Re: Running a shell command inside a cgi/perl script
* Kairam, Raj ([EMAIL PROTECTED]) [011130 15:10]:
In my perl script I have a line like this.
system( '/usr/bin/lp -dhp4si /tmp/plotreq.txt' /tmp/plotid.txt);
hp4si is the destination printer.
/tmp/plotreq.txt is small text file to be sent to the printer.
/tmp/plotid.txt is the output of lp command ( just one line to indicate job
id )to be saved.
If I run the command /usr/bin/lp -dhp4si /tmp/plotreq.txt /tmp/plotid.txt
it is fine as a command line.
The same in the perl script as above, doesn't send the file to printer nor
does it create the /tmp/plotid.txt file.
I have tried this also and did not work.
@lplist = (/usr/bin/lp, -dhp4si /tmp/plotreq.txt);
system(@lplist);
This is the context.
sub search {
some code
open(REQFILE, /tmp/plotreq.txt) || die sorry, could not open
/tmp/plotreq.txt;
some more code to generate content for plotreq.txt
..
close(REQFILE);
This is where I tried the above to send the file to the printer.
}
This sub is part of a cgi script that creates output for the browser. The
browser output is OK.
The /tmp/plotreq.txt is generated but not being sent to the printer.
Can somebody guide me to do it right ?.
Thanks
Raj kairam
Have you tried to 'su -' to nobody (or whomever your server is running as)
and run the command that way? Have you tried to run the script from the command-line
and see what that yields?
On a side note, you may want to ensure that you are using Taint for all of your CGI
scripts when they interact with the OS.
Thanks,
JJ
--
J. J. Horner
H*,6a686f726e657240326a6e6574776f726b732e636f6d
***
H*,6a6a686f726e65724062656c6c736f7574682e6e6574
Freedom is an all-or-nothing proposition: either we
are completely free, or we are subjects of a
tyrannical system. If we lose one freedom in a
thousand, we become completely subjugated.
msg23183/pgp0.pgp
Description: PGP signature
Re: Doing Authorization using mod_perl from a programmers perspective
* Randal L. Schwartz ([EMAIL PROTECTED]) [09 11:00]: Jon == Jon Robison [EMAIL PROTECTED] writes: Jon Randall, you want to expound upon that? Barely ignoring the spelling of my name, I'll simply claim it's not unique. Neither is IP address. Or anything that you haven't specifically round-tripped to the browser. And that doesn't stop someone from making another browser respond in the same way, or that browser respond in a different way. But this is obvious. I'm confused about why I'd have to explain it. :( I think Randal has pointed out many times, as have others, that a browser isn't a person. One doesn't want to authenticate browsers, one wants to authenticate people. Using browser specific information to authenticate a person is not only impossible to do successfully, it is silly to try. Using cookies is only a little bit less unsuccessful. Also, please be sure to note the gotcha in the mod_perl guide that gives you warning that all browsers behave differently when dealing with a 401 status code. Be sure to take that into account. Thanks, JJ -- J. J. Horner H*,6a686f726e657240326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. msg22686/pgp0.pgp Description: PGP signature
Re: ANNOUNCE: Starting work on Apache::RedirectUnless
* Mithun Bhattacharya ([EMAIL PROTECTED]) [010919 03:40]: Stephen Adkins wrote: Is there an easier way to safeguard against Apache prompting for a password over HTTP? You could keep the secure areas outside the HTTP document root ?? Just a different DocumentRoot for HTTPS in your VirtualHost or separate httpd.conf. Mithun Well, one solution we were looking at was using two document roots, and linking those directories/apps certified clean to the http docroot. The problem with this is that we have two virtual hosts, same name, different ports (http and https) that basically need to have the same information, with the difference of redirecting some things to the https virtual host if the directory/app is not certified clean by us. This makes for a very long, very intricate Redirect list and each time we need to add to it, we would have to start and stop the server. I figured a more elegant method would be to have the webserver redirect if an .htaccess is present. The only way I can figure on doing this effectively would be a mod_perl module. So, I'm going to write one. Thanks, JJ -- J. J. Horner H*,6d6174686c696e40326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. msg22709/pgp0.pgp Description: PGP signature
ANNOUNCE: Starting work on Apache::RedirectUnless
I have need of a module that will redirect to https anytime basic authentication is required. I figure the best way to do this is to step in at the authentication phase, and should authentication be required and the method be http, redirect to https for any and all basic authentication traffic. Perhaps after this, redirect to http, if desired. Any comments or suggestions? Thanks, JJ -- J. J. Horner H*,6d6174686c696e40326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. PGP signature
