Re: Feature sets [was Re: Templating System]
On 2 Aug 2000, (Randal L. Schwartz) wrote: "Ron" == Ron Pero [EMAIL PROTECTED] writes: Ron A few days ago I sent this suggestion to Drew Taylor, who is Ron preparing a web page comparing the templating systems. He said he Ron likes the idea. The Categorical "Congratulations: you wrote a Ron templating system!" web memorial. Wow, if making suggestions here gets that kind of immediate results, let me also suggest I need a girlfriend who is travel-compatible and email friendly. Maybe one will show up. :) Not with your dancing :-P Or do you get only one wish per quarter? :) The genie is back in the bottle now :) -- Matt/ Fastnet Software Ltd. High Performance Web Specialists Providing mod_perl, XML, Sybase and Oracle solutions Email for training and consultancy availability. http://sergeant.org | AxKit: http://axkit.org
Re: mod_perl configure
Sorry, I'm not a master. But I try to answer your question. This is because your installation not successful. Try to install mod_perl again with perl-5.6.0. I 've tried it and it worked good. The script CGI you embedded is not running under mod_perl, but it run as a common CGI. The installation step like here $ perl Makefile.PL EVERYTHING=1 DO_HTTPD=1 USE_APACI=1 APACHE_SRC=../apache_1.3.6/src APACHE_PREFIX=/usr/local/apache $ make $ make test TEST_VERBOSE=1 $ make install then restart your apache Thx. On Thu, 3 Aug 2000, yusun wrote: I have installed the mod_perl and changed the httpd.conf as Alias /cgi-perl/ /usr/ns-home/cgi-bin/ Location /cgi-perl/ #AllowOverride None SetHandler perl-script PerlHandler Apache::PerlRun Options +ExecCGI allow from all PerlSendHeader On PerlSetVar PerlRunOnce On /Location When I restarted httpd, there was no error reported. But when I used the following CGI to test whether the mod_perl was working or not. The report was no. Why? ### #!/usr/bin/perl print "Content-type: text/plain\n\n"; print "Server's environment\n"; foreach ( keys %ENV ) { print "$_\t$ENV{$_}\n"; } # The result is : : GATEWAY_INTERFACE CGI/1.1 : It means that I have configured this location to run under mod_cgi and not mod_perl. How can I configure the location to run under mod_perl? Thanks!
does anyone have a fix for this?
Hello all, I'm new to the list and I'm hoping that someone could help me and explain what I'm doing wrong or how to fix this I recently compiled mod_perl-1.24 and it can run modules that I program. However I get a segmentation fault (11) when I use a :: to describe where the module is. Example This works fine - Location /hello SetHandler perl-script PerlHandler hello /Location This causes the horrible [Wed Aug 2 22:34:30 2000] [notice] child pid 4433 exit signal Segmentation fault (11) to rear its ugly head even though the module was moved to /home/httpd/perl/app. Location /hello SetHandler perl-script PerlHandler app::hello /Location to help here's a copy of my startup.pl - basic nothing special #!/usr/bin/perl BEGIN { use Apache; use lib '/home/httpd/perl'; } 1; The help is much appreciated, I've lost half my hair tearing it out trying to find the cause of this problem. Thanks, Jamie Krasnoo
Re: mod_perl configure
I have installed mod_perl as you said. And I think I have installed it successfully. If it were not, when I start apache, it would report error for I added PerlHandler Apache::PerlRun Options +ExecCGI in httpd.conf. After you install the mod_perl, do you need to configure the httpd.conf by yourselves? Thanks! - Original Message - From: "frans" [EMAIL PROTECTED] To: "yusun" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 3:53 PM Subject: Re: mod_perl configure Sorry, I'm not a master. But I try to answer your question. This is because your installation not successful. Try to install mod_perl again with perl-5.6.0. I 've tried it and it worked good. The script CGI you embedded is not running under mod_perl, but it run as a common CGI. The installation step like here $ perl Makefile.PL EVERYTHING=1 DO_HTTPD=1 USE_APACI=1 APACHE_SRC=../apache_1.3.6/src APACHE_PREFIX=/usr/local/apache $ make $ make test TEST_VERBOSE=1 $ make install then restart your apache Thx. On Thu, 3 Aug 2000, yusun wrote: I have installed the mod_perl and changed the httpd.conf as Alias /cgi-perl/ /usr/ns-home/cgi-bin/ Location /cgi-perl/ #AllowOverride None SetHandler perl-script PerlHandler Apache::PerlRun Options +ExecCGI allow from all PerlSendHeader On PerlSetVar PerlRunOnce On /Location When I restarted httpd, there was no error reported. But when I used the following CGI to test whether the mod_perl was working or not. The report was no. Why? ### #!/usr/bin/perl print "Content-type: text/plain\n\n"; print "Server's environment\n"; foreach ( keys %ENV ) { print "$_\t$ENV{$_}\n"; } # The result is : : GATEWAY_INTERFACE CGI/1.1 : It means that I have configured this location to run under mod_cgi and not mod_perl. How can I configure the location to run under mod_perl? Thanks!
Re: does anyone have a fix for this?
Hello all, I'm new to the list and I'm hoping that someone could help me and explain what I'm doing wrong or how to fix this I recently compiled mod_perl-1.24 and it can run modules that I program. However I get a segmentation fault (11) when I use a :: to describe where the module is. Example This works fine - Location /hello SetHandler perl-script PerlHandler hello /Location This causes the horrible [Wed Aug 2 22:34:30 2000] [notice] child pid 4433 exit signal Segmentation fault (11) Please read the SUPPORT file from the mod_perl distribution for information on how to supply a backtrace so we can investigate the segfault. Thanks, -- Eric
Re: Mason vs. Apache::Registry
Kelly White wrote: I am considering using either HTML::Mason or Apache::Registry for my CGI scripts, but am not sure which is faster. Would the template/pages be cached like the scripts are in Registry? Which would be faster? Obviously using Mason would make cleaner code, but it wouldn't get compiled, would it? Any help you can give is appreciated. Thanks, Like Ken said, its a feature vs. speed tradeoff: Here's some numbers for you, on the same box, which is the best way to compare: http://www.chamas.com/bench/hello_bysystem.html#group20 -- Joshua _ Joshua Chamas Chamas Enterprises Inc. NodeWorks free web link monitoring Huntington Beach, CA USA http://www.nodeworks.com1-714-625-4051
Apache::RefererBlock and ModuleConfig problem?
Ok, I've been banging my head on this one for a while. A friend asked me to look into this as a favor, and it's turned into two weeks of beating my head against stuff I don't understand. I installed his apache (1.3.11), and I even installed it with mod_perl, no problems. perl Makefile.PL had it use the src directory specified, had it build httpd for me make make install when it was done, an httpd -l showed mod_perl in there. I copied that httpd binary to his current working install, and then installed the Apache::RefererBlock stuff. untar, and then did what the instructions said to do perl Makefile.PL make make install Again, zero problems. I add the lines to httpd.conf, straight from the example on the webpage and doc files PerlModule Apache::RefererBlock PerlFixupHandler Apache::RefererBlock RefBlockMimeTypes image/gif image/jpeg RefBlockAllowed http://www.domain.com http://domain.com RefBlockRedirect http://badpeaple.com http://www.domain.com/redirect/test2.jpg RefBlockRedirect http://www.badpeople2.com/ http://www.domain.com/test2.jpg RefBlockDebug On I then issue a configtest and I get Syntax error on line 864 of /usr/local/apache/conf/httpd.conf: Can't locate loadable object for module Apache::ModuleConfig in @INC (@INC contains: /usr/local/lib/perl5/5.6.0/i686-linux /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/i686-linux /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl . /usr/local/apache/ /usr/local/apache/lib/perl) at /usr/local/lib/perl5/site_perl/5.6.0/i686-linux/mod_perl.pm line 14 Compilation failed in require at /usr/local/lib/perl5/site_perl/5.6.0/i686-linux/Apache/RefererBlock.pm line 3. BEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.6.0/i686-linux/Apache/RefererBlock.pm line 3. Compilation failed in require at (eval 4) line 3. (line 864, btw is the FixUpHandler line) I've reinstalled, gone back through all the steps. I just don't get it. I don't understand how it all made, tested, and installed just fine, but when I go to use it, it errors out. I'm not even remotely close to being able to understand this...but I was made to believe that Apache::RefererBlock was pretty easy to implement, and mod_perl installed so easily, I figured it was worth a shot. Am I just missing something REALLY stupid? Any advice, help appreciated. Redhat 6.2, apache 1.3.12, mod_perl-1.24, Apache::RefererBlock-0.03 And as asked for in the support doc - perl -V: [root@www mod_perl-1.24]# perl -V Summary of my perl5 (revision 5.0 version 6 subversion 0) configuration: Platform: osname=linux, osvers=2.2.12-20smp, archname=i686-linux uname='linux www.bearpress.com 2.2.12-20smp #1 smp mon sep 27 10:34:45 edt 1999 i686 unknown ' config_args='-de' hint=recommended, useposix=true, d_sigaction=define usethreads=undef use5005threads=undef useithreads=undef usemultiplicity=undef useperlio=undef d_sfio=undef uselargefiles=define use64bitint=undef use64bitall=undef uselongdouble=undef usesocks=undef Compiler: cc='cc', optimize='-O2', gccversion=egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) cppflags='-fno-strict-aliasing -I/usr/local/include' ccflags ='-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64' stdchar='char', d_stdstdio=define, usevfork=false intsize=4, longsize=4, ptrsize=4, doublesize=8 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 ivtype='long', ivsize=4, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8 alignbytes=4, usemymalloc=n, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -lndbm -lgdbm -ldb -ldl -lm -lc -lposix -lcrypt libc=/lib/libc-2.1.2.so, so=so, useshrplib=false, libperl=libperl.a Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Compile-time options: USE_LARGE_FILES Built under linux Compiled at Jul 18 2000 16:48:51 @INC: /usr/local/lib/perl5/5.6.0/i686-linux /usr/local/lib/perl5/5.6.0 /usr/local/lib/perl5/site_perl/5.6.0/i686-linux /usr/local/lib/perl5/site_perl/5.6.0 /usr/local/lib/perl5/site_perl And all make tests work 100% Alex, tired and off in search of coffee [Alexander Darke]-[[EMAIL PROTECTED]]--[http://www.darke.net/] ["All the best people in life seem to like LINUX." - Steve Wozniak] [---[El hombre y el oso, cuanto mas peludo mas hermoso]---] [--[Visit Woof Watch! http://www.woofwatch.com/ ]-]
Apache::Session::Lock and WinNT
Hello all, I have a problem using "acquire_write_lock" under NT4.0, httpd does not repond after this call. There is no erro in error_log. httpd seems to wait something. Apache_1.3.12 Perl_5.6.0 Apache-Session-1.51 Thank you for help Olivier
RE: Determining compile directives
On Thu, 3 Aug 2000, Geoffrey Young wrote: Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? I've tried to do this, but without success. From what I can tell, you need a live server to tie into mod_perl::hooks() to get them, and that's the only way. Hopefully, the stuff Ken Williams is doing with Apache::test will make writing live tests easier... OK, then I propose an extension. In a import(), mod_perl.pm should determine if not running under real mod_perl (i.e. $ENV{MOD_PERL}) and if not, export a %mod_perl hash containing all the compiled in directives, so that you can do: if (!$mod_perl{PERL_LOG_API}) { die "Need Apache::Log (PERL_LOG_API) enabled in mod_perl to run"; } Sound good? Doug, Eric, any thoughts? -- Matt/ Fastnet Software Ltd. High Performance Web Specialists Providing mod_perl, XML, Sybase and Oracle solutions Email for training and consultancy availability. http://sergeant.org | AxKit: http://axkit.org
