Re: [Catalyst] untainting utf8 text for db
Thanks for the suggestions. Indeed, specifying a list of chars which is clean (e.g. [a-zA-Z0-9_] for a username in English) is optimum, and I prefer that. But when you are working with fully multilingual material, this becomes pretty much impossible. As the site in question is all about language learning and could eventually handle any language, that is the issue. Rejecting some of the suspicious chars you suggest is something I will do - but even that is not foolproof as there are various ways (more than one, IIRC, but I'm not sure what they all are) of using escape sequences to get through. Of the list you suggest, I'd need to keep (, ), ? - all the rest I could kill quite happily. Again, thanks for the input. I'm going to forward this to the DBIx::Class list (as that is probably where it should have gone in the first place). ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Re: how many RAM used is normal
* Fayland Lam [EMAIL PROTECTED] [2008-06-06 04:55]: we are using Catalyst under mod_perl2. and every httpd is costing 130-200M. `top` shows: But I expect that much of that memory is shared with other httpd instances. F.ex. see http://virtualthreads.blogspot.com/2006/02/understanding-memory-usage-on-linux.html Regards, -- Aristotle Pagaltzis // http://plasmasturm.org/ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Re: script/myapp_fastcgi.pl -d vs. nohup script/myapp_fasctgi.pl
Forgot to mention: in both cases, I launch myapp_fastcgi.pl with the `-keeperr` parameter. On Fri, Jun 6, 2008 at 2:22 AM, Dan Dascalescu [EMAIL PROTECTED] wrote: What is the difference between launching `script/myapp_fastcgi.pl -daemon` and running `nohup script/myapp_fastcgi.pl ' ? I want to be able to run fastcgi.pl -l in the background, with debugging enabled, and log its STDERR. I tried script/myapp_fastcgi.pl -l 127.0.0.1:55900 -d 2myapp.stderr but only the initial startup screen ended up in myapp.stderr. No debug information about requests was written to the file. Running the same application like this: script/myapp_fastcgi.pl -l 127.0.0.1:55900 2myapp.stderr Works as expected. Even after I log out (without running nohup), the app correctly logs requests to myapp.stderr. I'm writing a tutorial on Catalyst deployment with lighttpd and fastcgi at http://catwiki.toeat.com/gettingstarted/howtos/deploy/lighttpd_fastcgi (please feel free to amend) and want to get a good understanding of this issue. Thanks, Dan ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] script/myapp_fastcgi.pl -d vs. nohup script/myapp_fasctgi.pl
What is the difference between launching `script/myapp_fastcgi.pl -daemon` and running `nohup script/myapp_fastcgi.pl ' ? I want to be able to run fastcgi.pl -l in the background, with debugging enabled, and log its STDERR. I tried script/myapp_fastcgi.pl -l 127.0.0.1:55900 -d 2myapp.stderr but only the initial startup screen ended up in myapp.stderr. No debug information about requests was written to the file. Running the same application like this: script/myapp_fastcgi.pl -l 127.0.0.1:55900 2myapp.stderr Works as expected. Even after I log out (without running nohup), the app correctly logs requests to myapp.stderr. I'm writing a tutorial on Catalyst deployment with lighttpd and fastcgi at http://catwiki.toeat.com/gettingstarted/howtos/deploy/lighttpd_fastcgi (please feel free to amend) and want to get a good understanding of this issue. Thanks, Dan ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] how many RAM used is normal