Re: ANNOUNCE: Starting work on Apache::RedirectUnless
The problem with that solution is that we have 2 virtual hosts, one http, one https, on one machine. https is the only available transport outside of our network, while the http server is available internally. This is a production webserver, with existing information, applications, etc. We don't want to redesign our existing setup just to move content to a secure virtualhost when someone wants to authenticate. This approach allows us to keep things from the developer side very transparent. Developers can continue to maintain and create as usual, with the added step of a login being transferred by https method. If I were designing a server from scratch, I would plan better, but since we are trying to implement encrypted basic authentication after the server, sites, applications are in place, we have to work around them. With the AuthName set to one value across the server, we may be able to prevent too many logins. We need to keep the same content on both virtualhosts as much as possible. Ideas? Comments? Thanks, JJ * Christian Gilmore ([EMAIL PROTECTED]) [010918 11:36]: Putting it into the auth phase would be appropriate, but I have to wonder why this module is needed other than to refrain from keeping your configuration file clean. Your unsecure virtual host should have no auth statements in it if you want all auth to be on your secure virtual host... You'll need to have your entire session where you want the user to authenticate on the same virtual host, else the user will be prompted multiple times or you will have a security gap if you're leaving it all up to the service layer. Regards, Christian -Original Message- From: J. J. Horner [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 18, 2001 8:51 AM To: [EMAIL PROTECTED] Subject: ANNOUNCE: Starting work on Apache::RedirectUnless I have need of a module that will redirect to https anytime basic authentication is required. I figure the best way to do this is to step in at the authentication phase, and should authentication be required and the method be http, redirect to https for any and all basic authentication traffic. Perhaps after this, redirect to http, if desired. Any comments or suggestions? Thanks, JJ -- J. J. Horner H*,6d6174686c696e40326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. -- J. J. Horner H*,6d6174686c696e40326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. PGP signature
Auth vs Authz handler
I'm working on the Apache::AuthExpire module. Considering the difficulties of getting two browsers to behave the same way, I was thinking that I should probably implement a login page, once the initial authentication phase is finished. Basically, user logs in, then if no timestamp is available (stored in a file), then the initial login also starts the timer. If a timestamp is available, and the user is idle for more than 15 minutes, the user is greeted with an html page asking for password again. My question is this: should I implement this as an authen handler, which it is now, or as an authz handler, which I think would give me more flexibility. Also, how do I get something renamed or reclassified, if I decide that I should move it from the Authen phase to the Authz phase? Thanks, JJ -- J. J. Horner H*,6d6174686c696e40326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. PGP signature
Redirecting protected file requests to https for authentication
I have what seems to be a uncommon request. I need to write a module, or find a way, that will step in at the Authentication phase, or rather before, determine that a password is required, return a response that redirects to the https mode for the request, then allows authentication. I'm doing this so that no clear text passwords pass the network and so that any page that doesn't require authentication can still be handled using our port 80 virtualhost. basically: http://devmachine/no_authen/ - stays port 80 https://devmachine/no_authen/ - stays port 443 http://devmachine/authen/ - redirects to 443 https://devmachine/authen/ - stays port 443 and sends 401 Any ideas? I've seen a few that are close (Apache::AuthenURL, for instance), and they could be changed to do what I need, but if there isn't a way already done for specifically this, I might do it. Comments? How about a name for this, should it be necessary to right it? Thanks, JJ -- J. J. Horner H*,6d6174686c696e40326a6e6574776f726b732e636f6d *** H*,6a6a686f726e65724062656c6c736f7574682e6e6574 Freedom is an all-or-nothing proposition: either we are completely free, or we are subjects of a tyrannical system. If we lose one freedom in a thousand, we become completely subjugated. PGP signature
Re: Looking for a new distro
