mod_perl DSO on NT

[Daniel Watkins]

Hi,
Does anyone know if a mod_perl dso
can be loaded into any of the more commercial flavours of apache
(Such as the IBM http server)
I have done some work with mod_perl on NT but now a
few mindless beauracratic nazi IT managers are waving
their rulebooks around. The problem being they dont understand
the difference between free software and freeware.
So, I need a to buy a box with apache in it that supports
mod_perl.

Any Suggestions?

Daniel

Re: [OT?] Cross domain cookie/ticket access

[joe]

> 
> I don't think there's any pretty way to do it.  The only thing I can 
> think of off-hand is to generate the cross-server links dynamically, 
> including an encrypted token in the URL which will notify that server 
> that it should set a cookie saying that the user has already logged 
> in.  The good news is that you only need to do that once for each 
> domain that it is visited.  The bad news is that it doesn't work if 
> the user comes to that domain via some mechanism that doesn't include 
> the token--then they'll have to login the first time to regain their 
> session identifier.
> -- 

If you ever implement something like this, just be sure you 
patent it before Amazon does ;>

-- 
Joe Schaefer
[EMAIL PROTECTED]

SunStar Systems, Inc.

Re: open(FH,'|qmail-inject') fails

[Andrew Dunstan]

Could someone please explain to me why everybody seems so intent on having a mod_perl 
handler fork in order to send mail? Why not just use the very common Net::SMTP package 
which just talks on an SMTP socket to whatever mailhost you have (localhost or other). 
There are other packages on CPAN which perhaps have more power, but still don't fork, 
if that's what you need. Every benchmark I've done (quite a few ;-) shows that this is 
far faster way of sending mail.

My understanding (correct me if I'm wrong) is that in general having a mod_perl 
handler fork is a Bad Thing (tm).

(and of course there is even less danger with funky email addresses with shell 
metacharacters that way, too)

I recall with some fondness Randal's "useless use of cat" awards - maybe we need to 
create a "useless use of fork" award :-)

cheers

andrew

Re: SELECT cacheing

[Perrin Harkins]

On Thu, 7 Sep 2000, Roger Espel Llima wrote:
> The question now is: is there any interest in releasing this?  I could
> write some minimal docs and give it a 'proper' module name, if there's
> interest.

I'd say this is probably useful to some people, so go ahead.  A few
suggestions: 
- Use the DBIx namespace for the module. 
- If possible, use some existing cache module for the storage, like
Apache::Session or one of the m/Cache/ modules on CPAN.
- Provide a safety check so that if a query brought back a few million
rows by accident you wouldn't try to write the whole mess to disk.
- Maybe try to support the other results interfaces in DBI?

Re: SELECT cacheing

[G.W. Haywood]

Hi there,

On Thu, 7 Sep 2000, Roger Espel Llima wrote:

> I've written a very small module to cache SELECT results from DBI
> requests.
[snip]
> The question now is: is there any interest in releasing this?  I could
> write some minimal docs and give it a 'proper' module name, if there's
> interest.

I'm sure there is.  My last but one contract I did a very similar thing
but I implemented the cache as a tied DBM file.

73,
Ged.

Re: SELECT cacheing

[Peter Skipworth]

Roger,

Sounds interesting - as a matter of fact, I'm doing it exactly the same
way on realestate.com.au, except I use the last 2 hex digits as the
directory name. Great minds think alike!

I don't know if many people realise this, but mySQL, for those of you
that use it, will soon include a select_cached function, for doing
exactly the same. Of course, a non-RDSM-specific solution would be great 
as well on the Perl side. I'm using Storable to write the query result to
disk as an array of hashes. I've implemented most of DBI's query methods,
including fetchrow, fetchrow_hashref, fetchrow_arrayref, etc, and it works
quite well and is transparent to the programmer. Page generation speed
improved by up to 100% in a lot of cases.  

I'd suggest that you include an (optionally
implementable) cache-cleaning routine, so that it's an 'all in one'
solution, as well as parameters such as 'maximum cache size' and
cache-timeout per store. Let me know if you'd like any help with getting
this completed, as I'd be happy to help. 

regards,

Peter Skipworth


On Thu, 7 Sep
2000, Roger Espel Llima wrote:

> I've written a very small module to cache SELECT results from DBI
> requests.  The interface looks like:
> 
>   use SelectCache;
> 
>   my $db = whatever::get_a_handle();
>   my $st = qq{ select this, that ... };
>   my $rows = SelectCache::select($db, $st, 180);
> 
> this returns an arrayref of rows (like the selectall_arrayref function),
> and caches the result in a file, which gets reused for 180 seconds
> instead of asking the db again.
> 
> The names of the cache files are the md5's of the select statement,
> using the last hex digit as a subdirectory name.  There's no file
> cleanup function; you can always do that from cron with find.
> 
> This is all very simple, but it's pretty useful in combination with
> mod_perl, to speed up things like showing the "latest 10 posts", on
> frequently accessed webpages.
> 
> The question now is: is there any interest in releasing this?  I could
> write some minimal docs and give it a 'proper' module name, if there's
> interest.
> 
> 

-- 
.-.
|   Peter SkipworthPh: 03 9897 1121   |
|  Senior Programmer  Mob: 0417 013 292   |
|  realestate.com.au   [EMAIL PROTECTED] |
`-'

SELECT cacheing

[Roger Espel Llima]

I've written a very small module to cache SELECT results from DBI
requests.  The interface looks like:

  use SelectCache;

  my $db = whatever::get_a_handle();
  my $st = qq{ select this, that ... };
  my $rows = SelectCache::select($db, $st, 180);

this returns an arrayref of rows (like the selectall_arrayref function),
and caches the result in a file, which gets reused for 180 seconds
instead of asking the db again.

The names of the cache files are the md5's of the select statement,
using the last hex digit as a subdirectory name.  There's no file
cleanup function; you can always do that from cron with find.

This is all very simple, but it's pretty useful in combination with
mod_perl, to speed up things like showing the "latest 10 posts", on
frequently accessed webpages.

The question now is: is there any interest in releasing this?  I could
write some minimal docs and give it a 'proper' module name, if there's
interest.

-- 
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html

mod_perl security :: possible solution

[Félix C.Courtemanche]

Hi,

I have been looking around for some time already about this and here are the
2 solutions I came up with... I would like some comments, especially if you
think it would be safe / fast to use.

Solution #1 (apache solution)
¯
- Use a centralized apache server for all html request, graphics, etc.
mod_php and mod_perl disabled on this server
- Redirect a certain directory or sub domains to a personalized apache
server (on an unprivileged port), running under the client's uid.
- That personalized server would be compiled with mod_perl and mod_php, and
running with the following apache directives:
  - RLimitMEM (http_core.c) :: Soft/hard limits for max memory usage per
process
  - RLimitNPROC (http_core.c) :: Soft/hard limits for max number of
processes per uid
- It would also have the Apache-Watchdog-RunAway perl module installed to
kill zombies.