Fayland Lam ha scritto: we are using Catalyst under mod_perl2. and every httpd is costing 130-200M. `top` shows: 1566 apache16 0 147m 136m 6188 S 0.0 1.7 0:23.97 httpd 1567 apache16 0 147m 136m 6200 S 0.0 1.7 0:28.51 httpd 1568 apache16 0 143m 132m 6192 S 0.0 1.6 0:23.45 httpd 1569 apache16 0 144m 133m 6192 S 0.0 1.6 0:24.36 httpd 1570 apache15 0 152m 141m 6196 S 0.0 1.7 0:23.45 httpd 1571 apache16 0 141m 130m 6192 S 0.0 1.6 0:24.57 httpd 1572 apache16 0 143m 131m 6196 S 0.0 1.6 0:22.13 httpd 1581 apache16 0 148m 137m 6184 S 0.0 1.7 0:22.56 httpd 1582 apache16 0 142m 131m 6188 S 0.0 1.6 0:22.12 httpd 1583 apache16 0 144m 133m 6192 S 0.0 1.6 0:21.89 httpd 1584 apache16 0 141m 130m 6184 S 0.0 1.6 0:23.20 httpd 1587 apache16 0 151m 139m 6184 S 0.0 1.7 0:23.87 httpd 1588 apache16 0 140m 129m 6180 S 0.0 1.6 0:21.76 httpd 1589 apache16 0 142m 131m 6188 S 0.0 1.6 0:20.75 httpd 2128 apache16 0 138m 127m 6176 S 0.0 1.6 0:09.76 httpd is it normal under Catalyst+DBIx::Class+Template? or there is something wrong? What's your Catalyst App costs? Thanks. I suppose that's a 'top' output; memory columns should be: virtual, resident, shared. memory usage is thus between 120 and 130 MB for each httpd instance (e.g. 1360MB resident - 6M shared). For example, on one of my servers I have vmware server running: 4615 root 5 -10 365m 307m 296m S0 15.2 81:57.93 vmware-vmx 3905 root 5 -10 381m 304m 291m S2 15.0 85:41.40 vmware-vmx resident: 307MB, 296 of which are shared among the two processes. If all those httpd processes run the same app I think they have should have more shared memory. You could probably check if you preload your app in your apache config file. Something like: Perl use lib qw(/path/to/MyApp/lib); /Perl PerlModule MyApp; etc. HTH Just my 2 eurocents. -- Marcello Romani Responsabile IT Ottotecnica s.r.l. http://www.ottotecnica.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] script/myapp_fastcgi.pl -d vs. nohup script/myapp_fasctgi.pl
On Fri, Jun 6, 2008 at 4:22 AM, Dan Dascalescu [EMAIL PROTECTED] wrote: Works as expected. Even after I log out (without running nohup), the app correctly logs requests to myapp.stderr. I'm writing a tutorial on Catalyst deployment with lighttpd and fastcgi at http://catwiki.toeat.com/gettingstarted/howtos/deploy/lighttpd_fastcgi (please feel free to amend) and want to get a good understanding of this issue. Your tutorial is informative. It's nice to see a non-apache deployment guide. When deploying under apache, the web server is easily configured to deliver static content without asking the fastcgi process to do it. Is that possible with this lighttpd configuration? e.g. myapp.com/static gets served directly by lighttpd, while all other requests go through the catalyst app. /Mitchell K. Jackson ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] script/myapp_fastcgi.pl -d vs. nohup script/myapp_fasctgi.pl
On 6 Jun 2008, at 14:50, Mitch Jackson wrote: On Fri, Jun 6, 2008 at 4:22 AM, Dan Dascalescu [EMAIL PROTECTED] wrote: Works as expected. Even after I log out (without running nohup), the app correctly logs requests to myapp.stderr. I'm writing a tutorial on Catalyst deployment with lighttpd and fastcgi at http://catwiki.toeat.com/gettingstarted/howtos/deploy/ lighttpd_fastcgi (please feel free to amend) and want to get a good understanding of this issue. Your tutorial is informative. It's nice to see a non-apache deployment guide. When deploying under apache, the web server is easily configured to deliver static content without asking the fastcgi process to do it. Is that possible with this lighttpd configuration? e.g. myapp.com/static gets served directly by lighttpd, while all other requests go through the catalyst app. /Mitchell K. Jackson http://perlitist.com/articles/catalyst-with-lighttpd ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Authorization ACL: future plans?