Re: Apache/mod_perl, addendum
Carl, Thanks a lot! I finally got everything setup and to work. Of course, I didn't even attempt 'make test' again, but I know for sure that things are working fine, at least the initial few things. Thanks again! Carl, Pramod Sorry for popping up late, I'm overwhelmed with emails and work, the guide and the book, so I hardly manage to keep up with reading the list, I still have a huge backlog to go thru. Can you please send me the corrections I've to apply to the section dealing with stronghold in the guide so it would be easy for others to follow the guidelines? For yours and my convenience please edit the source file in pod that you can get from http://www.stason.org/guide-snapshots/ and send it to me. Thanks a lot! -Pramod At 03:02 PM 7/27/00 -0700, Carl Hansen wrote: On Thu, Jul 27, 2000 at 02:05:22PM -0700, Carl Hansen wrote: On Thu, Jul 27, 2000 at 12:02:42PM -0700, Pramod Sokke wrote: Hi, I'm trying to install mod_perl 1.24 with Stronghold 3. I know stronghold comes with mod_perl 1.22, but I want to use 1.24 same here. I don't know why stronghold can't get up to date, or give better instructions on doing the recompilation. But anyway, I was able to compile it; if anything, there are TOO MANY directions, all giving different advice. Here is some more: what i did was install stronghold via their script into /export/home/strongholdtest then cd /export/home zcat mod_perl-1.24.tar.gz | tar xvf - cd mod_perl-1.24 perl Makefile.PL APACHE_SRC=../strongholdtest/src/ DO_HTTPD=1 USE_APACI=0 EVERYTHING=1 make Note well USE_APACI=0 ie dont use it. Stronghold seems to be set up to build using the older system. You may have to go into ../strongholdtest/src/ and make sure Configuration is the way you want it. one thing I forgot to mention. in ../strongholdtest/src/Configuration edit these lines: before: EXTRA_CFLAGS=`/export/home/strongholdtest/perl/bin/perl -I/export/home/strongholdtest/perl/lib -I/export/home/strongholdtest/perl/lib/site -MExtUtils::Embed -e ccopts` EXTRA_LIBS=`/export/home/strongholdtest/perl/bin/perl -I/export/home/strongholdtest/perl/lib -I/export/home/strongholdtest/perl/lib/site -MExtUtils::Embed -e ldopts` -Lmodules/extra -L../modules/extra -lm after: EXTRA_CFLAGS=` -MExtUtils::Embed -e ccopts` EXTRA_LIBS=` -MExtUtils::Embed -e ldopts` -Lmodules/extra -L../modules/extra -lm ie remove references to their unwanted perl installation The other complication is that Stronghold comes with an installation of perl in it's own directories. I didn't want to use theirs. Look in bin. They have a wrapper script 'shperl' which just points to their version. I edited it to point to the right version. -- Carl Hansen Pictopia.com, Inc. [EMAIL PROTECTED] 510 841 6400 x 117 _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
mod_perl
I have installed the mod_perl % tar xzvf apache_x.x.x.tar.gz % tar xzvf mod_perl-x.xx.tar.gz % cd mod_perl-x.xx % perl Makefile.PL APACHE_SRC=../apache_x.x.x/src \ DO_HTTPD=1 USE_APACI=1 EVERYTHING=1 % make make test make install % cd ../apache_x.x.x % make install The report said it is success. Then Ichanged the httpd.conf as Alias /cgi-perl/ /usr/ns-home/cgi-bin/Location /cgi-perl/ #AllowOverride None SetHandler perl-script PerlHandler Apache::PerlRun Options +ExecCGI allow from all PerlSendHeader On PerlSetVar PerlRunOnce On/LocationWhen I restarted httpd, therewas no error reported.But when I used the following CGI to test whether the mod_perl was workingor not.The report was no. Why? !/usr/bin/perlprint "Content-type: text/plain\n\n"; print "Server's environment\n"; foreach ( keys %ENV ) { print "$_\t$ENV{$_}\n"; }#The result is : :GATEWAY_INTERFACE CGI/1.1 :It means that I have configured this location to run under mod_cgi and notmod_perl.How can I configure the location to run under mod_perl?Thanks!
Re: mod_perl
Yusun, your questions don't get better if you post them over and over again. Can you answer the following questions below: 1.) Have you read through the guide at http://perl.apache.org/guide/ ? Millions of people have spent thousands of hours compiling the information in there. I'm sure you will find some really valuable informatio. 2.) Does mod_perl show up in the list of compiled in modules (output from 'httpd -l')? 3.) What does perl's 'HEAD http://localhost/' tell you for your server (output)? 4.) What is the filename of your testscript? 5.) Where is it installed (directory) ? 6.) What URL are you using when you access it? 7.) Which conf-file are you modifying (full pathname)? 8.) Can you proof that modifications to the conf-file really change the servers behaviour? 9.) Which server are you starting (full pathname)? 10.) Can you substitute the "xxx" below with real version numbers? Only if you can provide answers to all questions above we will be able to take the next step in trying to figure out what you did wrong. And don't dare posting another message unless you answer "Yes" to question 1 :-) Tobias At 10:46 PM 8/3/00 +0900, you wrote: I have installed the mod_perl % tar xzvf apache_x.x.x.tar.gz % tar xzvf mod_perl-x.xx.tar.gz % cd mod_perl-x.xx % perl Makefile.PL APACHE_SRC=../apache_x.x.x/src \ DO_HTTPD=1 USE_APACI=1 EVERYTHING=1 % make make test make install % cd ../apache_x.x.x % make install The report said it is success. Then I changed the httpd.conf as Alias /cgi-perl/ /usr/ns-home/cgi-bin/ Location /cgi-perl/ #AllowOverride None SetHandler perl-script PerlHandler Apache::PerlRun Options +ExecCGI allow from all PerlSendHeader On PerlSetVar PerlRunOnce On /Location When I restarted httpd, there was no error reported. But when I used the following CGI to test whether the mod_perl was working or not. The report was no. Why? ### #!/usr/bin/perl print "Content-type: text/plain\n\n"; print "Server's environment\n"; foreach ( keys %ENV ) { print "$_\t$ENV{$_}\n"; } # The result is : : GATEWAY_INTERFACE CGI/1.1 : It means that I have configured this location to run under mod_cgi and not mod_perl. How can I configure the location to run under mod_perl? Thanks!
Re: [OT]: mmap (Was: Templating System (preview Embperl 2.0))
Paul J. Lucas writes: On Fri, 28 Jul 2000, Malcolm Beattie wrote: Assuming the kernel only keeps track of the last fault position in the file, it won't recognise that it's being read linearly (twice :-) and may well not do the async read ahead and drop behind in page cache that it would do otherwise. Once again, you'll lose performance with mmap. And reading in the file twice into two separate I/O buffers is better? I've forgotten exactly what the original situation was so I'm not sure whether it's better or not. With mmap you also have the potential disadvantage that you're taking a page fault into the kernel for every single page (say 4k or 8k) whereas with read(), a single system call will fill up a much larger buffer with data. It's also possible that the kernel can play tricks to get you the data from a read better (on some architectures it could avoid copying through the cache or it may be able to get the data transferred from the source directly into your buffer without passing through the CPU or suchlike). Basically, mmap may well be an advantage from the ease or elegance-of-coding point of view and in some cases it may win out over read() for performance/scalability or whatever but it's not a foregone conclusion and there are kernel/architecture-specific difference which may swing the balance one way or the other. Now we're getting offtopic though. I really just wanted to make the points that saying "mmap is always better than read" is not true and that there are things going on behind the scenes. --Malcolm -- Malcolm Beattie [EMAIL PROTECTED] I am looking for a Linux (and Unix Systems Programmer maybe Apache/mod_perl) job/contract Oxford University Computing Services http://users.ox.ac.uk/~mbeattie/cv.html
Re: Feature sets [was Re: Templating System]
"Randal L. Schwartz" wrote: "Ron" == Ron Pero [EMAIL PROTECTED] writes: Ron A few days ago I sent this suggestion to Drew Taylor, who is Ron preparing a web page comparing the templating systems. He said he Ron likes the idea. The Categorical "Congratulations: you wrote a Ron templating system!" web memorial. Wow, if making suggestions here gets that kind of immediate results, let me also suggest I need a girlfriend who is travel-compatible and email friendly. Maybe one will show up. :) Or do you get only one wish per quarter? :) Sorry, it's one wish per _year_. I'm a little slow that way. ;-) -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Feature sets [was Re: Templating System]
Ken Williams wrote: [EMAIL PROTECTED] (Gunther Birznieks) wrote: I am afraid that while I agree, a check system is really quite useful to me. Some things do need more quantification, but that can be done later. eg lightweight vs heavyweight is subjective. But it can be broken up into saying something like how much code needs to be loaded at start time (an issue for CGI/Perl). eg I think people would agree that the startup of CGI.pm is different from CGI::Lite which is different from cgi-lib.pl. Of course, there are many other features that you get from them that can make a difference in your program. Anyway, that is why this checklist is being designed by all of you and handled by an independent 3rd party. It's not a marketing tool. So if you complain about session support being a checkbox, I am sure that the feature name could be refined. I agree. I came up with an initial set of checkboxes (posted here last week), but I'd have no qualms about some author wanting to ditch some of those. I think a useful comparison would use feature comparisons only as a means of revealing the comparitive philosophies of the systems. I think splitting the systems into tiers (simple, average, framework) will also help to solve this problem. And of course, the feature checklist will be a continually evolving creature. Gunther, has anyone found a good home for such a comparison to be hosted? It would be cool if it were at perl.apache.org, or even better at www.perl.com or something (since it's not mod_perl specific). As long as it's easily updatable by its maintainers (and who are they?). Excellent question. I was planning to initially host the document on my home page. But I'm sure that wouldn't last for too long. I guess the initial maintainer would be me, but I would have no problem expanding that list in the future. Which brings up the question - how would it be maintained? CVS? I'm all ears... -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
.htacess security
Are .htaccess files secure? I don't want users to be able to use perl.../perl sections or any other mod_perl constructs (setting scripts to run via the Registry, for example) in .htaccess files. However, I need .htaccess files turned on so users can password protect directories site-wide (so I can't shut .htaccess files off completely.) Is there any need to worry? I can't have users writing any code that will be executed by the primary httpd process ... all user CGI execution is done via mod_cgi and SuEXEC. Thanks, -Rob Giseburt Random Quote: "When the chips are down, the buffalo is empty." (author unknown)
RE: Apache::RefererBlock and ModuleConfig problem?
[EMAIL PROTECTED] (Geoffrey Young) wrote: From: Matt Sergeant [mailto:[EMAIL PROTECTED]] Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? I've tried to do this, but without success. From what I can tell, you need a live server to tie into mod_perl::hooks() to get them, and that's the only way. Hopefully, the stuff Ken Williams is doing with Apache::test will make writing live tests easier... That would be a nice feature, yes. I'm not sure how to look at an apache binary with config file and figure out which mod_perl options it was compiled with. Anyone know whether this is possible, or would some hacking have to be done first?