* Jamie Krasnoo ([EMAIL PROTECTED]) [010113 17:20]: Ok, I've had it with RH 7.0. Too many problems. What Linux distro are some of you using with Apache 1.3.14 and mod perl 1.24_01? Jamie I use Redhat 6.2. I put 7.0 on my laptop, and it worked okay, but I only do perl on my laptop. If I were to code C (not very often), it would be on a 6.2 box. I haven't looked into the egcs issue with RedHat 7.0, but I know RedHat issued an "apology". JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: Need Some Help
* G.W. Haywood ([EMAIL PROTECTED]) [010112 10:10]: Hi there, On Fri, 12 Jan 2001, Perry Edward (tsp2emp) wrote: I have looked though every thing I could fine but what docs are you referring to ? .../mod_perl/README .../mod_perl/INSTALL* .../mod_perl/SUPPORT http://perl.apache.org/guide and of course the Eagle Book - this is my (old) copy, there's a later edition which I recommend you get instead. There is a second edition already? This book hasn't been out 2 years yet. You guys are quick!! JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Debugging information sent to browser
Is something available to allow debugging information to be sent to a browser based on the UID of the user or IP address of the client? We use cgiwrap (and consequently, cgiwrapd) to help secure our server and I like the option of using cgiwrapd when a problem is encountered. Is it advisable to write a perl module to provide this kind of debugging information? Is something already written? I'm also toying with the idea of allowing each script to have a DEBUG=1 option enabled in a handler so that as long as it is the script owner, verified by uid, trying to set the DEBUG=1 parameter in a URL, the full debug information is sent to a browser Any hints, tips, or concerns? Thanks, JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: Debugging information sent to browser
* Blue Lang ([EMAIL PROTECTED]) [010112 12:08]: On Fri, 12 Jan 2001, J. J. Horner wrote: I'm also toying with the idea of allowing each script to have a DEBUG=1 option enabled in a handler so that as long as it is the script owner, verified by uid, trying to set the DEBUG=1 parameter in a URL, the full debug information is sent to a browser Erm.. I'm not sure how you're going to verify the uid of a remote user, unless you mean mapping an IP to each cgi-wrapped UID. Either way, you've got a lot of moving targets. I might hijack the custom error page handler in Apache and send a default error page unless the remote user is somehow authenticated.. But I don't think remote uid or IP are gonna be reliable. Well, I was hoping that once the DEBUG=1 option is set, I could force a login by returning AUTH_REQUIRED, and if the authenticated uid matches the uid in the file ownership, the debugging information is sent. If not, the user gets a standard 401 message. But as I envision it now, I'd have to add something to the URL parser that looks for DEBUG=1, and if present, sends to the special handler which does magic and runs an strace on the script, or something. I haven't fleshed out all of the details, but I'd like something similar to what Cold Fusion offers in its debugging options, and what cgiwrapd offers with its cgiwrapd setup. I'm just thinking right now. Thanks, JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: Debugging information sent to browser
* Todd Finney ([EMAIL PROTECTED]) [010112 13:00]: At 12:07 PM 1/12/01, Blue Lang wrote: On Fri, 12 Jan 2001, J. J. Horner wrote: I'm also toying with the idea of allowing each script to have a DEBUG=1 option enabled in a handler so that as long as it is the script owner, verified by uid, trying to set the DEBUG=1 parameter in a URL, the full debug information is sent to a browser Erm.. I'm not sure how you're going to verify the uid of a remote user, unless you mean mapping an IP to each cgi-wrapped UID. I don't see how you'd do it based on uid, either, but you could certainly do something based upon REMOTE_ADDR. Why do you think it would be hard to return AUTH_REQUIRED if the DEBUG=1 param is in the URL? Granted, the browser issues involved won't make it the best solution, but no worse than passwords are already. Someone would have to be using a machine where a valid uid/passwd are in browser cache, or someone would have to know a valid uid/password. My guess is that if I can get it to return AUTH_REQUIRED if DEBUG=1, then display the debugging information once the 401 is settled, this may be a useful handler. My main worry is how I'm going to produce the best debugging information without requiring scripts to be rewritten. As it is, CF displays debugging information based on IP. I can mimic the code from cgiwrap to find what I would like to send, and I can probably find a way to send the best debugging and error reporting to the debugging uid's browser. Sorry, I'm going to take this off list now. If you are interested in discussing this, send to my email. JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: [OT] Availability of Jobs -- was Re: [SOLICITATION] Programmer available for contracting..
