only knows that it is going into
runmode C.
If I am way off base, then so be it, and prune this branch of the
conversation :)
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
What about
$obj-param(blah = undef);
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
[EMAIL PROTECTED
You will also want to return undef or from redirect_to_perl, not 1,
or (I believe), you will get 1 as the contents of your document, rather
than an empty moved document.
my $two_cents;
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
How about
eval {do_something};
dienicely($@) if $@;
I might have the wrong $@ (is it $!?), but the concept is similar. Eval
allows you to catch the exception and process it with dienicely.
Good luck.
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
1 row selected.
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
[EMAIL PROTECTED
handles all
of the necessary quoting.
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
[EMAIL PROTECTED
- no problem with asking for clarification or further questions. That
is how most of us learn.
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
[EMAIL PROTECTED
Is there an example of this running? I could not find one.
Thanks,
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
jaldhar@braincel
Are you perhaps printing (unintentionally) from your application to STDOUT?
This might cause the header you are seeing to show up in the document body.
Brian
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
to your
property list.
Other opinions?
Brian T. Wightman
[EMAIL PROTECTED]
414.524.4025
P.S. (ObJoke) I suppose that tossing your redirect is better than tossing
your cookies |:o) (Sorry, couldn't resist
34 matches
Mail list logo