Re: Feature sets [was Re: Templating System]
I think splitting the systems into tiers (simple, average, framework) will also help to solve this problem. And of course, the feature checklist will be a continually evolving creature. Absolutely agree. There is no reason to reinvent the wheel. I don't see why a complete app server system couldn't be put together in such a way as to allow the use of the individual technologies on their own. It would be one of the rare circumstances where the sum of the parts was equal to the whole. -- __ Mr. Erich L. Markert [EMAIL PROTECTED] Computer Learning Center TEL (914)422-4328 Pace University 1 Martine Ave White Plains, New York 10606-1932 Those who do not understand Unix are condemned to reinvent it, poorly. -- Henry Spencer
Re: .htacess security
On 8/3/2000 9:54 AM, Erich L. Markert at [EMAIL PROTECTED] wrote: Damn good question... I know the default apache config has a rule that prevents .htaccess files from being accessed via a URL but not from within an embedded. One way around this would be to use a database to handle accounts and use Apache::AuthDBI and then place directory access restrictions in your httpd.conf I'd like to avoid that approach if at all possible. I want the users to have a 'standard apache interface' experience ... where the way to add/remove passwords to a directory is via .htaccess. But, a web-interface to directory access might look better... One extra question: Can I turn on mod_perl SSI and have normal SSI calls at the same time? In other words, can I have one page (file.pshtml maybe) parsed by perl-extended SSI and another (file.shtml) be parsed by normal (without perl, mod_ssi?) SSI? -Rob Giseburt Random Quote: "Change is inevitable, except from a vending machine." (author unknown)
Re: .htacess security
[EMAIL PROTECTED] (Rob Giseburt) wrote: Are .htaccess files secure? I don't want users to be able to use perl.../perl sections or any other mod_perl constructs (setting scripts to run via the Registry, for example) in .htaccess files. However, I need ..htaccess files turned on so users can password protect directories site-wide (so I can't shut .htaccess files off completely.) I assume you need Perl sections in your main httpd.conf? If not, you can just shut it off altogether. Alternatively, you might want to shut it off and use a templating system to generate your httpd.conf file(s) so they don't have Perl sections in them. One extra question: Can I turn on mod_perl SSI and have normal SSI calls at the same time? In other words, can I have one page (file.pshtml maybe) parsed by perl-extended SSI and another (file.shtml) be parsed by normal (without perl, mod_ssi?) SSI? I'm not sure (I think probably not), but you can get the same effect if you use Apache::SSI for some pages and regular mod_ssi for the others.
Re: Feature sets [was Re: Templating System]
Ron Pero wrote: [cut] * Place the templating systems into a spectrum of categories, from simplest to most complex/developed. It would look approximately like this (not attempting to be complete): -Level one, simplest * Simple tag/anchor replacement * Embedded code evaluation -Level two, complete templating, but templating only * HTML::Template * Template Toolkit * HTML - Tree (??) -Level three, templating plus (added features such as session management, database integration, etc.) * Apache::ASP * Embperl * HTML::Mason * AxKit Perhaps the other dimension could be whether it is based on browsing a page that calls Perl, or invoking a Perl script that brings in a page. Then you'd have a nice 2D grid that I would think would impart a lot of information at a glance. Not that there aren't products that would go into more than one cell. Another thing to note would be whether the product is useful for generating static pages, like Template Toolkit, and (I'm sure) others.
Re: Why do variables not reinitialize when script changed?
___cliff rayman___ wrote: The perl interpreter has a one global symbol table called the stash where all global variables are referenced by package and by variable name. Since the interpreter does not go away when a script is recompiled, neither does the stash or any of the items contained within it. Some programmers are probably using this as a feature, and therefore it is unlikely that it will change. This is really standard perl stuff and it has nothing to do with Apache::Registry in particular. It is just something the average perl programmer does not come across since we usually load the interpreter, load a program, run the program, exit the interpreter. check out: http://thingy.kcilink.com/modperlguide/porting/Global_Variables_Persistence.html Thanks for the info and the link. One note though. The info in the link really doesn't pertain to my specific question: "global variables persist inside the same process from request to request" I knew that; I was surprised that they did even on a recompilation of the script, which the link info doesn't really refer to. *You* have straightened me out, on the other hand. So, lessee, BEGIN { somevar=somevalue; } ought to work for a variable I want reinitialized at compilation only... Yep, works. Thanks.
Re: Apache::RefererBlock and ModuleConfig problem?
On Thu, Aug 03, 2000 at 01:27:17PM +0100, Matt Sergeant wrote: On Thu, 3 Aug 2000, Geoffrey Young wrote: you need to specify EVERYTHING=1 or PERL_DIRECTIVE_HANDLERS=1 to enable Apache::ModuleConfig, ie perl Makefile.PL EVERYTHING=1 make etc... Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? 'http://site/perl-status?hooks' ? -- I let my mind wander and it didn't come back... Mike Hall, Unix Admin - Rock Island Communications [EMAIL PROTECTED] System Admin - riverside.org[EMAIL PROTECTED]
RE: Apache::RefererBlock and ModuleConfig problem?
-Original Message- From: Michael Hall [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 1:23 PM To: [EMAIL PROTECTED] Subject: Re: Apache::RefererBlock and ModuleConfig problem? On Thu, Aug 03, 2000 at 01:27:17PM +0100, Matt Sergeant wrote: On Thu, 3 Aug 2000, Geoffrey Young wrote: you need to specify EVERYTHING=1 or PERL_DIRECTIVE_HANDLERS=1 to enable Apache::ModuleConfig, ie perl Makefile.PL EVERYTHING=1 make etc... Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? 'http://site/perl-status?hooks' ? that's for run time - we're looking for a way to discover enabled hooks that doesn't require a running server. --Geoff -- I let my mind wander and it didn't come back... Mike Hall, Unix Admin - Rock Island Communications [EMAIL PROTECTED] System Admin - riverside.org [EMAIL PROTECTED]
RE: Apache::RefererBlock and ModuleConfig problem?
[EMAIL PROTECTED] (Geoffrey Young) wrote: -Original Message- From: Michael Hall [mailto:[EMAIL PROTECTED]] On Thu, Aug 03, 2000 at 01:27:17PM +0100, Matt Sergeant wrote: Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? 'http://site/perl-status?hooks' ? that's for run time - we're looking for a way to discover enabled hooks that doesn't require a running server. I did a little checking, and now my guess is that there isn't a way. Have a look at the C code that checks whether hooks exists (in perl_config.c): int perl_hook(char *name) { switch (*name) { case 'A': if (strEQ(name, "Authen")) #ifdef PERL_AUTHEN return 1; #else return 0; #endif if (strEQ(name, "Authz")) #ifdef PERL_AUTHZ return 1; #else return 0; #endif ... Not exactly a hash lookup. =) So currently the only way it would be possible to check for the presence of various hooks would be to start up a copy of the server and check mod_perl::hook() for each required hook. This task, though ugly, would be greatly simplified by using the patches I submitted for Apache::test. Then it could feasibly be done at Makefile.PL time, but might more naturally go into one of the 'make test' tests.
Re: Why do variables not reinitialize when script changed?
"Keith G. Murphy" wrote: ___cliff rayman___ wrote: The perl interpreter has a one global symbol table called the stash where all global variables are referenced by package and by variable name. Since the interpreter does not go away when a script is recompiled, neither does the stash or any of the items contained within it. Some programmers are probably using this as a feature, and therefore it is unlikely that it will change. This is really standard perl stuff and it has nothing to do with Apache::Registry in particular. It is just something the average perl programmer does not come across since we usually load the interpreter, load a program, run the program, exit the interpreter. check out: http://thingy.kcilink.com/modperlguide/porting/Global_Variables_Persistence.html Thanks for the info and the link. One note though. The info in the link really doesn't pertain to my specific question: "global variables persist inside the same process from request to request" I knew that; I was surprised that they did even on a recompilation of the script, which the link info doesn't really refer to. i will see if i can find a good place in the guide to add it and i'll send stas the patch. *You* have straightened me out, on the other hand. So, lessee, BEGIN { somevar=somevalue; } ought to work for a variable I want reinitialized at compilation only... i will also add the solution to my guide revisioins. :-) Yep, works. Thanks. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
Problem using ADD_MODULE option in Makefile.PL
When you use the ADD_MODULE option to pass an additional module to Apache, in the top Makefile.PL of mod_perl, like perl Makefile.PL ADD_MODULE=src/modules/jserv/libjserv.a this will result in the wrong argument to the configure script of Apache, like ... configure --enable-module=src The correct argument should have been ... configure --activate-module=src/modules/jserv/libjserv.a To fix this problem, apply the included patch to Makefile.PL I only changed the order in which the pattern matching is performed, because the pattern /([a-zA-Z0-9][a-zA-Z0-9_]*)/ will always match this string first, which is not what I want src/modules/jserv/libjserv.a I applied the fast fix, by changing the order of the pattern matchine, but I think by using this pattern as the first /([a-zA-Z0-9][a-zA-Z0-9_]*$)/ the problem is solved as well. I used version 1.3.12 of Apache and version 1.24 of mod_perl Nelson Patricio Oliveira Software Engineer, Software Consulting Engineering ExtendMedia Inc. 190, Liberty Street, Toronto, Ontario mailto:[EMAIL PROTECTED] Tel. 1-416-535-4222 (2316) Our story, http://extend.com/ patch
Should cookies expire?
I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED])
RE: Should cookies expire?
Philip Mak [EMAIL PROTECTED] asked: I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED]) Amtrak probably has set the cookie to some internal reference indicator that remembered your session's information. When you do the next page they would use the cookies info to fetch your info. Well if I were Amtrak I wouldn't want to keep around session info for everyone who was looking forever, just incase they came back. (Most probably never do.) So they tell the cookie to expire at the same time they delete the retained info on their system. Nice and clean. But that's why I'd expire a cookie, if I were Amtrak. Your milage as well as your application may vary. --- Fulko Hew, Voice: 905-333-6000 x 6010 Senior Engineering Designer, Direct: 905-333-6010 Northrop Grumman-Canada, Ltd.Fax:905-333-6050 777 Walkers Line,Home: [EMAIL PROTECTED] Burlington, Ontario, Canada, L7N 2G1 Work: [EMAIL PROTECTED]
Re: tie question
why is tie considered not very efficient i use it often.. what is 'a' much better way? Many modules which use tie also provide an object oriented interface. It's more efficient to use the OO interface according to benchmarks I've seen here. If you have two modules, one which has an OO interface and one that has a tied interface, create a wrapper to make the tie module object oriented instead of creating a wrapper to make the OO module into a tie. For such wrappers to handles, check out IO::Wrap and/or IO::WrapTie (I don't remember which). They are located in IO::Stringy on CPAN, IIRC. It's been a while. ELB -- Eric L. Brine | Chicken: The egg's way of making more eggs. [EMAIL PROTECTED] | Do you always hit the nail on the thumb? ICQ# 4629314 | An optimist thinks thorn bushes have roses.
[OT] Re: Should cookies expire?
they expire so if you leave the computer and someone else comes into the office/internet cafe/or even your computer at home, they won't be able to reestablish your session. some sites don't expire their cookies (well they do, but like in 4 years, MSN being the worst). - Original Message - From: "Philip Mak" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 11:13 AM Subject: Should cookies expire? I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED])
Re: Why do variables not reinitialize when script changed?