* Michael Bacarella ([EMAIL PROTECTED]) [010111 10:32]: Is this an odd time of year for many contractors where the contract ends around the holiday season? Or is this starting to be a symptom of dotcoms going bust and the development market starting to level out? I'm actually happily employed doing mod_perl (among things). I just wouldn't mind some extra income as well as an opportunity to meet new people. *shrug* -- Michael Bacarella [EMAIL PROTECTED] Technical Staff / New York Connect.Net, Ltd Daytime Phone: (212) 581-2831 Yeah, who wouldn't mind some extra cash. For instance: My wife got mad at me for not wearing my wedding ring a few days in a row. It has just slipped my mind, but she was a little hot over it. "How do you expect women to know your married if you don't wear the ring?", she asked. "Honey," I replied," I'll just open my wallet. They'll see the moths making a winter home and know immediately that I'm married." That didn't help matters much. Imagine that. -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: Strange log entry, Apache child messed up afterwards
* Gerd Kortemeyer ([EMAIL PROTECTED]) [010105 19:20]: Hi, Did anybody ever see a message like this in the error log after an "internal server error"? [error] Undefined subroutine Apache::lonhomework::handler called at /dev/null line 65535. No further entries. Here is good, maybe: http://perl.apache.org/guide/debug.html#Curing_The_Internal_Server_Erro Here is also good, maybe (the sequel): http://perl.apache.org/guide/debug.html#Helping_error_log_to_Help_Us I hear this may also be good (the next generation): http://perl.apache.org/guide/debug.html#The_Importance_of_Warnings If all else fails, this may be good (generations): http://perl.apache.org/guide/debug.html#Sometimes_My_Script_Works_Somet I don't know, but it could help (the obligatory "We are all broke and can't handle our money, so we need more work" sequel): http://perl.apache.org/guide/debug.html#Code_Debug If none of this helps, try Stallone, he makes more sequels. -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Mod_perl tutorials
Jeff, I was looking around Stas' site and found a discussion in which you stated that you taught some underlings about mod_perl in 2 five hour sessions. What is the story on these tutorials? Is it something you can distribute, or did most of it come off of the top your head? Thanks, Jon -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: Mod_perl tutorials
On Wed, Dec 13, 2000 at 11:08:44AM -0700, Nathan Torkington wrote: J. J. Horner writes: What is the story on these tutorials? Is it something you can distribute, or did most of it come off of the top your head? Tutorials seems like a deadend for effort. I've had zero (0) responses to my offer of my "Introduction to mod_perl" tutorial. I'm interested. Send me a link, or tell me more information. If it is going to cost me, it will have to wait until after Christmas. My Christmas budge was depleted when I bought a new laptop, a new server, and a french horn. JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux PGP signature
Re: mod_perl training (was Re: Certification)
On Sun, Dec 10, 2000 at 06:13:13PM +0800, Gunther Birznieks wrote: It sounds to me like you have hit the nail on the head. Perhaps what is needed in terms of recouping costs for a mod_perl hands-on development course and/or online course is the open source/collaborative approach. This seems to be a good solution to this problem. Instead of one person sucking up the costs of developing these courses, we could get a group together to do this. Sounds good to me. I would be willing to donate my time to write and initially test the exercises to the slides that are taught for the days. If a couple people were to donate their time to writing the slides based on an outline produced by Stas and Randal. So would I. I'm more than willing to proof read, test, and be a guinea pig. We could host it on sourceforge as the modperltraining project. Sourceforge could also host the mailing list. Then regardless of if Randal would then be willing to take the course material and beta test it as a class he offers (eg maybe giving the course itself would not be profitable for him), we ourselves could be giving this course all over the world in beta-test Perl Monger groups. Yet another good idea. We all love open-source, and collaborative efforts, so let's create a good set of training materials, and then let people teach this material in their own neighborhoods. I know there are still issues such as getting people of the same level of expertise in the same room and mod_perl not being a "core" technology, but I think mod_perl can be taught assuming similar requirements as the PROM class you offer as an initial thought? mod_perl doesn't require all of PROM, but probably about a day of it would be integrated to bring people up to speed on the basics? You lost me here. I'm not sure what "core" technology means. I always thought it would be relatively easy for an experienced teacher to develop a coherent, reliable course for mod_perl, as long as some requirements are met (able to program perl and able to configure and administer an apache server). Once those guidelines are met, discussing the Apache API, going into detail on each of the response phases, and going through examples and exercises, would flow somewhat unfettered. 