That solution would allow the fastest setup (as far as I am concerned) but I
am afraid that redirecting the directory to a personalized apache server
could generate some problems...  I thought of redirect using the [P] flag
(proxy) so that the url viewed in the browser stay the same... however, for
each queries, 2 httpd process will have to handle it.  This may hurt the
performances for a web site using a lot of scripts.

Solution #2 (perl module solution)
¯
- Only use 1 apache server for everyone
- Use Apache:SizeLimit (included with mod_perl) (memory watchdog)
- Use Apache-watchdog-runaway (same as above)
- Use apache:resources for other control
- Use Apache:safe and apache:safe:hole to restrict the use of mod_perl...
however I may have to fight with it a bit to allow DBI and other similar
modules to be used as well

That solution appears to be faster for me, but a lot harder to set up and
configure.  It may involve some programmation, etc.


What is your opinion on these... and do you have a better solution? Wich one
is the best?
I am open for any comments and help... I plan to set up some package or at
least a web page to explain to others how to do it once it is working
perfectly for me.  I noticed that perl security (along with shell security)
is one of the worst seucirty/privacy treat in almost all web hosting
companies... and I intend to solve this. :)
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Félix C.Courtemanche . Head Designer
Co-Administrator . Can-Host Networks
http://www.can-host.com
[EMAIL PROTECTED]

Writing to the client's socket from an XS module

[Subhash Sankuratripati]

Hello,
I would like to find out how can I write to the HTTP Client from an
XS module written in C being called from a Perl module running under apache.

Even trying syswrite 1, "test" does not work from mod_perl. So
internally mod_perl is duping stdout to some other file handle and
eventually writing it to the accepted socket desc. from the client.

Is there any way of writing to the filehandle from an XS module
written in C?.

Would really appreciate any way of implementing this.

Thanks in advance,
-Subhash.

Available for hire

[Jie Gao]

Hi All,

I'm available for hire in the areas of Apache+mod-perl and UNIX
Admin (Solaris, Tru64, Linux).


Jie

Re: open(FH,'|qmail-inject') fails

[Roger Espel Llima]

On Thu, Sep 07, 2000 at 01:25:21PM -0700, Randal L. Schwartz wrote:
> > "Roger" == Roger Espel Llima <[EMAIL PROTECTED]> writes:
> 
> Roger>   # limit allowed characters in email addresses
> Roger>   $to =~ tr/-a-zA-Z0-9_+%$.,:!@=()[]//cd;
> 
> *  An email address can have ANY CHARACTER OF THE PRINTABLE ASCII SEQUENCE.
> *  An email address NEVER NEEDS TO GET NEAR A SHELL, so ALL CHARACTERS
> *  ARE SAFE.

err, you're right.   my code had another bug too: qmail-inject's -f
option wants the email address only, not the "Full Name "
thing.  that's what I get for trying to make "cosmetic" changes to code
just before posting.

here's the function again, exactly as we use it, and without the
filtering:

sub sendmail {
  my ($from, $to, $subject, $message, $name) = @_;
  local *MAIL;

  # safe pipes adapted from man perlipc
  local $SIG{PIPE} = sub {};
  my $pid = open (MAIL, "|-");
  local $SIG{ALRM} = sub { CORE::exit; };

  unless (defined $pid) {
# fork failed!
return "Error sending mail.";
  }

  if ($pid) {
# parent
if (defined $name) { print MAIL "From: $name <$from>\n"; }
else { print MAIL "From: $from\n"; }
print MAIL "To: $to\n";
print MAIL "Subject: $subject\n\n";
print MAIL $message, "\n";
close MAIL;
return 1;
  } else {
# child
exec("/var/qmail/bin/qmail-inject", "-f", $from, "--", $to)
  || CORE::exit;
  }
}

> Man, if I see ONE MORE script that checks for a "legal email",

well, you could always try to check the address against rfc822... but
that would be one hell of a regexp, and it'd be mostly useless, since
the worst that can happen is a bounced email.

> I'm gonna scream.  Matter of fact, I already did. :)

feels better doesn't it? :)

-- 
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html

Need mod_Perl developers in Austin, Texas. Contract or Direct Please help me out if you can.

[Kirk Gould]

Hello,

I need to help a partner organization find mod_Perl developers for an
Austin, Texas company, so that they can finish a project for me.  Please
contact me if you can help out.  I don't know if they will need relocation
perm or temp, perhaps not for contract.

Sincerely,

Kirk

Kirk J. Gould
Program Manager - Interact.com
Interact Commerce Corporation
8800 North Gainey Center Drive
Suite 200
Scottsdale, Arizona 85258

1-480-368-3825 phone
1-480-627-3500 fax

[EMAIL PROTECTED]

Doesn't everyone Interact?

Re: open(FH,'|qmail-inject') fails

[Randal L. Schwartz]

> "Roger" == Roger Espel Llima <[EMAIL PROTECTED]> writes:

Roger>   # limit allowed characters in email addresses
Roger>   $to =~ tr/-a-zA-Z0-9_+%$.,:!@=()[]//cd;

This is neither necessary nor sufficient.  Please stop with this nonsense.

**
*
*  An email address can have ANY CHARACTER OF THE PRINTABLE ASCII SEQUENCE.
*
*  An email address NEVER NEEDS TO GET NEAR A SHELL, so ALL CHARACTERS
*  ARE SAFE.
*
**

Clear?

Man, if I see ONE MORE script that checks for a "legal email", I'm gonna
scream.  Matter of fact, I already did. :)

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<[EMAIL PROTECTED]> http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Cookie-based access control

[Tu Nguyen]

 
Hi,
 
I try to use the Cookie-based accesss control 
method in the eagle book.
I have 2 servers. server1 serves 
for ww1.server.com and server2 is for ww2.server.com
the httpd.conf file in server1 look like 
this
  
PerlAccessHandler  Apache::TicketAccess  
PerlSetVar 
TicketDomain   .server.com  
PerlSetVar 
TicketSecret    http://ww1.server.com/secrets/key.txt  
ErrorDocument  403 http://ww1.server.com/Login  

 
    
SetHandler  perl-script  PerlHandler 
Apache::PTATicketMaster  PerlSetVar  
TicketDomain    .server.com   PerlSetVar  
TicketSecret    http://ww1server.com/secrets/key.txt  
PerlSetVar  TicketDatabase  mysql:mydatabase  
PerlSetVar  TicketTable 
users:username:password  PerlSetVar  TicketExpires   
240  
 
and httpd.conf file in server2 look 
like

  
PerlAccessHandler  Apache::TicketAccess  
PerlSetVar 
TicketDomain   .server.com  
PerlSetVar 
TicketSecret    http://ww1.server.com/secrets/key.txt  
ErrorDocument  403 http://ww1.server.com/Login  

 
 
When I try to go to http://ww2.server.com/protected2/index.html 
I always got a message
 
from http://ww1.server.com/Login 
url

Unable to Log InThis site uses cookies for its own security. Your 
browser must be capable of processing cookies and cookies must be 
activated. Please set your browser to accept cookies, then press the 
reload button.
 