On Thu, 3 Aug 2000, ___cliff rayman___ wrote: "Keith G. Murphy" wrote: ___cliff rayman___ wrote: The perl interpreter has a one global symbol table called the stash where all global variables are referenced by package and by variable name. Since the interpreter does not go away when a script is recompiled, neither does the stash or any of the items contained within it. Some programmers are probably using this as a feature, and therefore it is unlikely that it will change. This is really standard perl stuff and it has nothing to do with Apache::Registry in particular. It is just something the average perl programmer does not come across since we usually load the interpreter, load a program, run the program, exit the interpreter. check out: http://thingy.kcilink.com/modperlguide/porting/Global_Variables_Persistence.html Thanks for the info and the link. One note though. The info in the link really doesn't pertain to my specific question: "global variables persist inside the same process from request to request" I knew that; I was surprised that they did even on a recompilation of the script, which the link info doesn't really refer to. i will see if i can find a good place in the guide to add it and i'll send stas the patch. I'm not sure there is a need for a patch. I think you confuse, something. When the script is recompiled all the variables belonging to the package decalared by Apache::Registry or similar are getting reset. If you require/use() some modules that declare packages and have global variables -- these won't be reset unless reloaded or initialized in your code. *You* have straightened me out, on the other hand. So, lessee, BEGIN { somevar=somevalue; } ought to work for a variable I want reinitialized at compilation only... Not if you are talking about the scripts running under Apache::Registry and friends, please read the guide. http://perl.apache.org/guide/porting.html#BEGIN_blocks i will also add the solution to my guide revisioins. :-) Yep, works. Thanks. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
RE: Apache::RefererBlock and ModuleConfig problem?
On Thu, 3 Aug 2000, Ken Williams wrote: [EMAIL PROTECTED] (Geoffrey Young) wrote: From: Matt Sergeant [mailto:[EMAIL PROTECTED]] Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? I've tried to do this, but without success. From what I can tell, you need a live server to tie into mod_perl::hooks() to get them, and that's the only way. Hopefully, the stuff Ken Williams is doing with Apache::test will make writing live tests easier... That would be a nice feature, yes. I'm not sure how to look at an apache binary with config file and figure out which mod_perl options it was compiled with. Anyone know whether this is possible, or would some hacking have to be done first? Hmm, does this help: http://perl.apache.org/guide/install.html#Discovering_whether_some_option_ _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
how to check for ssl.
I've got a section of our site where I want to force the user to connect via ssl. Inside of mod_perl, is there a parameter I can grab to see whether the connection is ssl or not? Or a way to get the port number? I went through the archives last night and couldn't find anything near this. Am I missing something way to obvious here? I checked the headers_in and nothing there would even hint that its ssl. Scott
Re: Why do variables not reinitialize when script changed?
Stas Bekman wrote: On Thu, 3 Aug 2000, ___cliff rayman___ wrote: "Keith G. Murphy" wrote: ___cliff rayman___ wrote: The perl interpreter has a one global symbol table called the stash where all global variables are referenced by package and by variable name. Since the interpreter does not go away when a script is recompiled, neither does the stash or any of the items contained within it. Some programmers are probably using this as a feature, and therefore it is unlikely that it will change. This is really standard perl stuff and it has nothing to do with Apache::Registry in particular. It is just something the average perl programmer does not come across since we usually load the interpreter, load a program, run the program, exit the interpreter. check out: http://thingy.kcilink.com/modperlguide/porting/Global_Variables_Persistence.html Thanks for the info and the link. One note though. The info in the link really doesn't pertain to my specific question: "global variables persist inside the same process from request to request" I knew that; I was surprised that they did even on a recompilation of the script, which the link info doesn't really refer to. i will see if i can find a good place in the guide to add it and i'll send stas the patch. I'm not sure there is a need for a patch. I think you confuse, something. When the script is recompiled all the variables belonging to the package decalared by Apache::Registry or similar are getting reset. If you require/use() some modules that declare packages and have global variables -- these won't be reset unless reloaded or initialized in your code. i am not sure i was crystal clear on that - thanks. we might want to add something about all of this to the guide however to make it all perfectly clear. OR, maybe it is in there and i have just not come across it yet. i am making my full sweep through the guide now. *You* have straightened me out, on the other hand. So, lessee, BEGIN { somevar=somevalue; } ought to work for a variable I want reinitialized at compilation only... Not if you are talking about the scripts running under Apache::Registry and friends, please read the guide. http://perl.apache.org/guide/porting.html#BEGIN_blocks -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
RE: Apache::RefererBlock and ModuleConfig problem?
[EMAIL PROTECTED] (Stas Bekman) wrote: On Thu, 3 Aug 2000, Ken Williams wrote: [EMAIL PROTECTED] (Geoffrey Young) wrote: From: Matt Sergeant [mailto:[EMAIL PROTECTED]] Which raises an interesting question... Is there any way for Makefile.PL to determin if a particular option was enabled at mod_perl build time? I've tried to do this, but without success. From what I can tell, you need a live server to tie into mod_perl::hooks() to get them, and that's the only way. Hopefully, the stuff Ken Williams is doing with Apache::test will make writing live tests easier... That would be a nice feature, yes. I'm not sure how to look at an apache binary with config file and figure out which mod_perl options it was compiled with. Anyone know whether this is possible, or would some hacking have to be done first? Hmm, does this help: http://perl.apache.org/guide/install.html#Discovering_whether_some_option_ I hadn't thought of that, but as the guide mentions it won't work for stripped binaries (which is the most common case, apparently). I'd like something general that I can put into Apache::test to allow people to integrate a check like this into their modules' installation procedures.
Re: how to check for ssl.
"s" == scotta [EMAIL PROTECTED] writes: s I've got a section of our site where I want to force the user to s connect via ssl. s Inside of mod_perl, is there a parameter I can grab to see whether s the connection is ssl or not? Or a way to get the port number? perldoc Apache then scan for the word "port". First line containing it is your answer. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D.Khera Communications, Inc. Internet: [EMAIL PROTECTED] Rockville, MD +1-301-545-6996 GPG MIME spoken herehttp://www.khera.org/~vivek/
Re: Feature sets [was Re: Templating System]
On Thu, 3 Aug 2000, Perrin Harkins wrote: On Thu, 3 Aug 2000, Drew Taylor wrote: Gunther, has anyone found a good home for such a comparison to be hosted? It would be cool if it were at perl.apache.org, or even better at www.perl.com or something (since it's not mod_perl specific). As long as it's easily updatable by its maintainers (and who are they?). Excellent question. I was planning to initially host the document on my home page. But I'm sure that wouldn't last for too long. I guess the initial maintainer would be me, but I would have no problem expanding that list in the future. Which brings up the question - how would it be maintained? CVS? I'm all ears... Let's create a http://sourceforge.net project for it, which will give us an instant CVS and mailing list (for people working on the documents), and allow everyone to see the work in progress. Once it's together, we can figure out how to get onto perl.com and/or perl.apache.org. Documentation maintenance is a different process from code maintenance. I'm telling this on the base of working on the guide in the last 1.5 years. The maintainer is responsible for keeping the document clean and consistent. Therefore it really makes things better if there is an owner of the documentation project and people submitting the patches to him or her. Drew, once you get an initial doc, we will give you a CVS access to the modperl-site repository, which is given to all people who do significant contribution to the project. It shouldn't take a long time. If in the future you will not be able to maintain someone else would do that, so there is no problem with that. Forking the project onto another server isn't really a good idea. _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Re: how to check for ssl.
use Apache::URI (); $r-parsed_uri-scheme; returns http or https [EMAIL PROTECTED] wrote: I've got a section of our site where I want to force the user to connect via ssl. Inside of mod_perl, is there a parameter I can grab to see whether the connection is ssl or not? Or a way to get the port number? I went through the archives last night and couldn't find anything near this. Am I missing something way to obvious here? I checked the headers_in and nothing there would even hint that its ssl. Scott -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
Naked in URL (was Re: Templating System)
"Keith G. Murphy" wrote: Are there any browsers that do not actually handle the naked '' correctly? I confess that I also missed this, though I do understand the reason: the first one's invalid HTML. It just seems to always work. Think about this: A HREF="/somehandler?email=a%40xyz.comcopy=b%40xyz.com" vs: A HREF="/somehandler?email=a%40xyz.comamp;copy=b%40xyz.com" Is the copy in the first one the HTML entity for the copyright c-in-circle character or the query string argument seperater followed by an argument named 'copy'? Different browsers will make different interpretations depending on how well they adhere to the HTML spec, their known named entity list, and how hard they try to "do the right thing" with the erroneous naked ampersand. -- Devin Ben-Hur | President / CTO | mailto:[EMAIL PROTECTED] The eMarket Group | eMerchandise.com | http://www.eMerchandise.com 503/944-5044 x228 | "The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man." -- George Bernard Shaw
Re: Feature sets [was Re: Templating System]
Stas Bekman wrote: On Thu, 3 Aug 2000, Perrin Harkins wrote: On Thu, 3 Aug 2000, Drew Taylor wrote: Gunther, has anyone found a good home for such a comparison to be hosted? It would be cool if it were at perl.apache.org, or even better at www.perl.com or something (since it's not mod_perl specific). As long as it's easily updatable by its maintainers (and who are they?). Excellent question. I was planning to initially host the document on my home page. But I'm sure that wouldn't last for too long. I guess the initial maintainer would be me, but I would have no problem expanding that list in the future. Which brings up the question - how would it be maintained? CVS? I'm all ears... Let's create a http://sourceforge.net project for it, which will give us an instant CVS and mailing list (for people working on the documents), and allow everyone to see the work in progress. Once it's together, we can figure out how to get onto perl.com and/or perl.apache.org. Documentation maintenance is a different process from code maintenance. I'm telling this on the base of working on the guide in the last 1.5 years. The maintainer is responsible for keeping the document clean and consistent. Therefore it really makes things better if there is an owner of the documentation project and people submitting the patches to him or her. Drew, once you get an initial doc, we will give you a CVS access to the modperl-site repository, which is given to all people who do significant contribution to the project. It shouldn't take a long time. Sounds great. Hopefully I will be able to have a first version out this weekend. I have been slammed at work this week, so I'll most likely be doing the writing on my personal time. I'll post when where the first draft will be located. After that we can talk CVS. BTW, you probably don't remember me, but we briefly met at ApacheCon and I attended your mod_perl classes there (and enjoyed them). :-) -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: Why do variables not reinitialize when script changed?