1. the Apache server life cycle 2. the request loop 3. Discussion of the API for each phase of the loop with examples 4. Exercises This would take about 3 (maybe 4) days with someone who meets the pre-reqs. 1 for the intro and terminology 1 long day to discuss the APIs for each phase (maybe two), and 1 day to go over exercises and have some "lab" work. This is just a rough estimate, and if someone thinks I've lost my coconuts let me know. Getting someone up to speed on mod_perl (not Apache::* modules, but the perl API to Apache), shouldn't take too long. I'd say about 1-1.5 hours for each stop in the request loop. 4-5 hours to teach someone the guts of Apache, including terminology and the real base knowledge stuff, and 8-10 hours to go over exercises, and develop skeleton handlers. We are looking at about 30 hours of hard, hard work. They don't call some training sessions "boot camps" for nothing. Again, feedback is good. Just make it constructive. Calling me a "moronic putz" isn't helpful, but saying "Hey, Moronic Putz, you underestimate " is good. helping with this project, please email me privately. If I get enough people willing to contribute (at least 5), I'll set up the sourceforge project to start the ball rolling Oh yeah, did I say I didn't mind donating my admin time as well to this experiment. :) Count me in. I'll be willing to guinea pig stuff and give feedback, as well as do research and help out more experienced teachers. Later, Gunther JJ -- J. J. Horner [EMAIL PROTECTED] Apache, Perl, mod_perl, Web security, Linux
Re: RFC: mod_perl advocacy project resurrection
On Wed, Dec 06, 2000 at 01:22:26PM -0800, Randal L. Schwartz wrote: "Gunther" == Gunther Birznieks [EMAIL PROTECTED] writes: Gunther This is exactly why someone experienced in training (ie Gunther Randal/StoneHenge) would hopefully be the ones to take the Gunther torch on this. If there's anyone I would trust a Gunther certification from, it would be them. We've considered the certification route from time to time, but other than being a money maker for us (which isn't all that bad of a deal :-), I'm still not entirely convinced that the community of *ours* would demand certification in any distinguishing way. I mean, until I can demonstrate that people with certs are likely to get hired faster or make more money, what's the point? As it is now, good mod_perl people are hard enough to find that the jobseeker already has the advantage. I'm very open to being convinced otherwise though. I'd be interested in something like this. For a low price ($50-$100), I'd take a list of activities from your website, complete the activities, submit my code back to you, and let you grade me, and then send me some form of certificate saying "Certified mod_perl hacker" with Stonehenge and the famous merlyn signing it. If we could get Doug and Lincoln to sign off on the list of activities, the certification couldn't get more genuine than that. Having one of the great perl hackers, the creator of mod_perl, and a few other luminaries endorse the program would be a boon. By the way, does mod_perl have a "board of directors"? If there was a mod_perl consortium backing mod_perl (Merlyn, Lincoln, Doug, Stas etc) formally, I'm sure we could get some pretty serious notice. How many technologies have the actual creator as part of the certification process? It could only help. Even if someone open books the exercises, the certification would still be valid. How many times are you forced to write something without reference of any kind? Just my $0.02. If I forgot to add kudos to any one individual, I apologize. I don't mean to leave anyone out. JJ -- J. J. Horner [EMAIL PROTECTED] "The people who vote decide nothing. The people who count the vote decide everything." - Josef Stalin "The tree of liberty must be watered periodically with the blood of tyrants and patriots alike. ... Resistance to tyrants is obedience to God." - Thomas Jefferson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RFC: mod_perl advocacy project resurrection