Hi guys, (Yuval please note: this concerns one of your modules) Are there any plans afoot to build on Catalyst::Plugin::Authorization::ACL? I have a requirement for a couple of enhancements, and I'd like to sound out the list before jumping in and coding. 1. I'd quite like the idea of a generic resource, that users have access to, rather than just a controller method. The resource could be or correspond to a file on the server's fs, a wiki page, a diary appointment, etc. The resource would have a set of permissions, controlled through the model: * See (whether this resource actually appears at all) * Read (Are the contents of the resource visible/executable?) * Modify * Delete * Grant (who can change the permissions for this resource) The resource also has an owner (user) and a group (role). Each of the permissions above can be set to one of 'owner', 'group', 'world' or none. Proposed module name: Catalyst::Plugin::Authorization::ACL::Resource 2. Full blown access control lists For more sophisticated requirements, we have an actual list: Include: list of entities Exclude: list of entities each entity can be one of the following: * A user * 'owner' * A role * 'group' * An ACL (i.e. nesting) This enhances option 1 above by allowing the permission to be an ACL besides 'owner', 'group', 'world' or none. Proposed module name: Catalyst::Plugin::Authorization::ACL::Full What do people think? Feedback please. By the way in case you are wondering, I am looking to write a CMS that sits on top of Catalyst. Ivor. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Dbix-class] Re: [Catalyst] untainting utf8 text for db
No escape sequence should get through if you reject any characters outside of the allowed characters. For example you could just reject the input and prompt for another input if this regex matches (?:[^a-zA-Z0-9 _]+) So escape sequences shouldn't affect this test. Thanks, -- Ali Mesdaq (CISSP, GIAC-GREM) Security Researcher II Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: Daniel McBrearty [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:07 PM To: The elegant MVC web framework Cc: DBIx::Class user and developer list Subject: [Dbix-class] Re: [Catalyst] untainting utf8 text for db Thanks for the suggestions. Indeed, specifying a list of chars which is clean (e.g. [a-zA-Z0-9_] for a username in English) is optimum, and I prefer that. But when you are working with fully multilingual material, this becomes pretty much impossible. As the site in question is all about language learning and could eventually handle any language, that is the issue. Rejecting some of the suspicious chars you suggest is something I will do - but even that is not foolproof as there are various ways (more than one, IIRC, but I'm not sure what they all are) of using escape sequences to get through. Of the list you suggest, I'd need to keep (, ), ? - all the rest I could kill quite happily. Again, thanks for the input. I'm going to forward this to the DBIx::Class list (as that is probably where it should have gone in the first place). ___ List: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/dbix-class IRC: irc.perl.org#dbix-class SVN: http://dev.catalyst.perl.org/repos/bast/DBIx-Class/ Searchable Archive: http://www.grokbase.com/group/[EMAIL PROTECTED] Protected by Websense Messaging Security -- www.websense.com ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
RE: [Catalyst] Using URIs for my app in another program
Tomas Doran wrote on 2008-06-06: On 7 Jun 2008, at 01:17, Byron Young wrote: Is there any way to fake a request when my app starts? It seems like a bit of a catch-22 -- I need to know a URL in order to fake the request, but in order to generate the URL I need to have a request... The problem which you have here is that the application doesn't know what URLs it's attached to until run time. Remember - you can have multiple virtual hosts pointing to the same application instance, therefore catalyst *can't* know in advance where it is going to be served from. True. All I need to know in this case is just one valid URL, though. The simple perl HTTP engine which script/myapp_server.pl uses prints a nice message with the app URL - but that's because it's a toy compared to what you might do in real deployment. Am I doomed to storing the URL for my 'populate database with urls' action in a config file and updating it by hand when I move the web app? I think so, but I think that you *want* to do this. Otherwise, how do you deal with testing the app? And also testing your thing which requests the app. Surely you're gonna want to be able to test against demo servers you've brought up on localhost? Actually, that's specifically the use case I'm thinking of here. Each developer on this project has his own testing setup on the dev machine, while the production version runs on another host. Each test setup includes a database, daemon, and web app. We do use config files to point everything to the right codebase and database, so it's not the end of the world to add another entry for the url, but I try to be careful of the amount of configuration we need. I want to avoid the situation where a developer forgets to change his dev config file to point to his dev web app and so his daemon ends up talking to the production server instead, potentially resulting in something bad happening. So, if there is some totally automated way to do things instead, I opt for that. Of course, this may just be exposing some bad practices on our end wrt to dev environments and config files and protecting the production server from fallible developers such as myself. I think that you're trying to solve the wrong problem here, sorry. To be honest - how often are you really going to move the webapp once it's deployed? What's wrong with giving it it's own DNS CNAME which you switch between boxen hosting it? Yeah, that's true - we probably won't move the production app, and we'll use a CNAME if we do. Thanks for your help Byron Cheers Tom ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Users hierarchy
* On Fri, Jun 06 2008, [EMAIL PROTECTED] wrote: Gulp, that should have been 0 :) Actually, it should have been ! as in if(!$found ...). Perl has a variety of false values including 0, undef, and the empty string. Perl's built-in boolean operators return undef or 1 as false or true, but other libraries use other values ( and hey, it worked!, for example). Additionally, 0 is == to a variety of true values, including the string 0 but true. So just use !$boolean to test if something is false :) Regards, Jonathan Rockway -- print just = another = perl = hacker = if $,=$ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Authorization ACL: future plans?