What did I do wrong ? In theory, this case should 
work.
 
Any idea would be appreciated.
 
Nguyen

Re: open(FH,'|qmail-inject') fails

[Tom Servo]

On Thu, 7 Sep 2000, Roger Espel Llima wrote:

> > > Might be a faq, but why would open(FH,'|qmail-inject') fail with
> > > fatal: read-error from within mod_perl?
> > Use 
> > open MAIL, "| /var/qmail/bin/qmail-inject" or &die_html("test");
> > print MAIL "[your mail]";
> > close MAIL;
> > 
> > I suppose you forgot the full path to qmail-inject ...
> 
> I use this, it's a bit more complete and paranoid:
> 
> # send mail from the system to someone
> sub sendmail {
>   my ($from, $to, $subject, $message, $name) = @_;
>   local *MAIL;
> 
>   # limit allowed characters in email addresses
>   $to =~ tr/-a-zA-Z0-9_+%$.,:!@=()[]//cd;
> 
>   # safe pipes adapted from man perlipc
>   local $SIG{PIPE} = sub {};
>   my $pid = open (MAIL, "|-");
>   local $SIG{ALRM} = sub { CORE::exit; };
> 
>   unless (defined $pid) {
> # fork failed!
> return "Error sending mail.";
>   }
> 
>   if ($pid) {
> # parent
> $from = "$name <$from>" if defined $name;
> print MAIL "From: $from\n";
> print MAIL "To: $to\n";
> print MAIL "Subject: $subject\n\n";
> print MAIL $message, "\n";
> close MAIL;
> return 1;
>   } else {
> # child
> exec("/var/qmail/bin/qmail-inject", "-f", $from, "--", $to)
>   || CORE::exit;
>   }
> }
> 
> -- 
> Roger Espel Llima, [EMAIL PROTECTED]
> http://www.iagora.com/~espel/index.html
> 

Just a bit of a note, the $pid will come back even if the pipe being
opened to qmail-inject fails.   A child gets forked off to handle opening
the pipe, and the process id comes back from that, not qmail-inject.

You should also check this:

close(MAIL) or die "Couldn't open pipe to qmail-inject";

(I learned this one the hard way).

Brian Nilsen
[EMAIL PROTECTED]

Re: Embedded Perl/Resource Limits

[Gerald Richter]

>
>  But isnt the LimitRequestBody directive  only for
> files being received by the client and not for files
> being sent the other way??
>

It's called LimitRequestBody and not LimitResponseBody, just read the Apache
docs http://www.apache.org/docs/mod/core.html#limitrequestbody


Gerald

> I thought this would be an arbitrary limit that could
> either be changed in a source code or apache config
> file change??
>
> Any ideas?
>
> Bill
>
>
> --- Gerald Richter <[EMAIL PROTECTED]> wrote:
> >
> >
> -
> > Gerald Richterecos electronic communication
> > services gmbh
> > Internetconnect * Webserver/-design/-datenbanken *
> > Consulting
> >
> > Post:   Tulpenstrasse 5 D-55276 Dienheim
> > b. Mainz
> > E-Mail: [EMAIL PROTECTED] Voice:+49
> > 6133 925131
> > WWW:http://www.ecos.de  Fax:  +49
> > 6133 925152
> >
> -
> >
> > - Original Message -
> > From: "Bill Mustdie" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, September 06, 2000 1:40 AM
> > Subject: Embedded Perl/Resource Limits
> >
> >
> > >
> > > Hi,
> > >
> > >  I have a question pertaining to Embedded Perl.
> > > (But it may be Apache or mod_perl in nature)
> > >
> > > From the example upload script on the Apache
> > Embedded
> > > Perl page I am implementing a small file upload
> > system
> > > however I have noticed files cut out when
> > uploading at
> > > around 1 meg. (Reports "Network Error" with no
> > message
> > > logged to the log files - anything under a meg
> > works
> > > no problems)
> > >
> >
> > Maybe you have set (or compiled in) a
> > LimitRequestBody:
> >
> >
> http://www.apache.org/docs/mod/core.html#limitrequestbody
> >
> > Also this creates a temp file, so it maybe a limit,
> > set by your os for the
> > user Apache is running as, about the max filesize
> >
> > Gerald
> >
> >
> > > Is this an Apache or mod_perl limitation?
> > >
> > > And whats the best way of getting around it? Is
> > there
> > > a simple Apache directive i can put in the config
> > file
> > > or is there a hard coded patch required?
> > >
> > > thanks in advance!
> > >
> > > Bill
> > >
> > > ps Yes i do know of other methods such as a
> > meta-ftp
> > > client for files this large but this violates our
> > > firewall policies etc etc.. :)
> > >
> > >
> > > -
> > >
> > > [$ if !defined $fdat{ImageName} $]
> > >
> > >  > ENCTYPE="multipart/form-data">
> > >   
> > >> > VALUE="Upload file">
> > > 
> > >
> > > [$else$]
> > >
> > >  
> > > [-  open FILE, "> /tmp/file.$$";
> > > print FILE $buffer while
> > > read($fdat{ImageName}, $buffer, 32768);
> > > close FILE;
> > >
> > > -]
> > > Your file has been saved to [+ "/tmp/file.$$"
> > +]
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Yahoo! Mail - Free email you can access from
> > anywhere!
> > > http://mail.yahoo.com/
> > >
> > >
> >
>
>
> __
> Do You Yahoo!?
> Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/
>
>

Re: Auto rollback using Apache::DBI

[Perrin Harkins]

On Thu, 7 Sep 2000, Nicolas MONNET wrote:
> |Well, Apache::DBI does push a cleanup handler that does a rollback if
> |auto-commit is off.  Are you saying this isn't working?
> 
> I've run into a situation where it was'nt. I wanted to make sure
> it's not the desired behaviour, before I can dig more into it to look how
> it's heppening.

With AutoCommit off, you should definitely get a rollback on every
request, provided you actually called DBI->connect on that request.  Turn
on the debug flag ($Apache::DBI::DEBUG = 2) and see if the cleanup handler
is being run or not.