On Thu, 3 Aug 2000, ___cliff rayman___ wrote: Stas Bekman wrote: On Thu, 3 Aug 2000, ___cliff rayman___ wrote: "Keith G. Murphy" wrote: ___cliff rayman___ wrote: The perl interpreter has a one global symbol table called the stash where all global variables are referenced by package and by variable name. Since the interpreter does not go away when a script is recompiled, neither does the stash or any of the items contained within it. Some programmers are probably using this as a feature, and therefore it is unlikely that it will change. This is really standard perl stuff and it has nothing to do with Apache::Registry in particular. It is just something the average perl programmer does not come across since we usually load the interpreter, load a program, run the program, exit the interpreter. check out: http://thingy.kcilink.com/modperlguide/porting/Global_Variables_Persistence.html Thanks for the info and the link. One note though. The info in the link really doesn't pertain to my specific question: "global variables persist inside the same process from request to request" I knew that; I was surprised that they did even on a recompilation of the script, which the link info doesn't really refer to. i will see if i can find a good place in the guide to add it and i'll send stas the patch. I'm not sure there is a need for a patch. I think you confuse, something. When the script is recompiled all the variables belonging to the package decalared by Apache::Registry or similar are getting reset. If you require/use() some modules that declare packages and have global variables -- these won't be reset unless reloaded or initialized in your code. i am not sure i was crystal clear on that - thanks. we might want to add something about all of this to the guide however to make it all perfectly clear. OR, maybe it is in there and i have just not come across it yet. i am making my full sweep through the guide now. Well, it's a Perl issue. And as far as my memory stretches, this issue has never come up on the list. I tend to document widely encountered problems with Perl use under mod_perl. If I'd commit myself adding to the guide every problem someone ever had with Perl while using mod_perl the guide won't be 600+ pages but 6000+ pages. Remember that the bigger documentation is the harder it to navigate and to find the answer to really common problems people encounter daily. Therefore, unless this issue comes up again in the future, I see no reason to document this minor thing. I hope that Keith has solved his problem though. _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Re: Feature sets [was Re: Templating System]
Stas Bekman wrote: On Thu, 3 Aug 2000, Perrin Harkins wrote: On Thu, 3 Aug 2000, Drew Taylor wrote: Gunther, has anyone found a good home for such a comparison to be hosted? It would be cool if it were at perl.apache.org, or even better at www.perl.com or something (since it's not mod_perl specific). As long as it's easily updatable by its maintainers (and who are they?). Excellent question. I was planning to initially host the document on my home page. But I'm sure that wouldn't last for too long. I guess the initial maintainer would be me, but I would have no problem expanding that list in the future. Which brings up the question - how would it be maintained? CVS? I'm all ears... Let's create a http://sourceforge.net project for it, which will give us an instant CVS and mailing list (for people working on the documents), and allow everyone to see the work in progress. Once it's together, we can figure out how to get onto perl.com and/or perl.apache.org. Documentation maintenance is a different process from code maintenance. I'm telling this on the base of working on the guide in the last 1.5 years. The maintainer is responsible for keeping the document clean and consistent. Therefore it really makes things better if there is an owner of the documentation project and people submitting the patches to him or her. Drew, once you get an initial doc, we will give you a CVS access to the modperl-site repository, which is given to all people who do significant contribution to the project. It shouldn't take a long time. Sounds great. Hopefully I will be able to have a first version out this weekend. I have been slammed at work this week, so I'll most likely be doing the writing on my personal time. I'll post when where the first draft will be located. After that we can talk CVS. Sure, no problem. One of the current cvs access holders can commit the first release for you, and then you will be able to continue by yourself. Obviously getting all the support that you might need on the way. I hope that you write the doc is POD :) BTW, you probably don't remember me, but we briefly met at ApacheCon and I attended your mod_perl classes there (and enjoyed them). :-) :) _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
logging out
Ok folks, I am stumped. I am writing an authentication handler for our site and so far so good-it is coming on line. It makes sense. What does not make sense is how can I log myself off without having to exit the browser? If someone can point me in the right direction I shall be in your debt. TIA, -ar Angel R. Rivera, [EMAIL PROTECTED] -- Website: http://www.wolf.com Our Wolf: http://www.wolf.com/Ookami.html -- "The Quality of a person's life is in direct proportion to their commitment to excellence, regardless of their chosen field of endeavor." Vincent T. Lombardi
Re: Feature sets [was Re: Templating System]
[this goes off the list] BTW, you probably don't remember me, but we briefly met at ApacheCon and Do you have a picture online. I'm sure I'll recall once I see you again! I attended your mod_perl classes there (and enjoyed them). :-) Thanks a lot! 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/ Man, why didn't you tell us that you live in Charlotte! We have spent about 7 hours in Charlotte twice on our way to and from the Perl conference 2 weeks ago. We were bored to death as our plane was late... twice :( Are you coming to London for YAPC or ApacheCon? _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Re: Feature sets [was Re: Templating System]
I apologize, I forgot to strip the list's address when sending this. On Thu, 3 Aug 2000, Stas Bekman wrote: [this goes off the list] ...snipped... _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Re: how to check for ssl.
On Thu, 3 Aug 2000, ___cliff rayman___ wrote: use Apache::URI (); $r-parsed_uri-scheme; returns http or https Not really, you can spoof both: http://thingy.kcilink.com/modperlguide/config/Knowing_the_proxy_pass_ed_Connec.html [EMAIL PROTECTED] wrote: I've got a section of our site where I want to force the user to connect via ssl. Inside of mod_perl, is there a parameter I can grab to see whether the connection is ssl or not? Or a way to get the port number? I went through the archives last night and couldn't find anything near this. Am I missing something way to obvious here? I checked the headers_in and nothing there would even hint that its ssl. Scott -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org
Re: how to check for ssl.
On Thu, 3 Aug 2000, Stas Bekman wrote: use Apache::URI (); $r-parsed_uri-scheme; returns http or https Not really, you can spoof both: Does the user have to spoof it deliberately in order for the wrong one to be detected? If spoofing requires the user to do it on purpose, then in this case the $r-parsed_uri-scheme should be sufficient. The other method (putting HTTPS on a different port and using mod_rewrite to make it transparent) is better of course, but in case you can't do it for some reason, I think this will work too. They don't gain anything by spoofing http/https deliberately; it just makes their connection not secure. -Philip Mak ([EMAIL PROTECTED])
Re: logging out
I authenticate against a database but need to carry more information than just their name so if I have read the readme at CPAN correctely, this just may do the trick. Thanks to all who have written me. -ar depending on how you're handling the session information you may be able to just delete it in an appropriate action (/...etcetc/logout.html or whatever). In my case I'm using Apache::Session so deleting the session means the next time the user accesses a page they're assigned a new session which starts at ground zero. Angel R. Rivera, [EMAIL PROTECTED] -- Website: http://www.wolf.com Our Wolf: http://www.wolf.com/Ookami.html -- "The Quality of a person's life is in direct proportion to their commitment to excellence, regardless of their chosen field of endeavor." Vincent T. Lombardi
[Mason]Re: how to check for ssl.
On Thu, 3 Aug 2000, Stas Bekman wrote: On Thu, 3 Aug 2000, ___cliff rayman___ wrote: use Apache::URI (); $r-parsed_uri-scheme; returns http or https Not really, you can spoof both: http://thingy.kcilink.com/modperlguide/config/Knowing_the_proxy_pass_ed_Connec.html [EMAIL PROTECTED] wrote: I've got a section of our site where I want to force the user to connect via ssl. Inside of mod_perl, is there a parameter I can grab to see whether the connection is ssl or not? Or a way to get the port number? Scott I had the same problem recently, where the mod_perl backend server did not know what was happening on the front end with respect to SSL. I solved it in a way that is flexible, but perhaps overkill: I patched mod_headers.c on the frontend server to allow one to attach extra headers to requests when they are proxied to the backend. This allows you to stuff info in headers about SSL, or the remote-ip, etc. You can specify headers to set with the same substitution syntax as RewriteRule (The patch is attached) example: On the front-end server: ( cd apache_1.3.12 ; patch -p1 ProxyHeaderRewrite.p2.patch ;make install) in httpd.conf; # tell upstream server the ip of the request, and pass along the Host ProxyHeaderRewrite append X-Forwarded-For "%{REMOTE_ADDR}" ProxyHeaderRewrite append X-Frontend-Host "%{HTTP_HOST}" # tell upstream server info on SSL status VirtualHost _default_:443 SSLOptions StdEnvVars ProxyHeaderRewrite append X-SSL-Cipher "%{ENV:SSL_PROTOCOL} ${ENV:SSL_CIPHER}" /VirtualHost # tell upstream server the virtual host used ProxyHeaderRewrite append X-Frontend-Host "%{HTTP:Host}" Now, for a typical SSL request that is proxied to the back end (as plaintext), these headers are added: X-Forwarded-For: 1.2.3.4 X-Frontend-Host: my.frontend.site.com X-SSL-Cipher: SSLv3 IDEA On the backend server, parse the headers with some little perl handler in startup.pl, and stuff the info where most other modules expect it (in $r, or in environment vars): sub My::ProxyHeaderParse ($) { my $r = shift; # we'll only look at the X-Forwarded-For header if the requests # comes from our local network return OK unless ($r-connection-remote_ip =~ /^192\.168/ ); if (my ($ip) = $r-header_in('X-Forwarded-For') =~ /([^,\s]+)$/) { $r-connection-remote_ip($ip); } # mv X-Frontend-Host: into Host: header my $host_header = $r-header_in('X-Frontend-Host'); if ( defined($host_header) ) { $r-header_in('Host', $host_header) } # set up ssl env vars, if present in a X-SSL-Cipher header my $ssl_header = $r-header_in('X-SSL-Cipher'); if ( defined($ssl_header) ) { ($ENV{SSL_PROTOCOL}, $ENV{SSL_CIPHER}) = split(/ /,$ssl_header); $ENV{HTTPS} = 'ON'; # CGI.pm:protocol() require 'ON' (not 1 !) } return OK; } # called in httpd.conf # PerlPostReadRequestHandler My::ProxyHeaderParse --- apache_1.3.12.dist/src/modules/standard/mod_headers.c Wed Oct 27 02:26:53 1999 +++ apache_1.3.12/src/modules/standard/mod_headers.cThu Jul 13 16:53:11 2000 @@ -99,9 +99,52 @@ * To remove a header: * Header unset Author * + * + * Non-standard Additions: + * + *Most code is from mod_rewrite, by + * Ralf S. Engelschall + * [EMAIL PROTECTED] + *Assembled by Tim Bishop [EMAIL PROTECTED] + * + * + * HeaderRewrite (set headers to client using RewriteCond syntax) + * + * Syntax: HeaderRewrite action header rewriteValue + * + * This works the same as the header directive, except that full + * mod_rewrite RewriteCond interpolation is performed on the rewriteValue + * string. See http://www.apache.org/docs/mod/mod_rewrite.html#RewriteCond + * (Of course, back-references (%N, $N) have no meaning) + * + * + * ProxyHeaderRewrite (set headers sent to upstream servers (if proxying)) + * + * Syntax: ProxyHeaderRewrite action header rewriteValue + * + * ProxyHeaderRewrite allows you to rewrite headers sent to upstream + * servers when your server is functioning as a proxy server. + * This is useful when you want to send additional header information + * to upstream servers. + * + * Bugs: Cannot rewrite the Host header with ProxyHeaderRewrite + * + * Examples: + * + *# tell upstream server the ip of the request + *ProxyHeaderRewrite append X-Forwarded-For "%{REMOTE_ADDR}" + *# tell upstream server info on SSL status + *VirtualHost _default_:443 + *SSLOptions StdEnvVars + *ProxyHeaderRewrite append X-SSL-Cipher "%{ENV:SSL_PROTOCOL} +%{ENV:SSL_CIPHER}" + */VirtualHost + *# tell upstream server the virtual host used + *ProxyHeaderRewrite append X-Frontend-Host "%{HTTP:Host}" + * */ #include "httpd.h" +#include "http_log.h" #include "http_config.h" typedef enum { @@ -111,12
Re: [OT] Re: Should cookies expire?
