Re: Memory leak on reload when the 'Pg' driver is preloaded

2002-10-16 Thread Juha-Mikko Ahonen 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 16 October 2002 20:25, Keith G. Murphy wrote:
 By should, do you mean that the problems with the loadable module
 overall are so well-known that no one in his right mind should ever
 use it?

Yes. The problems with DSO mod_perl are well known. It works perfectly 
when build staticly into Apache, though. Install apache-perl package 
instead of apache and libapache-mod-perl. Everything works with it as 
it would on normal Apache. After migrating to apache-perl, remove the 
LoadModule for mod_perl from your Apache configuration.

 Might it be related to the Perl-malloc problem cited here:

 http://apache.perl.org/docs/1.0/guide/install.html#When_DSO_can_be_Us
ed

 If either of the above or true, seems like Debian needs to quit
 distributing libapache-mod-perl.

The problem is not Debian-related, so it won't justify removing the 
package from Debian.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9raVtnksV4Ys/z5gRAt+TAJwOZXcdnVNoLWLza7NU6eOpCOB+dQCdEliU
VDvG6M+qI88/RN/jj7KsCC0=
=0/Bl
-END PGP SIGNATURE-

Re: Memory leak on reload when the 'Pg' driver is preloaded

2002-10-16 Thread Juha-Mikko Ahonen 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 16 October 2002 22:52, Keith G. Murphy wrote:
 It's not like it was an obvious problem: I only got the DSO to leak
 when loading the Pg driver.  That's pretty obscure.

Have you tried to connect() without loading the Pg driver first? E.g. 
$dbh = DBI-connect('dbi:Pg:dbname=foo;host=bar', 'user', 'pass');

It would help eliminate if the leak is caused by your startup script. If 
it is, it may be the DBI module that's leaking memory.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9rcZ5nksV4Ys/z5gRAjBQAJwKOUuu4B14yLe1msSNekI0mnPvdACdFMOe
TFLM0arS4L177Y+OuJMAUgM=
=GsvK
-END PGP SIGNATURE-

Re: Memory leak on reload when the 'Pg' driver is preloaded

2002-10-18 Thread Juha-Mikko Ahonen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

 OK, it gets weirder.  The following script produces the leak.  If I
 comment out the install_driver line, I get a big old segfault!  Same
 if I comment out the Apache::DBI line in addition.  This works with
 plain apache, or apache-ssl.

 #!/usr/bin/perl
 use strict;
 use Apache::Status ();
 use Apache::DBI ();
 DBI-install_driver('Pg');
 1; #return true value

I looked into it with the following setup:
apache 1.3.26-0woody1
libapache-mod-perl 1.27-2 
postgresql 7.2.1-2woody2

There was a Test.pm module handling all requests for /. It opened a 
connection to the database and fetched a couple of rows.

With DBI-install_driver('Pg'), the Apache processes stayed at 8.4 MB. I 
bombarded the Apache with ApacheBench and multiple SIGUSR1 but I found 
no memory leaks. The process sizes did not change.

 If I comment it all out including the Apache::Status line, I get
 neither the segfault or the leak.  (Well, small leak, a few bytes).

Without the install_driver() in place, everything worked as well. The 
Apache processes stayed at near 6 MB. No segfaults. No problems.

 So the install_driver masks a bigger problem with Apache::Status?
 That's just too weird.  But true, I swear.

 Is there anyone else out there with Debian stable w/
 apache+libapache-mod-perl who can try to reproduce this simple case?
 I'd really like either a confirmation or a counterexample.  If the
 latter, I'd chalk it up to a weirdness on my system (and probably not
 even pursue it, since I've moved on to the static version).  I'm
 pursuing it this far so Dan J. might get some useful feedback.

I'm pretty tired at the moment, so there might have been something I 
mislooked. I'll give it another look tomorrow. At work, where I don't 
have any distractions :)

It's pretty odd, in my view, that the Apache processes which did not 
preload the Pg driver were smaller.

Keith, could you post results to modperl list if people at debian-isp 
come to a different (or to the same) solution. I'm not subscribed to 
the list.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9rxEXnksV4Ys/z5gRAqlBAJ9xKgkCmCxsg8huo/C1N0uk2XKSowCgoCdr
FdyuRGCkZvDifk5fyqfOcdo=
=im3K
-END PGP SIGNATURE-

Re: use http-equiv to refresh the page

2002-11-12 Thread Juha-Mikko Ahonen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wednesday 06 November 2002 15:19, Eric L. Brine wrote:
 HTML 4.01 also has a section on META and http-requiv. However, the
 only reference to refresh is: Note. Some user agents support the
 use of META to refresh the current page after a specified number of
 seconds, with the option of replacing it by a different URI. Authors
 should __not__ use this technique to forward users to different
 pages, as this makes the page inaccessible to some users. Instead,
 automatic page forwarding should be done using server-side
 redirects.