- Perrin

Re: open(FH,'|qmail-inject') fails

[Roger Espel Llima]

> > Might be a faq, but why would open(FH,'|qmail-inject') fail with
> > fatal: read-error from within mod_perl?
> Use 
> open MAIL, "| /var/qmail/bin/qmail-inject" or &die_html("test");
> print MAIL "[your mail]";
> close MAIL;
> 
> I suppose you forgot the full path to qmail-inject ...

I use this, it's a bit more complete and paranoid:

# send mail from the system to someone
sub sendmail {
  my ($from, $to, $subject, $message, $name) = @_;
  local *MAIL;

  # limit allowed characters in email addresses
  $to =~ tr/-a-zA-Z0-9_+%$.,:!@=()[]//cd;

  # safe pipes adapted from man perlipc
  local $SIG{PIPE} = sub {};
  my $pid = open (MAIL, "|-");
  local $SIG{ALRM} = sub { CORE::exit; };

  unless (defined $pid) {
# fork failed!
return "Error sending mail.";
  }

  if ($pid) {
# parent
$from = "$name <$from>" if defined $name;
print MAIL "From: $from\n";
print MAIL "To: $to\n";
print MAIL "Subject: $subject\n\n";
print MAIL $message, "\n";
close MAIL;
return 1;
  } else {
# child
exec("/var/qmail/bin/qmail-inject", "-f", $from, "--", $to)
  || CORE::exit;
  }
}

-- 
Roger Espel Llima, [EMAIL PROTECTED]
http://www.iagora.com/~espel/index.html

Re: upgrading mod_perl on production machine

[Stas Bekman]

On Thu, 7 Sep 2000, Greg Cope wrote:

> Stas Bekman wrote:
> > 
> > On Wed, 6 Sep 2000, Perrin Harkins wrote:
> > 
> > > On Wed, 6 Sep 2000, Bill Moseley wrote:
> > > > I hope I didn't miss anything in the Guide at install.html and in
> > > > control.html, but I was looking for any suggestions on upgrading mod_perl
> > > > and Perl on a running production machine to limit the amount of down time.
> > >
> > > We use RPMs.  Some form of package, even if it's just a tarball, is a good
> > > idea.  Build it on a different server and then just install it.  Having
> > > multiple servers really comes in handy here because you can take some off
> > > line, upgrade them while the others are live, and then switch.  Then your
> > > site remains up the whole time.
> > 
> > The problem of the tar-ball is that it doesn't know to cleanup previously
> > installed files. Imagine a situation where some module that was previously
> > installed in perl5/5.00503 now installed in perl5/site_perl/5.005 -- You
> > get the problem where the old version is loaded before the new one.
> > 
> > Therefore tar-ball is not a good solution, unless you scratch the whole
> > tree a moment before you untar the ball.
> 
> Ah - what about this ...
> 
> install (using tarballs complie target dirs) in a
> package_name-version_number directory.
> 
> Then symlink to that dir from where ever you need to.

Nice. 

Will work with mysql immediately. 

Will work with plain Apache if you alter apachectl to invoke -d
dir_of_httpd.conf. Since you have compiled thing with a specific path.

But not Perl -- remember the @INC thingy? Probably compile on a different
machine into the normal /usr/lib/perl5 (or equivalent). Then untar it into
a different location on the production machine. When 'ln -sf' mod_perl
should see the normal path... I guess the same will work with plain
Apache.

> My /usr/local looks like this on some of my production machines:
> 
> drwxr-xr-x6 root root 4096 Jun 28 16:25 BerkeleyDB.3.1
> lrwxrwxrwx1 root root   13 Jul  7 06:21 apache ->
> apache1.3.12/
> drwxr-xr-x3 root root 4096 Jun 18 22:55 apache1.3.12
> drwxr-xr-x2 root bin  4096 Jun 18 23:09 bin
> drwxr-xr-x2 root root 4096 Jun 18 23:12 include
> drwxr-xr-x2 root root 4096 Jun 15 18:15 lib
> lrwxrwxrwx1 root root   30 Sep  2 11:57 mysql ->
> /usr/local/mysql-3.23.23-alpha
> drwxr-xr-x7 root root 4096 Jul 31 17:28
> mysql-3.23.22-alpha
> drwxr-xr-x7 root root 4096 Sep  2 11:14
> mysql-3.23.23-alpha
> drwxr-xr-x2 root bin  4096 Jun  8 21:42 sbin
> drwxrwxr-x9 root root 4096 May 29 11:38 ssl
> 
> 
> I can now roll back any new installs by just changing the symlink, and a
> tarball of the required dir does the trick.
> 
> After testing I brought up new versions in the time in takes to make a
> online command with a few &&'s in and apache is backup in the time it
> takes for apache to restart - which depends on the ammount of perl
> modules it needs to deal with etc ...
> 
> Greg Cope
> 
> > 
> > _
> > Stas Bekman  JAm_pH --   Just Another mod_perl Hacker
> > http://stason.org/   mod_perl Guide  http://perl.apache.org/guide
> > mailto:[EMAIL PROTECTED]   http://apachetoday.com http://jazzvalley.com
> > http://singlesheaven.com http://perlmonth.com   perl.org   apache.org
> 
> 
> 



_
Stas Bekman  JAm_pH --   Just Another mod_perl Hacker
http://stason.org/   mod_perl Guide  http://perl.apache.org/guide 
mailto:[EMAIL PROTECTED]   http://apachetoday.com http://jazzvalley.com
http://singlesheaven.com http://perlmonth.com   perl.org   apache.org

Re: Using .htaccess in dynamic pages

[Jonathan Leto]

It might be easier to just use Apache::Htpasswd or the like, check
for the existence of the .htaccess file, and parse it accordingly to 
see if the user has permissions. Or you could have a database of who
has permissions to which files, and disallow access to any of the files
unless through magical_script.cgi . 


 [EMAIL PROTECTED] ([EMAIL PROTECTED]) was saying:

> Hi!
> 
> I have a program which is run under mod_perl as apache module.
> The program generates dynamic content from files in a directory tree.
> 
> I'm wondering would it be possible to use .htaccess auhtorization for
> this dynamic content?
> 
> for example:  
> 
> directory/file1
> directory/.htaccess
> /magical_script.cgi
> 
> 
> The magical_script.cgi gets called with parameter file=directory/file1.
> 
> I'd like to verify whether  the user has  access to directory/file1
> directly or not. (could he get it if he typed the url 
> http://server/directory/file1 or not)
> 
> Basically I think that this could be done by changing the request uri
> and calling all authorization related callbacks.  However I have no
> idea how to do that. Even less with mod_perl.
> 
> Do you think that this would be possible?  
> 
> -- 
>   Osmo Paananen <[EMAIL PROTECTED]>
> 

-- 
[EMAIL PROTECTED] 
"With pain comes clarity."