And if you're on one of those systems that let's you log in once and then add anything you like to your shopping cart (and purchase it, since your account already has your credit card number), then you might *want* it to log you out after just a few minutes if you get up for another espresso and end up so involved in a conversation with a mate you meet on the way to the checkout that you entirely forget your session, and end up leaving with him ('cause you know how espresso can make you ramble until you forget what you were on about...) In other words, it depends on the system. =o] The site doesn't know that you weren't buying tickets from a PC in a public library. Better safe than sorry when a customer's money is involved. --- Jules Cisek [EMAIL PROTECTED] wrote: they expire so if you leave the computer and someone else comes into the office/internet cafe/or even your computer at home, they won't be able to reestablish your session. some sites don't expire their cookies (well they do, but like in 4 years, MSN being the worst). - Original Message - From: "Philip Mak" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 11:13 AM Subject: Should cookies expire? I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED]) __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/
Re: logging out
Angel, I recommend Apache::AuthCookie. This has worked really well for me, and allows me to use an HTML form which is much nicer for my users than the default dialog box. FWIW - I sub-classed AuthCookie to authenticate against an LDAP directory (using Net::LDAP) but you can use a RDBMS just as easily. You might also argue that it's more secure as you don't have to keep passing the username/password combination as you do with basic authentication but you should use SSL for hte authentication to be really secure. If you need to store session data, you can hook it up to Apache::Session. A combination which works superbly in my experience. Simon Wilcox. From "Angel R. Rivera" [EMAIL PROTECTED] Date 19:55:51 3 August 2000 To: [EMAIL PROTECTED] cc:(bcc: Simon Wilcox/BASE/WilliamsLea) Fax to: Subject: logging out Ok folks, I am stumped. I am writing an authentication handler for our site and so far so good-it is coming on line. It makes sense. What does not make sense is how can I log myself off without having to exit the browser? If someone can point me in the right direction I shall be in your debt. TIA, -ar Angel R. Rivera, [EMAIL PROTECTED] -- Website: http://www.wolf.com Our Wolf: http://www.wolf.com/Ookami.html -- "The Quality of a person's life is in direct proportion to their commitment to excellence, regardless of their chosen field of endeavor." Vincent T. Lombardi
Re: how to check for ssl.
Ok, so what is the PORT variable and how do i access it? Scott On 3 Aug 2000, at 22:08, Stas Bekman wrote: Not really, you can spoof both: http://thingy.kcilink.com/modperlguide/config/Knowing_the_proxy_pass_e d_Connec.html
[Apache::asp] Secure execution of scripts by users
A simple (well, maybe not exactly) question: is there a way to allow normal users to run their custom ASP scripts without endangering too much system's security (such as apache suexec or php's safe mode, or even cgiwrap..)? Thanks in advance, Andrew Tucker ___ Se vuoi un indirizzo di posta elettronica gratuito, iscriviti a http://www.katamail.com
Re: Feature sets [was Re: Templating System]
Stas Bekman wrote: Sure, no problem. One of the current cvs access holders can commit the first release for you, and then you will be able to continue by yourself. Obviously getting all the support that you might need on the way. Having recently discovered the joy of CVS, I look forward to it. Awfully nice to able to roll back to a previous version - although (knock on wood!) I haven't had to use it yet. I hope that you write the doc is POD :) I suppose I could... I was planning on having a nice checklist of features/systems that would be a pain to do in a fixed width font. An HTML table would make my life MUCH easier there. Is there something in POD that makes tables easier? -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: logging out
[EMAIL PROTECTED] wrote: I recommend Apache::AuthCookie. This has worked really well for me, and allows me to use an HTML form which is much nicer for my users than the default dialog box. FWIW - I sub-classed AuthCookie to authenticate against an LDAP directory (using Net::LDAP) but you can use a RDBMS just as easily. I have used Apache::AuthCookie also and liked it. What module did you use to authenticate against the LDAP server? We are setting one up here for internal use and I am still trying to find the best (read easiest) way to authenticate against it. -- Drew Taylor Vialogix Communications, Inc. 501 N. College Street Charlotte, NC 28202 704 370 0550 http://www.vialogix.com/
Re: how to check for ssl.
$port=$r-get_server_port(); [EMAIL PROTECTED] wrote: Ok, so what is the PORT variable and how do i access it? Scott On 3 Aug 2000, at 22:08, Stas Bekman wrote: Not really, you can spoof both: http://thingy.kcilink.com/modperlguide/config/Knowing_the_proxy_pass_e d_Connec.html -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
Re: Feature sets [was Re: Templating System]
On Thu, 3 Aug 2000, Drew Taylor wrote: Having recently discovered the joy of CVS, I look forward to it. Awfully nice to able to roll back to a previous version - although (knock on wood!) I haven't had to use it yet. I can help if you get stuck. I hope that you write the doc is POD :) I suppose I could... I was planning on having a nice checklist of features/systems that would be a pain to do in a fixed width font. An HTML table would make my life MUCH easier there. Is there something in POD that makes tables easier? Write the text in POD, and put the checklist data in with some neutral format. Then we can use a customized pod2html converter on it to generate a pretty table. XML would be a nice way to store the raw data. This might end up being kind of big for an in-line, so we could do something like "=table data_file.xml" and keep it in a separate file. (Or is it better to use "=for html" and put the rest inside that, so that it still passes syntax checks for standard POD?) Stas, do you have code available for the guide generator? That might come in handy. Drew, if this all sounds like too much trouble for the first draft and you already started in HTML, I'd say just finish that up and we'll distill it into POD later. (html2pod?) - Perrin
mod_perl installation problem
Hello, I am having a little problem attempting to install mod_perl. I build it into apache using APACI (flexible) perform a 'make' and everything goes fine. When I type 'make test' then I get the following: make[1]: Entering directory `/usr/local/mod_perl-1.24/Util' make[1]: Leaving directory `/usr/local/mod_perl-1.24/Util' cp t/conf/mod_perl_srm.conf t/conf/srm.conf ../apache_1.3.12/src/httpd -f `pwd`/t/conf/httpd.conf -X -d `pwd`/t httpd listening on port 8529 Syntax error on line 3 of /usr/local/mod_perl-1.24/t/conf/httpd.conf: Invalid command '=pod', perhaps mis-spelled or defined by a module not include d in the server configuration will write error_log to: t/logs/error_log letting apache warm up...done /usr/bin/perl t/TEST 0 still waiting for server to warm up...not ok server failed to start! (please examine t/logs/error_log) at t/TEST line 95. make: *** [run_tests] Error 146 What is pod? Could you please reply. Thanks a lot. Kind regards, Leo. __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/
Re: Feature sets [was Re: Templating System]
Perrin Harkins wrote: On Thu, 3 Aug 2000, Drew Taylor wrote: Having recently discovered the joy of CVS, I look forward to it. Awfully nice to able to roll back to a previous version - although (knock on wood!) I haven't had to use it yet. I can help if you get stuck. I hope that you write the doc is POD :) I suppose I could... I was planning on having a nice checklist of features/systems that would be a pain to do in a fixed width font. An HTML table would make my life MUCH easier there. Is there something in POD that makes tables easier? Write the text in POD, and put the checklist data in with some neutral format. Then we can use a customized pod2html converter on it to generate a pretty table. XML would be a nice way to store the raw data. This might end up being kind of big for an in-line, so we could do something like "=table data_file.xml" and keep it in a separate file. (Or is it better to use "=for html" and put the rest inside that, so that it still passes syntax checks for standard POD?) sounds like we need a good templating system to do this for us. anyone know a good templating system? sorry - couldn't resist. :-)) Stas, do you have code available for the guide generator? That might come in handy. Drew, if this all sounds like too much trouble for the first draft and you already started in HTML, I'd say just finish that up and we'll distill it into POD later. (html2pod?) - Perrin -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
Re: mod_perl installation problem
Leo Gonzalez wrote: Hello, I am having a little problem attempting to install mod_perl. I build it into apache using APACI (flexible) perform a 'make' and everything goes fine. When I type 'make test' then I get the following: --snip-- Syntax error on line 3 of /usr/local/mod_perl-1.24/t/conf/httpd.conf: Invalid command '=pod', perhaps mis-spelled or defined by a module not include d in the server configuration the httpd binary is not built with mod_perl will write error_log to: t/logs/error_log letting apache warm up...done /usr/bin/perl t/TEST 0 still waiting for server to warm up...not ok server failed to start! (please examine t/logs/error_log) at t/TEST line 95. make: *** [run_tests] Error 146 What is pod? Could you please reply. Thanks a lot. plain old documentation. it is a perl thing. the httpd binary does not have mod_perl so it is choking on it. you did not list the build steps so i am not sure where the error is. you can try to cd to the apache directory, try a make there, and then try this make test again in the mod_perl directory. Kind regards, Leo. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/
Re: Feature sets [was Re: Templating System]
"Drew" == Drew Taylor [EMAIL PROTECTED] writes: Drew I suppose I could... I was planning on having a nice checklist of Drew features/systems that would be a pain to do in a fixed width font. An Drew HTML table would make my life MUCH easier there. Is there something in Drew POD that makes tables easier? Why don't you write it as XML, then use Template::Toolkit and the DOM interface to generate what you want. /me shows hint of bias :-) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 [EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/ Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: Feature sets [was Re: Templating System]
