Re: Apache::Session
Aleksandr Guidrevitch said: ... Is it possible to uniquely identify the user by some attributes ? The only thing I consider now is IP, but what about proxies and NATs ? User Agent string could also be stolen via javascript. That means I tend to make stolen session ids non-reusable. Went through this many years ago and I assure you that there is 'no' proper heuristic for identifying that user. UserAgent fails when you have a building full of people with a standard install. IP fails with proxies - and even worse - through crappy isp's where each request appears to be chained through some different proxy. imho, you have to accept some level of insecurity. Make the walls higher. Use post, use cookies, make your session id's short lived, make heuristics for comparing temporaly close subsequent request's useragent/ip etc. Perhaps there's someone clever out there who has found a some chaotic fractal which will reveal the mac address from the combination of everything else, however besides this, I think it a no-winner. Well, good luck, Rafiq
Re: Re[2]: Problem with PerlTransHandler
Sergey V. Stashinskas said:
If these lines are commented out then script is working ok.
-Original Message-
From: [EMAIL PROTECTED]
To: Sergey V. Stashinskas
[EMAIL PROTECTED],[EMAIL PROTECTED] Date: Fri, 27 Jun
2003 16:39:12 +0300
Subject: RE: Problem with PerlTransHandler
Have you tried to comment out the 2 DBI lines like this:
#my $dbh = DBI-connect('dbi:mysql:db', 'user', 'pswd');
#$dbh-disconnect;
Can't find your original post, however try doing something like:
$dbh-disconnect if ref($dbh);
or:
if (ref $dbh) {
$dbh-disconnect;
else {
## CHECK LOGS for this
print STDERR \n Failed to connect \n;
};
Cheers,
Raf
Re: Re[4]: Problem with PerlTransHandler
Sergey V. Stashinskas said:
Problem is not in connection with database.
When I try to connect then $2 regexp variable becomes undefined and
script can not redirect anywhere. ($r-uri($2)) But when script is not
connected with database all works perfectly and this variable has a real
defined value. I can not understand this ...
What are you actually getting in your logs? Are you sure that it's even
getting to $2? My thought is this:
* if you don't get a $dbh back, then under strict you should get a
cock-up reporting that it can't run the method disconnect on an undefined
reference.
Can't see why this would happen. How you tried to dump the uri with a
STDERR? Noticed that you're from Russia, so perhaps it's some kind of
character encoding/local problem, since you're matching against latin
character classes? Can weird character creep into your session string?
Just thoughts. Final thought is running it through Apache::DB if you
fancy building it. Just a thought.
Cheers,
R.
Original source:
package Apache::StripSession;
use strict;
use Apache;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
my $dbh = DBI-connect('dbi:mysql:db', 'user', 'pswd');
$dbh-disconnect;
return DECLINED unless $r-uri =~
/^\/session\/([a-zA-Z0-9]{32})(.*)/;
$r-subprocess_env(SESSION = $1);
$r-uri($2);
return DECLINED;
}
1;
-Original Message-
From: Raf [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: Fri, 27 Jun 2003 15:09:13 - (GMT)
Subject: Re: Re[2]: Problem with PerlTransHandler
Sergey V. Stashinskas said:
If these lines are commented out then script is working ok.
-Original Message-
From: [EMAIL PROTECTED]
To: Sergey V. Stashinskas
[EMAIL PROTECTED],[EMAIL PROTECTED] Date: Fri, 27
Jun 2003 16:39:12 +0300
Subject: RE: Problem with PerlTransHandler
Have you tried to comment out the 2 DBI lines like this:
#my $dbh = DBI-connect('dbi:mysql:db', 'user', 'pswd');
#$dbh-disconnect;
Can't find your original post, however try doing something like:
$dbh-disconnect if ref($dbh);
or:
if (ref $dbh) {
$dbh-disconnect;
else {
## CHECK LOGS for this
print STDERR \n Failed to connect \n;
};
Cheers,
Raf
Re: puzzle of split() running under mod_perl
Ok, before heading off for the evening, here's a guess which may be totally wrong. JY - June Young said: We are running CSWS1.2 (based on Apache 1.3.6) on Open VMS V7.3-1 and CSWS_PERL V1.1 based on Mod_Perl V1.25. Main assumption ( this is buggy and not real apache/mod_perl ) - (as buggy as compaq (on disk) bioses, and all the compaq hardware, I've ever used, with the exception of the Dec Alpha (which was DEC at the time)). We have a function that changes the directory format from Unix to VMS, and this function is used in almost every script of our CGIs. Whenever the CGI that invokes this function get requested twice, the server process dies after the page comes out. Only on the second request? We noticed that it is the regex argument of function split causes the problem. We took this split statement out into a simple CGI script, and that CGI script works fine in mod_perl. Not sure about the syntax, by the outermost symbols should become delimiters for your reg.exp. (ie the quotes in your case) After adding quotes outside of the regex of split function in sub VMSify, the error went away. We could not figure out why the statement bombs out in our VMSify function and why adding quotes fixed it. The following are the test script and output in the browser. Adding the 's, simply makes it try and split on the symbol sequence /\// which doesn't exist in the string you're matching against, returning the whole string again. At least, that is my observed behaviour in 5.6.1. and the way I use them. My completely unsupported guess, which is what I'd look for given the circumstances, is this: 1) Given that: i) The original script segfaults the apache-clone ii) Your little cgi doesn't segfault anything. 2) Assuming: i) You're using 's in your 'original' live script ii) The split is returning an array of size 1, containing the original string in an your 'original' live script (because of the /\//). iii) Your test cgi script, as stated, is only trying to test out the SPLIT. iv) *the major assumption* You take this converted path on your vms system (as generated in step 2.ii) and are trying to access some 'real' file path with it / and open or stat or something. 3) Results in: (Complete Assumption) i) The apache-'clone' segfaulting/throwing a fatal/exploding on some attempt to read this real file path, which 'wasn't' really split in your live application and is still a unix path. ii) Compaq do it again and it's all their fault. iii) On a second read of your mail, 'adding' the quotes may have done this in reverse somehow and may still lead to either avoiding a syscall to open/read/stat/whatever a real file path. Although this is based on lots of assumptions, I think it might explain the segfault, which was fixed by removing(or was it adding?) your quotes. My thought was that fixing the server crash (which is what you wanted to explain?) came out of your avoiding a system call with a weird path to a real file. I don't know VMS, so I'm assuming nasties. I'm probably 90% wrong and it's that 10% of hope (and hmmm.. the I'd look 'there' factor) which I offer you. Hmmm. I'd also look at unclearly scroped variables which remain persistent between hits (given your two hit problem - if that really is the case). Might help, who knows? Not I. Byebye.