On Thu, Dec 07, 2000 at 03:58:48PM +0100, Stas Bekman wrote: By the way, does mod_perl have a "board of directors"? If there was a mod_perl consortium backing mod_perl (Merlyn, Lincoln, Doug, Stas etc) formally, I'm sure we could get some pretty serious notice. Yes, it's called Project Management Committee (pmc) and currently the members are Doug, Eric Cholet, Ask and me. This committee is a part of the Apache Software Foundation (ASF) group, which has pmc for every project hosted under ASF umbrella. So, if we were to look for a mod_perl certification, shouldn't this group of fine, upstanding people be the ones to design it, and have merlyn administer it through his site, or maybe this group could form a subcommittee to do the dirty work (grading, signing certificates, keeping track of certificate numbers, setting up mailing lists, etc). I truly believe that what worked for M$ could work for us. M$ proved that the key to getting any technology accepted, no matter how inferior, was to create a group of people who could advocate, administer, and sell the technology. We have a great thing here. If we could get a cert that makes people, perhaps in stages, submit handlers for all of the applicable Apache response phases, as well as create content handlers that perform database connections, add neat headers, footers, and graphics, and create theme handlers, etc, we could certify a group of dedicated, knowledgeable salesmen, programmers, hackers, etc. If I'm way off base, please let me know. I'm spending considerable brain power on this idea and if I'm wasting it, I need to know. I don't have much spare brain power and I could use it to try to figure out my wife . . . JJ -- J. J. Horner [EMAIL PROTECTED] System has been up: 3 days, 10:14. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RFC: mod_perl advocacy project resurrection
On Thu, Dec 07, 2000 at 07:56:09AM -0700, Nathan Torkington wrote: J. J. Horner writes: I'd be interested in something like this. Certification is a quagmire. If it's done well, it takes a lot of work by the certification authority, and that makes it expensive for those certified. If it's done poorly, it's useless and is just a moneymaker for the certification authority. I see your point. I was just thinking that creating a program would give some public credibility to the mod_perl community, which would then allow an entrance point into the community, which would increase numbers, which would increase message coverage, which would increase usage, which would increase word-of-mouth, which would give credibility, etc, etc. I think that certification is only really meaningful when you have too many applicants and need to give the employers a sense of how good the applicants are. That's the Cisco and Microsoft model, even though MCSE is a joke. I don't see a surfeit of mod_perl programmers. If anything, a stark shortage. I could see a use for certification for when we have too few. If we convert the few uncertified to certified, then get the acronym (CMPP??) known, this could be a way to identify the mod_perl community and provide press coverage. I'd rather see us find some way to churn out perl and mod_perl programmers. For instance, release a beginner class on Perl and mod_perl and have local Perlmongers lead classes. I have my slides from the University of Perl, which I'd contribute to such an effort (they're pretty closely based around the Eagle book, and some of the details should be replaced with sections on Mason et al.). The mod_perl book is a very valued reference book for me. I rarely leave home without it, so to speak. I do see your point, and you are probably right. I feel we are in a chicken-egg situation here: we need people, so we need coverage and media, so we can get people. I hate seeing very worthy technologies die in favor of less worthy, yet more hyped technologies. We need to beat them at their own game, it seems. Thanks, JJ -- J. J. Horner [EMAIL PROTECTED] System has been up: 3 days, 10:14. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [entirely OT :o] Version 0.3? [Was: mod_perl advocacy project resurrection]
On Wed, Dec 06, 2000 at 11:14:46AM -0800, Paul wrote: --- Perrin Harkins [EMAIL PROTECTED] wrote: you don't have to spend time re-integrating Apache::Session and Apache::DBI and Apache::WipeMyAss with each new project. I think Apache::WipeMyAss auto-configures as of 0.3. Where can *I* get that upgrade? =o) I think you will need to install Apache::KissMyRedEye to make that module work. JJ -- J. J. Horner [EMAIL PROTECTED] "The people who vote decide nothing. The people who count the vote decide everything." - Josef Stalin "The tree of liberty must be watered periodically with the blood of tyrants and patriots alike. ... Resistance to tyrants is obedience to God." - Thomas Jefferson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RFC: mod_perl advocacy project resurrection