Re: perld

[Jonathan Leto]

I think Alan Cox would kindly make fun of you, and tell you to have fun writing it.

>From a security point of view, I don't think it's feasible either. I am fine and 
dandy using perl to automate admin tasks like it is now.

 Francesco Pasqualini ([EMAIL PROTECTED]) was saying:

> for increase sysadm script speed could be useful a sort of perl daemon or
> embed perl in the kernel (linux).
> Another way could be the use of apache+modperl (very robust solution) and a
> light wrapper to convert a script (#!/usr/bin/perl)
>  execution in to an httpd request.
> 
> The problem to solve I think are the effective/real user and  group id of
> the  script process
> 
> ... I'm just investigating a possible scenarios
> 
> thanks
> Francesco
> 
> 

-- 
[EMAIL PROTECTED] 
"With pain comes clarity."

Re: Auto rollback using Apache::DBI

[Nicolas MONNET]

On Thu, 7 Sep 2000, Perrin Harkins wrote:

|On Thu, 7 Sep 2000, Nicolas MONNET wrote:
|> I might get something wrong, but while in non-autocommit, if a script dies
|> before rollbacking or commiting, looks like the transaction never gets
|> cancelled until I kill -HUP httpd! Quite a problem ...
|> 
|> Is there any known way to catch this? 
|
|Well, Apache::DBI does push a cleanup handler that does a rollback if
|auto-commit is off.  Are you saying this isn't working?

I've run into a situation where it was'nt. I wanted to make sure
it's not the desired behaviour, before I can dig more into it to look how
it's heppening.

Re: [OT?] Cross domain cookie/ticket access

[Kee Hinckley]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

>Aaron Johnson wrote:
>>
>>  I am trying to implement a method of allowing access to three separate
>>  servers on three separate domains.
>>
>>  The goal is to only have to login once and having free movement across
>>  the three protected access domains.
>>
>>  A cookie can't work due to the limit of a single domain.
>>
>  > Has anyone out there had to handle this situation?

I don't think there's any pretty way to do it.  The only thing I can 
think of off-hand is to generate the cross-server links dynamically, 
including an encrypted token in the URL which will notify that server 
that it should set a cookie saying that the user has already logged 
in.  The good news is that you only need to do that once for each 
domain that it is visited.  The bad news is that it doesn't work if 
the user comes to that domain via some mechanism that doesn't include 
the token--then they'll have to login the first time to regain their 
session identifier.
- -- 

Kee Hinckley - Somewhere.Com, LLC - Cyberspace Architects
[Coming this week solar-powered from the Florida beaches]

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.2 for non-commercial use 

iQA/AwUBObfCzCZsPfdw+r2CEQKypgCfc6iDirFQMl3YL10UUJPx7fa+/u4An1a5
tF4LFML6QP7cb3VeI/iqD+MI
=vjy/
-END PGP SIGNATURE-

Re: [OT?] Cross domain cookie/ticket access

[Drew Taylor]

Aaron Johnson wrote:
> 
> I am trying to implement a method of allowing access to three separate
> servers on three separate domains.
> 
> The goal is to only have to login once and having free movement across
> the three protected access domains.
> 
> A cookie can't work due to the limit of a single domain.
> 
> Has anyone out there had to handle this situation?

Yes. In the end I decided users would just have to login into each
domain seperately as I'm using cookies for authentication/tracking. You
just can't do it. :-( Of course, if someone has another idea I'm
listening...

The only other way around it is at time of login to do what you
described - round-robin redirect to each domain. It's ugly, time
consuming (for the user), and it generally sucks.

-- 
Drew Taylor
Vialogix Communications, Inc.
501 N. College Street
Charlotte, NC 28202
704 370 0550
http://www.vialogix.com/

Re: Auto rollback using Apache::DBI

[Perrin Harkins]

On Thu, 7 Sep 2000, Nicolas MONNET wrote:
> I might get something wrong, but while in non-autocommit, if a script dies
> before rollbacking or commiting, looks like the transaction never gets
> cancelled until I kill -HUP httpd! Quite a problem ...
> 
> Is there any known way to catch this? 

Well, Apache::DBI does push a cleanup handler that does a rollback if
auto-commit is off.  Are you saying this isn't working?

- Perrin

[OT?] Cross domain cookie/ticket access

[Aaron Johnson]

I am trying to implement a method of allowing access to three separate
servers on three separate domains.

The goal is to only have to login once and having free movement across
the three protected access domains.

A cookie can't work due to the limit of a single domain.

Has anyone out there had to handle this situation?

I have thought about several different alternatives, but they just get
uglier and uglier.

One thought was that they could go to a central server and login.  At
the time of login they would be redirected to a special page on each of
the other two servers with any required login information.  These pages
would in turn return them to the login machine.  At the end of the login
process they would be redirected to the web site they original wanted.

This is a rough summary of what might happen -

domain1.net - user requests a page in a protected directory.   They
don't have a cookie.
They are redirected to the cookie server.  This server asks for the user
name and pass and authenticates the user.  Once authenticated the cookie
server redirects the client to each of the other (the ones not matching
the originally requested domain) domains.  This redirect is a page that
hands the client a cookie and sets up the session information.
domain2.net gets the request and redirects the user to a page that will
return them to the cookie machine which will add the domain2.net to the
list of domains in the cookie. And then the process will repeat for each
domain that needs to be processed.

Am I crazy?  Did I miss something in the documentation for the current
Session/Auth/Cookie modules?

I did some hacking of the Ticket(Access|Tool|Master) Example in the
Eagle book, but the cookie limit is keeping it from working correctly.
( BTW: I already use it for a single server login and it works great. )

Any information would be appreciated.

Aaron Johnson

Re: Auto rollback using Apache::DBI

[Matt Sergeant]

On Thu, 7 Sep 2000, Nicolas MONNET wrote:

> 
> 
> Hi there,
> 
> I might get something wrong, but while in non-autocommit, if a script dies
> before rollbacking or commiting, looks like the transaction never gets
> cancelled until I kill -HUP httpd! Quite a problem ...
> 
> Is there any known way to catch this? 

Yes, use some exception handling. That way, the only way your script will
ever not end up in the exception trap is if your httpd seg faults, in
which case the connection will die and the database will roll back the
transaction for you.

See the guide/perl.html for more details.