RE: puzzle of split() running under mod_perl
Hi June, JY - June Young said: with/without double quotes on the regexp. The print of the dir after= shows that split correctly parsed the input string. The only difference is that the server dies upon global destruction? As a matter of fact, I am very confused by the error message of global destruction. When does global destruction happen in mod_perl? Does my code causes server process die and then the process tries to do global destruction ? Or global destruction at some stage causes the process die. I thought mod_perl provide persistent environment, and no global destruction should happen until a process served enough requests and reached the end of lifecycle. My understanding was that it happend with a child process exiting after it hit its max requests .. of if you shutdown. What I might try if you're really curious is trying to run it through strace or truss (well your vms equivs) with httpd -X, unless someone else can give you an immediate answer, it often proved itself a useful approach. Might give you an idea of what is causing the process to die. Last night's enthusiasm has worn off. :) All the best. R.
Re: Help needed !!
ECE Webmaster said: Hi , I am having a problem with an application that I am running on an Apache server. It says that it is unable to load the script. I have chmod all things to 777. My application is at http://www.ece.ufl.edu/COE/pages/chat/chatmain.html Thanks a ton Mandeep That doesn't say very much. Unless this is an invitation to test out whether you're keeping up with security patches, I'd suggest that your mod_perl server conf chunks would be more informative. Further, changing permissions to 777 is really dangerous, especially on a university server. And you're the webmaster? Read man pages, check which user apache is running under, where your scripts are loaded from, loads of stuff, which no could really enlighten you on, until you provide real conf files. Yours, bored and brain dead.
Re: [OT] mod_proxy, mod_perl, php
On Wed, 18 Dec 2002, Scott Alexander wrote: The html documents are on the mod_perl machine. What happens if users add php code to their html documents? If I add php support on the front_end will it work normally? * Have you thought of setting a separate document route for php (if they are .html templates from one document route)? * Have you considered placing it on the proxied machine and getting your mod_perl handler to decline if it finds PHP tags (if they are all .html from one document root)? * If you : * proxy *.html on the proxy server or whatever distingues your mod_perl content. * catch all Files *.php on your proxy server that might do the trick. topic. I don't know what mailing list to ask this on. I'm doing distance work and living 150 km above the Arctic Circle Cool. Very Cool. Or even extremely cold. ;) I'm curious. What are you working on? Rafiq
Re: [OT] mod_proxy, mod_perl, php - RESEND
Still half asleep. Stupid typos have been un-typofied: On Wed, 18 Dec 2002, Raf wrote: On Wed, 18 Dec 2002, Scott Alexander wrote: The html documents are on the mod_perl machine. What happens if users add php code to their html documents? If I add php support on the front_end will it work normally? * Have you thought of setting a separate document root for php (if they are .html templates from one document root)? * Have you considered placing it on the proxied machine and getting your mod_perl handler to decline if it finds PHP tags (if they are all .html from one document root)? * If you : * proxy *.html on the proxy server or whatever distinguishes your mod_perl content. * catch all Files *.php on your proxy server that might do the trick. topic. I don't know what mailing list to ask this on. I'm doing distance work and living 150 km above the Arctic Circle Cool. Very Cool. Or even extremely cold. ;) I'm curious. What are you working on? Rafiq
Re: Perl Cookbook modperl chapter
On Wed, 11 Dec 2002, Nathan Torkington wrote: I need some people with brains (instead of the warm gray mush filling I also need help on content. I'm not competing with Geoff, Randy, and Current recipe list: [gnat:~] grep head1 Ora/pcb2/ch21.pod =head1 Introduction =head1 Authenticating in mod_perl =head1 Setting Cookies in mod_perl =head1 Accessing Cookie Values from mod_perl =head1 Redirecting the Browser from mod_perl =head1 Interrogating Headers in mod_perl Handlers =head1 Accessing Form Parameters from mod_perl =head1 Receiving Uploaded Files in mod_perl how about: * How to Bench Mark in mod_perl * Using TT2 in Modperl and why it's so much better than everything else? ;) Apache::Template's plugin and go? * How to prepare my legacy cgi scripts to run under Apache::Registry * Setting up proxying to a mod_perl server * Using Apache::Dispatch to relate handlers to uris. * Separating presentation, business logic and control? (PageKit?) * Moving your code to work under mod_perl 2? * uri encoded sessions? * using soap transport through mod_perl? Soap::Transport::HTTP, or whatever.. * internal and external redirects * Why am I getting 2 http headers sent? * Using .. bored now. * debugging That sort of thing. r.