* On Fri, Jun 06 2008, ivorw wrote: Hi guys, (Yuval please note: this concerns one of your modules) Are there any plans afoot to build on Catalyst::Plugin::Authorization::ACL? I have a requirement for a couple of enhancements, and I'd like to sound out the list before jumping in and coding. 1. I'd quite like the idea of a generic resource, that users have access to, rather than just a controller method. The resource could be or correspond to a file on the server's fs, a wiki page, a diary appointment, etc. The resource would have a set of permissions, controlled through the model: * See (whether this resource actually appears at all) * Read (Are the contents of the resource visible/executable?) * Modify * Delete * Grant (who can change the permissions for this resource) I don't think a Catalyst plugin is where this sort of code belongs. It belongs in a layer unrelated to Catalyst. I also don't think this can be done generically enough to make it useful. (Too generic and it won't save any time, too specific and you'll be the only user.) For something DBIx::Class-specific, look at DBIx::Class::Schema::RestrictWithObject. Basically, you have an object that does the access control (per-resultset), and your application never sees data that the user isn't allowed to see. This is the right level of generic-ness. Authorization::ACL is completely differnet,BTW. It's nice for walling off part of your application; mainly so you don't have to check $c-user_exists for every action that $c-user touches. But, it doesn't try to guess what your application's data means, it just turns part of the app off based on some rules you set up. Again, the right level of generic-ness. What I'm trying to say is that access control and C::P::A::ACL are two different things. Catalyst shouldn't even be in your mind when you are designing the access rules and code for your data. The resource also has an owner (user) and a group (role). Each of the permissions above can be set to one of 'owner', 'group', 'world' or none. Proposed module name: Catalyst::Plugin::Authorization::ACL::Resource 2. Full blown access control lists For more sophisticated requirements, we have an actual list: Include: list of entities Exclude: list of entities each entity can be one of the following: * A user * 'owner' * A role * 'group' * An ACL (i.e. nesting) This enhances option 1 above by allowing the permission to be an ACL besides 'owner', 'group', 'world' or none. Proposed module name: Catalyst::Plugin::Authorization::ACL::Full What do people think? Feedback please. By the way in case you are wondering, I am looking to write a CMS that sits on top of Catalyst. Write the CMS first, then factor out the access control code. If you do it the other way around, it probably won't turn out the way you want. (Nothing is worse than writing a library and then having your application that uses it work around it. Trust me, I've done that.) Regards, Jonathan Rockway -- print just = another = perl = hacker = if $,=$ ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Users hierarchy
On Friday 06 June 2008 10:46:53 pm Jonathan Rockway wrote: * On Fri, Jun 06 2008, [EMAIL PROTECTED] wrote: Gulp, that should have been 0 :) Actually, it should have been ! as in if(!$found ...). Perl has a variety of false values including 0, undef, and the empty string. Perl's built-in boolean operators return undef or 1 as false or true, but other libraries use other values ( and hey, it worked!, for example). Actually (0==1) is and defined, while we're picking nits. The point stands that if you want to test for truth you should simply test for truth. Andrew ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