At 05:10 PM 8/3/00 -0700, Perrin Harkins wrote: On Thu, 3 Aug 2000, Drew Taylor wrote: Having recently discovered the joy of CVS, I look forward to it. Awfully nice to able to roll back to a previous version - although (knock on wood!) I haven't had to use it yet. I can help if you get stuck. One book I would highly recommend on CVS is Open Source Development with CVS by Karl Franz Fogel. I found it to be not only highly informative but an incredibly fun read as well. Each of the semi-dry CVS chapters is followed up by a fun anecdotal chapter about open source development processes and how and why they work (esp focusing if possible on how CVS helps that process). I've also found it to be a better "advanced" reference than any of the CVS documentation I have. Somehow it just "feels" indexed better. I own no stock in Coriolis Books by the way. :) I hope that you write the doc is POD :) I suppose I could... I was planning on having a nice checklist of features/systems that would be a pain to do in a fixed width font. An HTML table would make my life MUCH easier there. Is there something in POD that makes tables easier? Write the text in POD, and put the checklist data in with some neutral format. Then we can use a customized pod2html converter on it to generate a pretty table. XML would be a nice way to store the raw data. This might end up being kind of big for an in-line, so we could do something like "=table data_file.xml" and keep it in a separate file. (Or is it better to use "=for html" and put the rest inside that, so that it still passes syntax checks for standard POD?) Stas, do you have code available for the guide generator? That might come in handy. I have to second this suggestion. Stas does make the source available to the guide generator. Download the guide from CPAN and poke around the distribution... :) We've been using it to do ALL our extropia documentation for 2 months now (actually we use a modified older version, and am waiting to get some time to upgrade since Stas has done many improvements). Does this format look familiar (albeit a little old)? http://www.extropia.com/docs/webdb/ It's really awesome. I generate standalone HTML for standalone distribution of scripts, HTML docs that integrate into the look and feel of our website, and PDF within seconds each time we make a change. :) Drew, if this all sounds like too much trouble for the first draft and you already started in HTML, I'd say just finish that up and we'll distill it into POD later. (html2pod?) Could be. Although, HTML is a pain in the ass to add onto anyway. It's a lot easier to see differences between versions of docs in POD than in HTML where you have all the formatting tags that interfere with reading diffs. Later, Gunther
Re: mod_perl
Sorry for answering late. I slept for a while. I have answered the questions you asked. By the way, did you got to the http://perl.apache.org/guide/ by youselves? If you did, you should notice, last time, all I wrote such as the install steps and the CGI script are from there. The only purpose I posted my question is to get help. The only purpose of the setting of [EMAIL PROTECTED] is to help each other solve problems. I do not like to see that kind of condemn any more. If you are an expert and gentleman, to behave like it, OK? - Original Message - From: "Tobias Hoellrich" [EMAIL PROTECTED] To: "yusun" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 11:15 PM Subject: Re: mod_perl Yusun, your questions don't get better if you post them over and over again. Can you answer the following questions below: 1.) Have you read through the guide at http://perl.apache.org/guide/ ? Millions of people have spent thousands of hours compiling the information in there. I'm sure you will find some really valuable informatio. ***yes, I have read it millions of times. 2.) Does mod_perl show up in the list of compiled in modules (output from 'httpd -l')? * Compiled-in modules: http_core.c mod_so.c mod_php4.c mod_perl.c 3.) What does perl's 'HEAD http://localhost/' tell you for your server (output)? ** The apache is working 4.) What is the filename of your testscript? * test.cgi 5.) Where is it installed (directory) ? **/usr/local/src/apache_1.3.12 %cd /usr/src %tar xzvf apache_1.24.tar.gz % tar xzvf mod_perl-1.24.tar.gz % cd mod_perl-1.24 % perl Makefile.PL APACHE_SRC=../apache_1.3.12src \ DO_HTTPD=1 USE_APACI=1 EVERYTHING=1 % make make test make install % cd ../apache_1.3.12 % make install 6.) What URL are you using when you access it? **localhost/ns-home/cgi-bin/test.cgi 7.) Which conf-file are you modifying (full pathname)? **/usr/local/apache/conf/httpd.conf 8.) Can you proof that modifications to the conf-file really change the servers behaviour? ***Yes. If I change some thing in it in a wrong way, after I $../bin/apachetl start, it will report error. 9.) Which server are you starting (full pathname)? **localhost ***/usr/local/apache/bin/apachectl start 10.) Can you substitute the "xxx" below with real version numbers? *apache_1.3.12 Only if you can provide answers to all questions above we will be able to take the next step in trying to figure out what you did wrong. And don't dare posting another message unless you answer "Yes" to question 1 :-) Tobias The real problem is why the recult is not GATEWAY_INTERFACE CGI-Perl/1.1
Re: Feature sets [was Re: Templating System]
At 05:33 PM 8/3/00 -0700, Randal L. Schwartz wrote: "Drew" == Drew Taylor [EMAIL PROTECTED] writes: Drew I suppose I could... I was planning on having a nice checklist of Drew features/systems that would be a pain to do in a fixed width font. An Drew HTML table would make my life MUCH easier there. Is there something in Drew POD that makes tables easier? Why don't you write it as XML, then use Template::Toolkit and the DOM interface to generate what you want. One problem is deciding off the bat what you want to support in terms of XML tags. Perhaps this could resolved quickly by simply mapping the POD tags to XML from the start as a lowest common denominator format. And then also using an XML Editor that helps you conform to the DOM. I have to say that I find it much easier to write in POD because it's a lowest common denominator format right off the bat. And then generate other things from it (could even generate XML and do a transform on that I guess). From my old fogey perspective, for writing raw docs, I dislike writing XML about as much as I dislike writing direct HTML. Perhaps I dislike it even more because every XML markup is different and I hate having all the XML markups I deal with swim about my small head. I already know POD and POD is a suitable LCD language, so... Another thing that is nice about a POD format from the beginning is kind of the same thing that is nice about coding in Perl. Instant gratification. I know I can see immediately the results of my writing. As opposed to going through a compile cycle because I am already writing in one of the formats I like to read docs in. I know there are XML editors out there though that can be fed a DOM of sorts. And that could probably help that issue. Anyway, I guess for these reasons I''ve been a fan of Stas' guide generator because it's easy for me and I already know POD. Although I imagine it would be an interesting addition to the Guide Generator to make it use XML instead of POD as the basis. And who knows, maybe I am just being old by suggesting that native POD has advantages over XML... and that maybe COBOL could be used to format the tables for the feature comparison. Oops, I realize I hadn't suggested that. Yet. :) Later, Gunther
Package Lexicals and PerlModule
I'm experiencing a strange variable scope issue. Normally, I expect that lexical 'my' vars declared at the package scope (i.e. at the top of a file), should be visible to subroutines declared in the same package, and should maintain their values between calls to those subroutines. Under mod_perl, I find inconsistent behaviour. It works fine when a module is loaded via the PerlModule directive in httpd.conf. However when a module is loaded via startup.pl, the package lexicals "forget" their values between calls. # Foo.pm package Foo; use strict; my $PACKAGE_LEXICAL; warn "I'm being loaded"; sub load_var { my $param = shift; $PACKAGE_LEXICAL = $param if $param; warn "PACKAGE_LEXICAL: $PACKAGE_LEXICAL\n"; } 1; # startup.pl use Foo; Foo::load_var('wubba'); With the above I expect to be able to call the following in some handler: Foo::load_var() ...and $PACKAGE_LEXICAL should still be 'wubba'. The strange thing is that this works when Foo is required in httpd.conf via a "PerlModule Foo" directive. But when Foo is pulled in via a "use Foo" in startup.pl, $PACKAGE_LEXICAL does not keep it's value. In both cases, Foo.pm gets loaded twice at startup, (there are two "I'm being loaded messages" in the logs which I'm assuming this is because PerlFreshRestart is On by default). Also in both cases, Foo.pm is being loaded by uid 0, so I'm assuming this is not a parent/child sharing problem. Can anybody see what I'm missing? The Eagle book suggests that it's best to load modules from startup.pl rather than httpd.conf. Is this not such a good idea after all? Michael
Method for clearing apache's mod_proxy cache?
We use mod_proxy to set up a reverse proxy to help regulate loads on our backend mod_perl servers. Unfortunately, whenever we change images on these backends, the change will not be immediately reflected until the proxy cache expires for that image (every 4 hours). Currently, in order to force a cache clear, we must take the proxy down and then start it again: a poor solution as it cannot be automated. (We have a tool that helps automate site updates.) We are wondering if there is a way to tell mod_proxy to clear its cache aside from doing a server restart. We have tried sending it signals to no avail, and removing the cache files manually causes the proxy server to hang. Upon inspection, there does not appear to be functions in mod_proxy that allow a cache flush, so the answer might be that it is impossible. Any insight, however, is appreciated. Thanks, Matthew Lewinski
Re: Package Lexicals and PerlModule
On Sun, 30 Jul 2000, mgraham wrote: Normally, I expect that lexical 'my' vars declared at the package scope (i.e. at the top of a file), should be visible to subroutines declared in the same package, and should maintain their values between calls to those subroutines. If you are running perl v5.6 or later, I think you can use "our" instead of "my" and it will do what you want it to do. As for why it acts this way, I'm not sure...perhaps someone else on this mailing list can shed some light on this issue. -Philip Mak ([EMAIL PROTECTED])
Re: Method for clearing apache's mod_proxy cache?
On Thu, 3 Aug 2000, Matthew Lewinski wrote: We are wondering if there is a way to tell mod_proxy to clear its cache aside from doing a server restart. We have tried sending it signals to no avail, and removing the cache files manually causes the proxy server to hang. Doesn't the built-in garbage collection just unlink files and remove directories? That shouldn't cause it to hang. Is there something unusual about your setup? - Perrin
Re: mod_perl installation problem
Here are the build steps done within the mod_perl dir: perl Makefile.PL APACHE_SRC=../apache_1.3.12/src USE_APACI=1 NO_HTTPD=1 PREP_HTTPD=1 EVERYTHING=1 make ...everything good! make test ...Syntax error on line 3 of /usr/local/mod_perl-1.24/t/conf/httpd.conf: Invalid command '=pod', perhaps mis-spelled or defined by a module not include d in the server configuration will write error_log to: t/logs/error_log letting apache warm up...done /usr/bin/perl t/TEST 0 still waiting for server to warm up...not ok server failed to start! (please examine t/logs/error_log) at t/TEST line 95. make: *** [run_tests] Error 146 Thanks for the help I really appreciate it!!! :-) Leo. P.S.; tried going into the apache_1.3.12 dir run make and then go back to the mod_perl dir but, no go! --- ___cliff rayman___ [EMAIL PROTECTED] wrote: Leo Gonzalez wrote: Hello, I am having a little problem attempting to install mod_perl. I build it into apache using APACI (flexible) perform a 'make' and everything goes fine. When I type 'make test' then I get the following: --snip-- Syntax error on line 3 of /usr/local/mod_perl-1.24/t/conf/httpd.conf: Invalid command '=pod', perhaps mis-spelled or defined by a module not include d in the server configuration the httpd binary is not built with mod_perl will write error_log to: t/logs/error_log letting apache warm up...done /usr/bin/perl t/TEST 0 still waiting for server to warm up...not ok server failed to start! (please examine t/logs/error_log) at t/TEST line 95. make: *** [run_tests] Error 146 What is pod? Could you please reply. Thanks a lot. plain old documentation. it is a perl thing. the httpd binary does not have mod_perl so it is choking on it. you did not list the build steps so i am not sure where the error is. you can try to cd to the apache directory, try a make there, and then try this make test again in the mod_perl directory. Kind regards, Leo. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ __ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/
Seg fault (11) backtrace (long email) - was RE: does anyone have a fix for this?