-- 


Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org | AxKit: http://axkit.org

Re: upgrading mod_perl on production machine

[Greg Cope]

Stas Bekman wrote:
> 
> On Wed, 6 Sep 2000, Perrin Harkins wrote:
> 
> > On Wed, 6 Sep 2000, Bill Moseley wrote:
> > > I hope I didn't miss anything in the Guide at install.html and in
> > > control.html, but I was looking for any suggestions on upgrading mod_perl
> > > and Perl on a running production machine to limit the amount of down time.
> >
> > We use RPMs.  Some form of package, even if it's just a tarball, is a good
> > idea.  Build it on a different server and then just install it.  Having
> > multiple servers really comes in handy here because you can take some off
> > line, upgrade them while the others are live, and then switch.  Then your
> > site remains up the whole time.
> 
> The problem of the tar-ball is that it doesn't know to cleanup previously
> installed files. Imagine a situation where some module that was previously
> installed in perl5/5.00503 now installed in perl5/site_perl/5.005 -- You
> get the problem where the old version is loaded before the new one.
> 
> Therefore tar-ball is not a good solution, unless you scratch the whole
> tree a moment before you untar the ball.

Ah - what about this ...

install (using tarballs complie target dirs) in a
package_name-version_number directory.

Then symlink to that dir from where ever you need to.

My /usr/local looks like this on some of my production machines:

drwxr-xr-x6 root root 4096 Jun 28 16:25 BerkeleyDB.3.1
lrwxrwxrwx1 root root   13 Jul  7 06:21 apache ->
apache1.3.12/
drwxr-xr-x3 root root 4096 Jun 18 22:55 apache1.3.12
drwxr-xr-x2 root bin  4096 Jun 18 23:09 bin
drwxr-xr-x2 root root 4096 Jun 18 23:12 include
drwxr-xr-x2 root root 4096 Jun 15 18:15 lib
lrwxrwxrwx1 root root   30 Sep  2 11:57 mysql ->
/usr/local/mysql-3.23.23-alpha
drwxr-xr-x7 root root 4096 Jul 31 17:28
mysql-3.23.22-alpha
drwxr-xr-x7 root root 4096 Sep  2 11:14
mysql-3.23.23-alpha
drwxr-xr-x2 root bin  4096 Jun  8 21:42 sbin
drwxrwxr-x9 root root 4096 May 29 11:38 ssl


I can now roll back any new installs by just changing the symlink, and a
tarball of the required dir does the trick.

After testing I brought up new versions in the time in takes to make a
online command with a few &&'s in and apache is backup in the time it
takes for apache to restart - which depends on the ammount of perl
modules it needs to deal with etc ...

Greg Cope

> 
> _
> Stas Bekman  JAm_pH --   Just Another mod_perl Hacker
> http://stason.org/   mod_perl Guide  http://perl.apache.org/guide
> mailto:[EMAIL PROTECTED]   http://apachetoday.com http://jazzvalley.com
> http://singlesheaven.com http://perlmonth.com   perl.org   apache.org

Re: Auto rollback using Apache::DBI

[Honza Pazdziora]

On Thu, Sep 07, 2000 at 04:03:04PM +0200, Nicolas MONNET wrote:
> 
> I might get something wrong, but while in non-autocommit, if a script dies
> before rollbacking or commiting, looks like the transaction never gets
> cancelled until I kill -HUP httpd! Quite a problem ...
> 
> Is there any known way to catch this? 

Looking at the code in Apache::DBI 0.87, the handle is only rollbacked
if the AutoCommit is set to zero during connect, not if you do

$dbh->{'AutoCommit'} = 0;

in your script.

I wonder if the $needCleanup test is wanted at all. We could make it
a configuration option, not to push the cleanup handler, but I believe
that generally the rollback is wanted thing in all cases.

-- 

 Honza Pazdziora | [EMAIL PROTECTED] | http://www.fi.muni.cz/~adelton/
 .project: Perl, DBI, Oracle, MySQL, auth. WWW servers, MTB, Spain, ...

Auto rollback using Apache::DBI

[Nicolas MONNET]

Hi there,

I might get something wrong, but while in non-autocommit, if a script dies
before rollbacking or commiting, looks like the transaction never gets
cancelled until I kill -HUP httpd! Quite a problem ...

Is there any known way to catch this? 

Re: open(FH,'|qmail-inject') fails

[Nicolas MONNET]

Thanks a lot, seems to be it, never heard about that env var. That's one
weird behavior.

On 7 Sep 2000, Frank D. Cringle wrote:

|Nicolas MONNET <[EMAIL PROTECTED]> writes:
|> Might be a faq, but why would open(FH,'|qmail-inject') fail with
|> fatal: read-error from within mod_perl?
|
|Are the files in /var/qmail/control world readable?
|Is QMAILMFTFILE defined in the environment and pointing to a file that 
|the httpd process cannot read?

Using .htaccess in dynamic pages

[odie]

Hi!

I have a program which is run under mod_perl as apache module.
The program generates dynamic content from files in a directory tree.

I'm wondering would it be possible to use .htaccess auhtorization for
this dynamic content?

for example:  

directory/file1
directory/.htaccess
/magical_script.cgi


The magical_script.cgi gets called with parameter file=directory/file1.

I'd like to verify whether  the user has  access to directory/file1
directly or not. (could he get it if he typed the url 
http://server/directory/file1 or not)

Basically I think that this could be done by changing the request uri
and calling all authorization related callbacks.  However I have no
idea how to do that. Even less with mod_perl.

Do you think that this would be possible?  

-- 
  Osmo Paananen <[EMAIL PROTECTED]>

Re: mod_perl examples

[Alexander Farber (EED)]

Ilya Soldatkin wrote:
> I am beginner in mod_perl.  I think it will be good for me to see some
> mod_perl script examples. Above all I would like to see style of
> programming. It will be great if these scripts work with DBI. Could you
> recommend(give URL) or send me several scripts with good style of
> programming in mod_perl?

http://www.modperl.com/(The Eagle Book)

http://www.lerner.co.il/atf/archive.shtml (At the Forge column from LJ)

http://www.perlmonth.com/ (No new issues for long time :-(

http://www.stonehenge.com/merlyn/WebTechniques/col41.html

http://apachetoday.com/search.php3?author=Stas:Bekman

http://www.ix.de/ix/online/perl.html (mod_perl, Embperl articles in German)

http://simplex.ru/cgi-bin/news/search-koi.pl?regex=mod_perl   (Russian)

mod_perl examples

[Ilya Soldatkin]

Hi!
I am beginner in mod_perl.  I think it will be good for me to see some
mod_perl script examples. Above all I would like to see style of
programming. It will be great if these scripts work with DBI. Could you
recommend(give URL) or send me several scripts with good style of
programming in mod_perl?

Thanks
Ilya

Re: open(FH,'|qmail-inject') fails

[Frank D. Cringle]

Nicolas MONNET <[EMAIL PROTECTED]> writes:
> Might be a faq, but why would open(FH,'|qmail-inject') fail with
> fatal: read-error from within mod_perl?