On Tue, Dec 05, 2000 at 11:46:38PM +0800, Gunther Birznieks wrote: Maybe Randal's company (which I *think* specializes in training among other things) could help in that area -- the idea of mod_perl certification is more intriguing I think than just plain perl certification. Now this is something I would like. I am not big on certs (I don't have a single one), but if I were to get one, this would be it. I like mod_perl, and although I have only really started writing one public mod_perl module (anyone remember Apache-AuthExpire? Didn't think so, browser differences killed it), and I've written numerous custom stuff for work (sorry can't go into detail), I'm light on content handlers. I'm more backend, since I am not the most creative knife in the box. If I could get certified with mod_perl from [merlyn] and have the certification jive with the creators, it would help me considerably when I market myself as a hired-gun mod_perl coder. And we all remember the M$ scheme of an army of papered drones chanting "Microsoft is great!". We all now that it sold M$ software more than the software really did. If we can get an elite force of mod_perl hackers on the scene to spread the gospel, we would see a big boon to mod_perl press and support. Just my unlearned $0.02. JJ -- J. J. Horner [EMAIL PROTECTED] "The people who vote decide nothing. The people who count the vote decide everything." - Josef Stalin "The tree of liberty must be watered periodically with the blood of tyrants and patriots alike. ... Resistance to tyrants is obedience to God." - Thomas Jefferson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_perl advocacy project resurrection
On Tue, Dec 05, 2000 at 11:34:49AM -0800, brian moseley wrote: people won't use the software if you don't give them a compelling reason. mod_perl and the higher layer systems that use it are not as easy to configure or program as php, and they have a lot less support from external software vendors or relevance inside engineering shops than java. we are being squeezed from both ends. i had lunch with doug and jon swartz not too long ago, talking about the possibility of starting a web application infrastructure company based on mod_perl and mason. when we got down to it, the fundamental question was: why not just use java? and we couldn't find any answer other than "i like perl better". and that's not a reasonable business justification. at some point we're going to run out of hobbyists and others who /can/ justify using mod_perl-based technologies because they like perl better. As sad as this makes me, it has a ring of truth. The only reason I use mod_perl is to do things that require an Apache module, and I don't feel like using C. I know the performance increase for mod_perl scripts is amazing, but the learning curve doesn't justify it. Perhaps if someone makes a mod_perl based embedded scheme like Cold Fusion or PHP, that has some special hooks into Apache for performance that the other solutions don't offer. . . Honestly, though, I didn't believe the strength of mod_perl rested on the Mason type modules. I thought the strength of mod_perl was having a perl/Apache API. Having an easy way to interact with Apache using everyone's favorite language was what sold me on Apache. Ideas? JJ -- J. J. Horner [EMAIL PROTECTED] "The people who vote decide nothing. The people who count the vote decide everything." - Josef Stalin "The tree of liberty must be watered periodically with the blood of tyrants and patriots alike. ... Resistance to tyrants is obedience to God." - Thomas Jefferson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
This is so cool.
I've written mod_perl handlers for a few different phases, but I've never really worried about speed increases for plain content. I recently migrated from a cgi script in my cgi-bin that handles content to a Apache::Registry script that does the same thing. On my puny 150MHz Pentium, 96MBytes RAM machine, I was getting about 4.5 requests answered per second with a normal cgi script. After moving it to Apache::Registry and moving into the /perl/ directory, I can easily get 13-18 requests answered per second. That isn't too bad. Once I get this translated into a complete mod_perl handler, I will probably see an enormous increase. Thanks for listening. Jon -- J. J. Horner [EMAIL PROTECTED] "The people who vote decide nothing. The people who count the vote decide everything." - Josef Stalin "The tree of liberty must be watered periodically with the blood of tyrants and patriots alike. ... Resistance to tyrants is obedience to God." - Thomas Jefferson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cgi script vs mod_perl script
I have a script that uses some hash magic to set some variables. It works well in
normal mode, but
when I put it in my /perl directory, it stops working well.
The full script is included. In the script, I set up a hash of variables-subroutines
so that when someone sets a variable, it calles a specific subroutine using
$hash{$value}-()
It doesn't seem to work.
Any ideas?
--
J. J. Horner
[EMAIL PROTECTED]
"The people who vote decide nothing.
The people who count the vote decide everything."
- Josef Stalin
"The tree of liberty must be watered periodically with the
blood of tyrants and patriots alike. ... Resistance to tyrants
is obedience to God."
