[Catalyst] Rose::DB
Is anyone working on a Rose::DB catalyst model plugin? Christian ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst Exception received by e-mail?
Splunk is a good one for this. On Mar 27, 2007, at 4:16 PM, Bill Moseley wrote: On Tue, Mar 27, 2007 at 05:12:02PM +0200, Igor Longagnani wrote: I should force my Catalyst based app to send an e-mail on every exception/error, just before sending it (the exception) out on the video when the app dies. I mean I'd like to see the exception both on the screen and on e- mail. I like those complete scrolling screens when something bad happens ... I would recommend you use a separate process to watch the error log and send mail. -- Bill Moseley [EMAIL PROTECTED] ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/ catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Encrypt /Decrypt URI
One idea is to not encrypt the URI but MD5 it to prevent URL tampering. Another layer of security for authorization. On May 17, 2007, at 2:26 PM, Matt S Trout wrote: On Thu, May 17, 2007 at 07:17:40PM +0530, Harshal Shah wrote: I am trying to encrypt / decrypt all the paths used in my application is there a better way to do this ?? Er ... don't encrypt the URI in the first place and use normal authentication? I can't think of a case where what you're trying to do would be a good idea, could you please explain -why- you're doing it and then maybe we can suggest a better way to achieve your goals? -- Matt S Trout Need help with your Catalyst or DBIx::Class project? Technical DirectorWant a managed development or deployment platform? Shadowcat Systems Ltd. Contact mst (at) shadowcatsystems.co.uk for a quote http://chainsawblues.vox.com/ http:// www.shadowcatsystems.co.uk/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/ catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
I like the idea of the captcha after a few failed requests. Although, if it's a real person having problems logging in then the addition of the captcha just make it that much more likely that they will not be able to login. Kind of amazing how often I fail the captcha. Plus, captcha's are not great for accessibility. recaptcha has an audio option. Plus your helping a good cause of OCRing books from the Internet Archive. ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
What's to stop the bot from grabbing the token from the home page and using it in its attack? The token has to be something the bot can't readily read, e.g., captcha. On Aug 18, 2007, at 10:11 AM, Carl Johnstone wrote: Bill Moseley wrote: Unfortunately, often want to have a login form on the home page and that page is typically static -- so can't use my token in that situation. How about using a variation of the token system. You have a token that's valid for any request that you change fairly frequently - say every 5 minutes. Then you dynamically insert that into the home page. Then to give you the effect of a static home page, use apache's mod_cache. Finally in your login form, you accept any from the last X tokens where X 2 (you could've cached the page just before the token expires) up to whatever life you want to allow. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/ catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Rate limiting password attacks
He is referring to reposting of forms that are arrived at via the back button, e.g., breaking the cycle submit form - click back button - submit form - etc. The use case is for single use forms not for security. It wouldn't do anything to prevent a bot from scraping the HTML for that token and using it to submit the form. On Aug 20, 2007, at 10:19 AM, Carl Johnstone wrote: What's to stop the bot from grabbing the token from the home page and using it in its attack? The token has to be something the bot can't readily read, e.g., captcha. Bill said: I have the ability to turn on form tokens on my forms, so to be able to post to a form you have to first fetch the single-use token from the form. That has been a big help with forms that send mail, but also aids in preventing reposting of forms -- in addition to redirect after post. So obviously they work for him. Anything that has an effect without causing accessibility problems for users has to be a good thing. In any case, I was just suggesting a way he could still make his existing token system work with a static page to save server resources. Carl ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/ catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/ ___ List: Catalyst@lists.rawmode.org Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/ Dev site: http://dev.catalyst.perl.org/