Are the files in /var/qmail/control world readable?
Is QMAILMFTFILE defined in the environment and pointing to a file that 
the httpd process cannot read?

-- 
Frank Cringle,  [EMAIL PROTECTED]
voice: (+49 7745) 928759; fax: 928761

Re: open(FH,'|qmail-inject') fails

[Nicolas MONNET]

No, no the full path is there, I just did'nt copy it. 

On Thu, 7 Sep 2000, Frédéric Schwien wrote:

|Date: Thu, 7 Sep 2000 12:18:20 +0200
|From: Frédéric Schwien <[EMAIL PROTECTED]>
|To: Nicolas MONNET <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
|Subject: Re: open(FH,'|qmail-inject') fails
|
|> Might be a faq, but why would open(FH,'|qmail-inject') fail with
|> fatal: read-error from within mod_perl?
|Use 
|open MAIL, "| /var/qmail/bin/qmail-inject" or &die_html("test");
|print MAIL "[your mail]";
|close MAIL;
|
|I suppose you forgot the full path to qmail-inject ...
|
|Fred
|> 
|> Thanks for your help.
|> 
|> 
|

-- 
Nicolas MONNET, Technical Director, IT-Xchange

http://www.it-xchange.com>
mailto:[EMAIL PROTECTED]>
mailto:[EMAIL PROTECTED]>

Re: open(FH,'|qmail-inject') fails

[Frédéric Schwien]

> Might be a faq, but why would open(FH,'|qmail-inject') fail with
> fatal: read-error from within mod_perl?
Use 
open MAIL, "| /var/qmail/bin/qmail-inject" or &die_html("test");
print MAIL "[your mail]";
close MAIL;

I suppose you forgot the full path to qmail-inject ...

Fred
> 
> Thanks for your help.
> 
> 

open(FH,'|qmail-inject') fails

[Nicolas MONNET]

Might be a faq, but why would open(FH,'|qmail-inject') fail with
fatal: read-error from within mod_perl?

Thanks for your help.

RE: ErrorDocument problem

[BeerBong]

Joshua, thanx for answer - I solve this problem already...

I had secured back-end server from direct client access. Only local proxy
requests was accepted. And after this condition I replaced IP address of
server with Real IP address of client. As result, on internal redirect (with
real address already) to ErrorDocument I got 404 File Not Found + additional
Forbidden on ErrorDocument redirect. (I did't see this text, because My
Explorer returns "friendly" response :)))
-
sub My::ProxyRemoteAddr ($)
{
my $r = shift;
return FORBIDDEN unless ($r->connection->remote_ip =~
"ip_address_of_my_server");
if (my ($ip) = $r->header_in('X-Real-IP') =~ /([^,\s]+)$/) {
  $r->connection->remote_ip($ip);
}
return OK;
}
-
I rewrite this sub - and now all is ok!
-
sub My::ProxyRemoteAddr ($)
{
my $r = shift;
return FORBIDDEN if (!($r->connection->remote_ip =~
"ip_address_of_my_server") && $r->prev && $r->prev->status != 404);
if (my ($ip) = $r->header_in('X-Real-IP') =~ /([^,\s]+)$/) {
  $r->connection->remote_ip($ip);
}
return OK;
}
-

> -Original Message-
> From: Joshua Chamas [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 07, 2000 2:14 PM
> To: BeerBong
> Cc: ModPerl
> Subject: Re: ErrorDocument problem
>
>
> I'm curious to know whether there's anything in your
> error_log if Debug is set to -2 for Apache::ASP, to
> see if Apache::ASP is handling the .asp request
> and not returning the right error code.  It should
> return the 404 just fine though and the ErrorDocument
> should pick it up from there.
>
> --Joshua
>
> _
> Joshua Chamas Chamas Enterprises Inc.
> NodeWorks >> free web link monitoring Huntington Beach, CA  USA
> http://www.nodeworks.com1-714-625-4051
>
>
>
>
> BeerBong wrote:
> >
> > Hello all!
> >
> > I have a two apache server model (front-end - simple, back-end - power)
> >
> > I want return custom page on 404 status.
> > .asp, .pl files are passed to back-end via mod_rewrite on
> simple Apache (I'm
> > using Apache::ASP).
> >
> > When I trying to access
> > 1. /not_existing_file - works cgi script on simple, works fine
> > 2. /not_existing_file.asp - I get standart not found message,
> generated by
> > browser!
> > although
> > 3. /cgi-bin/error.pl - returns normal output generated by power apache.
> >
> > It seems that ErrorDocument for power Apache doesnt work...
> > How I can fix this problem ? :(
> >
> > Part of httpd.conf
> > ---
> > 
> >   ScriptAlias /cgi-bin/ /usr/web/cgi-bin/
> >   
> > SetHandler cgi-script
> >   
> >ErrorDocument 404 /cgi-bin/error.cgi
> > 
> > 
> >   Alias /cgi-bin /usr/web/cgi-bin
> >   
> > SetHandler perl-script
> > PerlHandler Apache::Registry
> > Options ExecCGI
> > PerlSendHeader On
> >   
> >   ErrorDocument 404 /cgi-bin/error.pl (error.pl is symbolic link to
> > error.cgi)
> > 
> > ---
> >
> > --
> > Sergey Polyakov - chief of WebZavod
> > http://www.webzavod.ru
>

[OT] Net::SSleay

[Sergey V. Kolychev]

Hi,

Sorry for off topic,one excuse is that all my code is working under
mod_perl ;) 
I have been running into troubles with www.authorize.net
That is online billing system,and some times it is going down in an
interesting manner , it accepts connections and taking a money from 
a customer and not giving to him any response (just hangs) ;).
Well here is a background.
I am using Business::OnlinePayment::AuthorizeNet module,it uses
Net::SSleay.
The question is that how I can setup hard timeout for transaction 
and if the time is spent I can get an error message from "post_https".
I know I can setup $SIG{ALRM},eval {} and so on, but I am not sure
if it will close the connection correctly and free all of the resources.

Thanks for any help, this problem is killing me.   

   --Alchevsk Linux User Group---
  I don't call, I don't cry , I don't apologize
  All will be gone like an apple tree's white smoke... (S.Esenin)
  http://www.ic.al.lg.ua/~ksv | PGP : finger [EMAIL PROTECTED]
  e-mail: [EMAIL PROTECTED]

Re: ErrorDocument problem

[Joshua Chamas]

I'm curious to know whether there's anything in your
error_log if Debug is set to -2 for Apache::ASP, to 
see if Apache::ASP is handling the .asp request
and not returning the right error code.  It should 
return the 404 just fine though and the ErrorDocument
should pick it up from there.