- Thomas Jefferson
#!/usr/bin/perl -wT
use strict;
use CGI qw(:all);
#use LWP::Simple;
use Apache::Registry;
use lib "/data/2jnetworks/lib";
require 'jjnetworks.pl';
my $header_file = content("/data/2jnetworks/htdocs/header");
my $footer_file = content("/data/2jnetworks/htdocs/footer");
my $q = new CGI;
my %hash = (
Index = \Index,
Home= \Index,
Services = \Index,
ContactUs =\Index,
Links = \Index
);
my ($title,$backcolor,$textcolor,$welcome_message,$body_message);
my $value = $q-param('page') || "Index";
$hash{$value}-();
print $q- header(),
start_html( -title="2J Network Services, Inc.",
-bgcolor="white",
-text="black"
);
print $header_file;
print $q-
h1(
$q-center("$welcome_message")
),
p(
$q-center("$body_message\n")
);
print $footer_file;
print $q- end_html();
print "\n";
sub Index {
$title = "2J Network Solutions";
$backcolor ="white";
$textcolor = "black";
$welcome_message = "Welcome!!";
$body_message = "Future home of b2JNetwork Solutions./b";
}
sub Weather {
$title = "Local Weather";
$backcolor = "white";
$textcolor = "black";
$welcome_message = "Current Local Weather from Weather.com:";
$body_message = get_weather();
}
sub Plan {
$title = "Jon's Plan";
$backcolor = "white";
$textcolor = "black";
$welcome_message = "These are the things I have on my drawing board:";
$body_message = content("/data/home/jhorner/.plan");
}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
PerlAuthenHandler and browsers
After working with 4 different types of browsers and the PerlAuthenHandler, I am really unimpressed with browser makers. There are so many ways to convince browsers to resend a username password pair. For that reason, my handler can't rely on browsers to behave during the Authentication phase. I am going to have to find a way to force a user to input his password into the browser not using standard HTTP response codes. What is a reliable way to return a CGI script, and doing something with that response, before returning the page requested by the user? JJ -- J. J. Horner Apache, Perl, Unix, Linux [EMAIL PROTECTED] http://www.knoxlug.org/
Apache::TimeOut module
I wrote a module, now available in very beta form, to provide timeouts to .htaccess protected directories. Please download from: http://www.2jnetworks.com/~jhorner/TimeOut-0.21.tar.gz and give me feedback. I hope to submit this to CPAN soon, if warranted. Thanks, JJ -- J. J. Horner Apache, Perl, Unix, Linux [EMAIL PROTECTED] http://www.knoxlug.org/
Apache-AuthExpire-0.30.tar.gz
Apache::TimeOut has become Apache::AuthExpire. Please critique at http://www.2jnetworks.com/~jhorner/Apache-AuthExpire-0.30.tar.gz I appreciate your help. Any comments are welcome, including name issues, etc. Thanks JJ -- J. J. Horner Apache, Perl, Unix, Linux [EMAIL PROTECTED] http://www.knoxlug.org/
handlers on CPAN
do handlers belong on CPAN? Thanks, JJ -- J. J. Horner Apache, Perl, Unix, Linux [EMAIL PROTECTED] http://www.knoxlug.org/
[OT] Great book!
Well, in an effort to improve my effectiveness when coding perl, I bought "Effective Perl Programming" by Hall w/ Schwartz. I must say, I am enjoying this book. It appears to be one of the few tech books that I can read front to back and be engaged from start to finish. I bought it Sunday, and I'm already half way through. I may have to go through again to cement the concepts, but the text is informative, the concepts are enlightening, and the code examples are as relevant as I've seen in any book on programming. I give this book 4 1/2 'J's out of 5. -- J. J. Horner Apache, Perl, Unix, Linux [EMAIL PROTECTED] http://www.knoxlug.org/
Re: how to rewrite to a POST
On Thu, 27 Apr 2000, Ken Y. Clark wrote:
On Wed, 26 Apr 2000, David Hajoglou wrote:
so, is it possible to take a GET request and rewrite the uri into a POST
request and if so how?
i'm not sure if that's really necessary. you could just put the GET args
into $r-pnotes, perhaps like so:
sub handler {
my $r = shift;
return DECLINED unless $r-is_main();
my $apr= Apache::Request-new($r);
my @params = $apr-param;
my %args = ();
$args{$_} = $apr-param($_) for @params;
$r-pnotes('args', %args);
return OK;
}
In my situation, we sometimes have developers who try to send uids and
passwords across using a get. This puts uids and passwords in the
logfile. Is there a way to rewrite the GET to a POST before logging so as
to remove the uid/password data pairs?
Jon
--
J. J. Horner
Apache, Perl, Unix, Linux
[EMAIL PROTECTED] http://www.knoxlug.org/
Re: perl in configs /perl
On Wed, 19 Apr 2000, w trillich wrote: having seen the possibilities from /usr/share/doc/libapache-mod-perl/examples/perl_sections.txt (schwartz's neat virtual host setup) i thought i'd give it a whirl. I don't have this. Can someone point me to a link, or maybe send it via email to either [EMAIL PROTECTED] or [EMAIL PROTECTED]? J. J. Horner