Perl -V output: Summary of my perl5 (5.0 patchlevel 5 subversion 3) configuration: Platform: osname=linux, osvers=2.2.5-22smp, archname=i386-linux uname='linux porky.devel.redhat.com 2.2.5-22smp #1 smp wed jun 2 09:11:51 edt 1999 i686 unknown ' hint=recommended, useposix=true, d_sigaction=define usethreads=undef useperlio=undef d_sfio=undef Compiler: cc='cc', optimize='-O2 -m486 -fno-strength-reduce', gccversion=egcs-2.91.66 19990314/Linux (egcs-1.1.2 release) cppflags='-Dbool=char -DHAS_BOOL -I/usr/local/include' ccflags ='-Dbool=char -DHAS_BOOL -I/usr/local/include' stdchar='char', d_stdstdio=undef, usevfork=false intsize=4, longsize=4, ptrsize=4, doublesize=8 d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12 alignbytes=4, usemymalloc=n, prototype=define Linker and Libraries: ld='cc', ldflags =' -L/usr/local/lib' libpth=/usr/local/lib /lib /usr/lib libs=-lnsl -ldl -lm -lc -lposix -lcrypt libc=, so=so, useshrplib=false, libperl=libperl.a Dynamic Linking: dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-rdynamic' cccdlflags='-fpic', lddlflags='-shared -L/usr/local/lib' Characteristics of this binary (from libperl): Built under linux Compiled at Feb 2 2000 15:35:58 @INC: /usr/lib/perl5/5.00503/i386-linux /usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/i386-linux /usr/lib/perl5/site_perl/5.005 Apache version 1.3.12. mod_perl version 1.24 Options: EVERYTHING=1 APACHE_SRC=../apache-1.3.12/src USE_APACI=1 DO_HTTPD=1 PERL_DEBUG=1 \ APACI_ARGS='--with-layout=RedHat --enable-module=rewrite --enable-module=inf o --enable-module=usertrack --enable-module=unique_id' test results: All tests successful, 4 tests skipped. Files=34, Tests=418, 27 wallclock secs (21.67 cusr + 2.58 csys = 24.25 CPU) kill `cat t/logs/httpd.pid` rm -f t/logs/httpd.pid rm -f t/logs/error_log Ok, Heres the backtrace I did. Program received signal SIGSEGV, Segmentation fault. 0x8086ef0 in perl_handler_ismethod () (gdb) bt #0 0x8086ef0 in perl_handler_ismethod () #1 0x8087bc3 in perl_call_handler () #2 0x80875cb in perl_run_stacked_handlers () #3 0x80859bd in perl_handler () #4 0x80a1db3 in ap_invoke_handler () #5 0x80b5289 in ap_some_auth_required () #6 0x80b52ec in ap_process_request () #7 0x80acbde in ap_child_terminate () #8 0x80acd6c in ap_child_terminate () #9 0x80acec9 in ap_child_terminate () #10 0x80ad4f6 in ap_child_terminate () #11 0x80adc83 in main () #12 0x400d09cb in __libc_start_main (main=0x80ad93c main, argc=4, argv=0xbb74, init=0x8060180 _init, fini=0x81271fc _fini, rtld_fini=0x4000ae60 _dl_fini, stack_end=0xbb6c) at ../sysdeps/generic/libc-start.c:92 I also did an strace I hope its of some help - gettimeofday({965330042, 362731}, NULL) = 0 stat("/web/myeboard/markup/html/hello", 0xb93c) = -1 ENOENT (No such file or directory) stat("/web/myeboard/markup/html", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 open("/web/myeboard/markup/html/", O_RDONLY|O_NONBLOCK|O_DIRECTORY) = 5 fstat(5, {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 getdents(5, /* 5 entries */, 3933) = 96 getdents(5, /* 0 entries */, 3933) = 0 close(5)= 0 rt_sigaction(SIGALRM, NULL, {0x80aa050, [], SA_INTERRUPT|0x400}, 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 open("/web/myeboard/perl/app/hello.pm", O_RDONLY) = 5 fstat64(0x5, 0xbfffd0e8)= 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x401b read(5, "package hello;\n\nuse strict;\nuse "..., 4096) = 364 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 rt_sigprocmask(SIG_BLOCK, NULL, [], 8) = 0 read(5, "", 4096) = 0 close(5)= 0 munmap(0x401b, 4096)= 0 --- SIGSEGV (Segmentation fault) --- I think I know what the problem is. If the module doesn't have its directory in the package declaration, it will seg fault. If its there, it runs fine. But even so, the server should give an error and complain that it can't find app::hello::handler instead of segmenting. The problem can be replicated with a simple hello world module. in the conf file is this Location /hello SetHandler perl-script PerlHandler app::hello /Location with the directory structure as /home/httpd/perl/app and the hello.pm residing in app. Run with the package declaration as "package app::hello;" then as "package hello;" -- should seg fault on this one and single server should die. I tried this with both stock RedHat kernel and 2.4.0-test5 kernel, same results both seg fault and tests normal. Still learning, Jamie Krasnoo I apologize for the lengthy email.
Re: mod_perl
Thanks! You solve my problem. I had set directory /home/*/cgi-bin SetHandler cgi-script So, though I set SetHandler perl-script in Location /home/my/cgi-bin, it still worked as cgi-script. Now I change the directory to /usr/local/apache/htdocs/test. Then it works well. The report is GATEWAY_INTERFACE CGI-Perl/1.1 Thanks - Original Message - From: "Tom Brown" [EMAIL PROTECTED] To: "yusun" [EMAIL PROTECTED] Sent: Friday, August 04, 2000 12:16 PM Subject: Re: mod_perl you've obviously got a ScriptAlias in place for that directory... you _must_ ... either that or you've set mod_cgi as the handler for *.cgi scripts somewhere. I don't remember the start of this thread, so I don't know what fragments of your httpd.conf file you have posted... but some of the directories you listed below seem very strange... your test script is in /usr/src/apache/ ? I'd expect it under /home/httpd/ or something like that... e.g. a web_content directory Also your test URL seems a little strange "http://localhost/ns-home/cgi-bin/test.cgi" ... as a rule, mod_perl is _not_ used for a /cgi-bin/ directory, a script alias is used to hand all files in that directory off to mod_cgi... try running your script from another directory... On Fri, 4 Aug 2000, yusun wrote: Sorry for answering late. I slept for a while. I have answered the questions you asked. By the way, did you got to the http://perl.apache.org/guide/ by youselves? If you did, you should notice, last time, all I wrote such as the install steps and the CGI script are from there. The only purpose I posted my question is to get help. The only purpose of the setting of [EMAIL PROTECTED] is to help each other solve problems. I do not like to see that kind of condemn any more. If you are an expert and gentleman, to behave like it, OK? - Original Message - From: "Tobias Hoellrich" [EMAIL PROTECTED] To: "yusun" [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 03, 2000 11:15 PM Subject: Re: mod_perl Yusun, your questions don't get better if you post them over and over again. Can you answer the following questions below: 1.) Have you read through the guide at http://perl.apache.org/guide/ ? Millions of people have spent thousands of hours compiling the information in there. I'm sure you will find some really valuable informatio. ***yes, I have read it millions of times. 2.) Does mod_perl show up in the list of compiled in modules (output from 'httpd -l')? * Compiled-in modules: http_core.c mod_so.c mod_php4.c mod_perl.c 3.) What does perl's 'HEAD http://localhost/' tell you for your server (output)? ** The apache is working 4.) What is the filename of your testscript? * test.cgi 5.) Where is it installed (directory) ? **/usr/local/src/apache_1.3.12 %cd /usr/src %tar xzvf apache_1.24.tar.gz % tar xzvf mod_perl-1.24.tar.gz % cd mod_perl-1.24 % perl Makefile.PL APACHE_SRC=../apache_1.3.12src \ DO_HTTPD=1 USE_APACI=1 EVERYTHING=1 % make make test make install % cd ../apache_1.3.12 % make install 6.) What URL are you using when you access it? **localhost/ns-home/cgi-bin/test.cgi 7.) Which conf-file are you modifying (full pathname)? **/usr/local/apache/conf/httpd.conf 8.) Can you proof that modifications to the conf-file really change the servers behaviour? ***Yes. If I change some thing in it in a wrong way, after I $../bin/apachetl start, it will report error. 9.) Which server are you starting (full pathname)? **localhost ***/usr/local/apache/bin/apachectl start 10.) Can you substitute the "xxx" below with real version numbers? *apache_1.3.12 Only if you can provide answers to all questions above we will be able to take the next step in trying to figure out what you did wrong. And don't dare posting another message unless you answer "Yes" to question 1 :-) Tobias The real problem is why the recult is not GATEWAY_INTERFACE CGI-Perl/1.1 -- [EMAIL PROTECTED] | What I like about deadlines is the lovely http://BareMetal.com/ | whooshing they make as they rush past. web hosting since '95 | - Douglas Adams
RE: Should cookies expire?
It's not the cookie that's expiring, per se, but the server side information that corresponds to the cookie. Indeed the fact that the site could tell you that the session had expired indicates that the cookie itself did not expire. As to why they must/should expire, remember that system resources are consumed by every session that is created. These system resources might be rows in a database table or files in a file system or whatever means the site designers are using to implement sessioning. Sessions that have been inactive for some period are usually garbage collected on the server side. The expiration time for a session is up to the site designer and is usually a function of how busy the site is expected to be and the amount of system resources available for session info. Of course, in sites where all the session information is contained in the cookie itself, this is not an issue, but on many sites the amount of information that is needed to be stored on a per-session basis is a bit large for a cookie. -Paul -Original Message- From: Philip Mak [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 03, 2000 2:14 PM To: [EMAIL PROTECTED] Subject: Should cookies expire? I have a general question about websites that use cookies to store session information: Why should they expire at all? Let me give you an example. Yesterday, I was at Amtrak Rail's website to purchase train tickets. Now, I multitask a lot, and sometimes I might leave one browser window idle while I go to do something else. So I'm browsing the possible rides I can get on, then I do something else for half an hour. I go back to the browser window with Amtrak, and then when I click something it tells me that my session has expired and I'll have to login again! Gritting my teeth, I login again and start the process over. This time I finish the reservation and minimize the window. Later that night, I want to check my reservation again. I maximize that window and click something ... oops, session expired again! I realize that in a computer lab environment, automatic session expiration may be needed for security purposes, but I think in the situation mentioned above, it was excessive. What do people think about this? -Philip Mak ([EMAIL PROTECTED])
Re: logging out
Angel R. Rivera ([EMAIL PROTECTED]) said something to this effect: Ok folks, I am stumped. I am writing an authentication handler for our site and so far so good-it is coming on line. It makes sense. What does not make sense is how can I log myself off without having to exit the browser? If someone can point me in the right direction I shall be in your debt. TIA, -ar If you are using Apache's authentication (i.e., having Apache send an Auth Required header), then the only way is to close the browser. The approach I like is something like this: It requires two AuthHandlers, and cookies. Set up a Location that doesn't exists, like /some/where/that/doesnt/exist, and set your first AuthHandler to work on that uri. In this auth handler, do the password checks and set a cookie if the checks pass (i.e., return OK), or return AUTH_REQUIRED. For every page you want protected, create a second AuthHandler that checks for this cookie. If it exists, then the user has visisted you first handler (the one on the non-existent location) and has authenticated there. Why 2 handlers, and why a non-existent location? If you use a real location, the the browser will send it's own Auth headers, which is precisely what you want to avoid (this is what can't be logged out). The second handler merely checks for the existence of that cookie, no other checks are necessary. If it is missing, then redirect to the login Location, possibly with some redirect info back to the current URI. (darren) -- Cole's Law: Thinly sliced cabbage.
Re: how to check for ssl.
On Thu, 3 Aug 2000, Philip Mak wrote: On Thu, 3 Aug 2000, Stas Bekman wrote: use Apache::URI (); $r-parsed_uri-scheme; returns http or https Not really, you can spoof both: Does the user have to spoof it deliberately in order for the wrong one to be detected? If spoofing requires the user to do it on purpose, then in this case the $r-parsed_uri-scheme should be sufficient. The other method (putting HTTPS on a different port and using mod_rewrite to make it transparent) is better of course, but in case you can't do it for some reason, I think this will work too. They don't gain anything by spoofing http/https deliberately; it just makes their connection not secure. Not really. Of course this is not a thing happening to you every day, but someone can intercept the connection and spoof it for server as a secure, while in fact Eve (the interceptor's name that usually used in crypto docs, next to Alice and Bob) intercepts all the connections making the user submitting information in insecure way. Think about banking... So checking for the scheme would be Ok in 99.9% cases, if you don't care about the one that might be spoofed. _ Stas Bekman JAm_pH -- Just Another mod_perl Hacker http://stason.org/ mod_perl Guide http://perl.apache.org/guide mailto:[EMAIL PROTECTED] http://perl.org http://stason.org/TULARC http://singlesheaven.com http://perlmonth.com http://sourcegarden.org