--Joshua

_
Joshua Chamas   Chamas Enterprises Inc.
NodeWorks >> free web link monitoring   Huntington Beach, CA  USA 
http://www.nodeworks.com1-714-625-4051




BeerBong wrote:
> 
> Hello all!
> 
> I have a two apache server model (front-end - simple, back-end - power)
> 
> I want return custom page on 404 status.
> .asp, .pl files are passed to back-end via mod_rewrite on simple Apache (I'm
> using Apache::ASP).
> 
> When I trying to access
> 1. /not_existing_file - works cgi script on simple, works fine
> 2. /not_existing_file.asp - I get standart not found message, generated by
> browser!
> although
> 3. /cgi-bin/error.pl - returns normal output generated by power apache.
> 
> It seems that ErrorDocument for power Apache doesnt work...
> How I can fix this problem ? :(
> 
> Part of httpd.conf
> ---
> 
>   ScriptAlias /cgi-bin/ /usr/web/cgi-bin/
>   
> SetHandler cgi-script
>   
>ErrorDocument 404 /cgi-bin/error.cgi
> 
> 
>   Alias /cgi-bin /usr/web/cgi-bin
>   
> SetHandler perl-script
> PerlHandler Apache::Registry
> Options ExecCGI
> PerlSendHeader On
>   
>   ErrorDocument 404 /cgi-bin/error.pl (error.pl is symbolic link to
> error.cgi)
> 
> ---
> 
> --
> Sergey Polyakov - chief of WebZavod
> http://www.webzavod.ru

Re: beginner mod_perl error

[Nouguier]

Roee Rubin wrote:

> I have been able to correct the @INC path issue and
> now have ran into the following error that is
> displayed in the error_log
>
> null: Undefined subroutine &Apache::Hello::handler
> called
>
> Any help will be appreciated.
>
> [EMAIL PROTECTED]
>
> Hello,
>
> I have written a sample package (from a book). The
> package uses an Apache package - Constants.pm that its
> path is not included in the @INC variable. I would
> like to add the path to the variable by default and
> not in runtime as people have suggessted.
>
> Where are the default values of @INC stored ??
>
> Thanks in advance.
> [EMAIL PROTECTED]
>
> =
> The error I recieved ...
>
> Can't locate Apache/Constants.pm in @INC (@INC
> contains: (...)
>
> hello.pm
> ==
>
> package Apache::Hello;
> use strict;
> use Apache::Constants qw(:common);
>
> sub handler {
>
> my $r = shift;
> $r->content_type('text/html');
> $r->send_http_header;
> my $host = $r->get_remote_host;
> $r->print(< 
> 
> Hello There
> 
> 
> Hello $host
> Testing 123
> 
> 
> END
> return OK;
> }
>
> 1;
>
> __
> Do You Yahoo!?
> Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/

In a PerlRequire startup.pl file just set:


#!/usr/bin/perl

sub BEGIN {
use lib qw( path/to/your/libs );
use MyLib; # To load it a startup
}

Re: upgrading mod_perl on production machine

[Stas Bekman]

On Wed, 6 Sep 2000, Perrin Harkins wrote:

> On Wed, 6 Sep 2000, Bill Moseley wrote:
> > I hope I didn't miss anything in the Guide at install.html and in
> > control.html, but I was looking for any suggestions on upgrading mod_perl
> > and Perl on a running production machine to limit the amount of down time.
> 
> We use RPMs.  Some form of package, even if it's just a tarball, is a good
> idea.  Build it on a different server and then just install it.  Having
> multiple servers really comes in handy here because you can take some off
> line, upgrade them while the others are live, and then switch.  Then your
> site remains up the whole time.

The problem of the tar-ball is that it doesn't know to cleanup previously
installed files. Imagine a situation where some module that was previously
installed in perl5/5.00503 now installed in perl5/site_perl/5.005 -- You
get the problem where the old version is loaded before the new one. 

Therefore tar-ball is not a good solution, unless you scratch the whole
tree a moment before you untar the ball.

_
Stas Bekman  JAm_pH --   Just Another mod_perl Hacker
http://stason.org/   mod_perl Guide  http://perl.apache.org/guide 
mailto:[EMAIL PROTECTED]   http://apachetoday.com http://jazzvalley.com
http://singlesheaven.com http://perlmonth.com   perl.org   apache.org

Re: mod_perl security on a shared web server

[Stas Bekman]

On Wed, 6 Sep 2000, Félix C.Courtemanche wrote:

> Hello,
> 
> I couldn't find any occurance of this question in the archives, but if it
> does exists, please forward me to it.
> 
> I have been working on a set of Administration Tools for commercial web
> hosting companies for quite some times.  Lately I have been trying to figure
> out the MOST secure way to host multiple accounts on the same server, with
> mod_perl enabled AS FAST AS POSSIBLE.
> 
> In the best world, I would have the possibility of:
> - Restricting the opened files by any .pl script to the user's base
> directory.
> - Allowing custom shell commands or not
> - Setting a maximum execution time for a script
> 
> The first directive would be used to prevent anyone from reading the source
> of another program, wich would allow someone to grab the sensitive data
> stored in configuration files, such as Database Passwords, etc.  It is the
> MOST important of all and I really must find a solution.  I previously saw
> some perl wrapper that would only allow files owned by the script's owner to
> be read.  However, that wrapper greatly reduced the execution speed of .pl
> and it was not that effective.  Any suggestions?

http://perl.apache.org/guide/multiuser.html

> Finally, the third directive would allow me to kill any script running for
> too long or using too much CPU.

Apache::Watchdog::RunAway does the 'too long' part.

Apache::{SizeLimit|GTopLimit} do the 'too much memory/too low sharing'
part.

Apache::Resource does the rest.

> I understand that there is probably no tool to do all of it, but if I can
> gather the tools to make it as effective as possible, it would be really
> usefull for me and others.
> 
> Please don't tell me to monitor the user's scripts, since that is almost
> impossible to do when you have more than 10 sites to monitor, wich will
> happen quickly :)
> 
> Any other tips and tricks to improve the security of mod_perl is greatly
> appreciated as well.
> 
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> Félix C.Courtemanche . Head Designer
> Co-Administrator . Can-Host Networks
> http://www.can-host.com
> [EMAIL PROTECTED]
> 
> 
> 



_
Stas Bekman  JAm_pH --   Just Another mod_perl Hacker
http://stason.org/   mod_perl Guide  http://perl.apache.org/guide 
mailto:[EMAIL PROTECTED]   http://apachetoday.com http://jazzvalley.com
http://singlesheaven.com http://perlmonth.com   perl.org   apache.org