All the HTTP-EQUIV meta tags are relics from static HTML pages. The HTTP 
server (eg. Apache) reads meta tags from HTML pages and appends all 
meta tags with HTTP-EQUIV to outgoing HTTP headers. This feature is not 
available for dynamic content; dynamic pages must set their own 
headers.

 I'm guessing this is because http-equiv is designed to hold an HTTP
 header, but there is no such thing as an Refresh header in HTTP.

There is a Refresh header in HTTP. It's syntax is the same as for the 
HTTP-EQUIV meta tag.

 So http-equiv=refresh is no longer standard. Of course, this is all
 theoretical. In practice, too many people are not easily swayed by a
 measily thing such as a standard.

UAs are not required to deal with meta tags which contain HTTP-EQUIV 
content. Both Internet Explorer (at least 6, v6+ may also support them 
in quirk mode) and Netscape/Mozilla should interpret them if the server 
does not include them in the real HTTP headers. Some UAs don't do this, 
eg. Konqueror, and support for them might go away any time without 
notice, so it should not be used.

The CGI module enables the programmer to add arbitrary HTTP headers with 
the syntax

header(
-type = 'text/html',
-refresh = '0; url=http://www.address.com/'
);

See 'perldoc CGI' for more information.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE90OTjnksV4Ys/z5gRAhTxAJ9tv49KSvNt0JRbzf2Uws+wiOIM4ACfdzDX
zhojTxLkGITTQT8MkAVACIg=
=fQe4
-END PGP SIGNATURE-

Re: stopping concurrent logins

2003-04-04 Thread Juha-Mikko Ahonen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thursday 03 April 2003 20:33, Perrin Harkins wrote:
 Of course you could also just totally prevent people from logging in
 again if there is already an active session for that user, but that
 will cause problems because your sessions will not get invalidated if
 a user shuts down his browser or crashes his machine.

We did just this on our secure server. My boss was worried our customers 
might share their login accounts (for which they had to pay), so we set 
up the login authentication so, that only one session could be logged 
in at any given time.

The sessions timed out in a couple of hours, so losing the cookie would 
not cause permanent loss of access. We later added a button to log out 
other sessions, if correct user name and password was given for an 
already open account. After which the user had to login again.

The user authentication information was stored into a cookie. The cookie 
was stored also on the server. Each time the user accessed the secure 
server, his cookie was verified against the one stored on the server 
(plus, of course, verifying that the cookie was valid and authorised to 
access whatever resource he was trying to access). If the cookie 
matched the one stored on the server, access was granted. If, however, 
the cookie did not match, the server immediately expired the user 
cookie and presented a login screen. If he was able to log in, the 
button to log out the other session would appear, but no cookie was 
sent to the user, meaning he would need to provide the authentication 
credentials again.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+jdRrWD8Ca88cV68RAh0CAKCJDGoh0hf864clmwzamz4gChmhsQCfZua1
fLXzhdGbdgzN5zd11LtSHeQ=
=2/M8
-END PGP SIGNATURE-

Re: Convert Cookies--HTTP Request Headers?

2003-04-05 Thread Juha-Mikko Ahonen 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Saturday 05 April 2003 00:10, Kruse, Matt wrote:
 For every request to Apache:
   1. Parse the cookie coming in via the request header
   2. Pull out each value (ex: NAME=bob;TITLE=boss)
   3. Convert them to HTTP Request Headers
   4. Pass the request on to the requested resource (a script of some
 sort)

You'd need to write PerlHeaderParserHandler for that.

 So, if I have a cookie like: NAME=bob;TITLE=boss
 My program would then see the following headers in the request:
   HTTP_NAME=bob
   HTTP_TITLE=boss

Why name NAME to HTTP_NAME? Or do you want the cookie content to appear 
in subprocess environment (which has similar naming convention), like 
other server variables?

 This will help me simulate a Single-Sign-On situation where the
 authentication handler passes all authenticated user information to
 the resource via headers.

 Can anyone help me by either:
   1. Giving an outline of what handlers I would want to use, and how
 I can write request headers with them
 or

The header parse phase would be ideal, since you're parsing headers. 
PerlInitHandler is an alias PerlHeaderParserHandler in .htaccess files.

   2. Writing some sample code :)

package Your::SSOHandler;

use strict;
use Apache::Constants qw(:common);
use Apache::Cookie;

sub handler {
my $r = shift;
my $in = $r-headers_in;
return DECLINED unless $in-{'Cookie'};
my $cookies = Apache::Cookie-parse($in-{'Cookie'});
return DECLINED unless $cookies{'YourAuthenticationCookie'};

my %values = $cookies{'YourAuthenticationCookie'}-value;
my $env = $r-subprocess_env;

while (my ($key, $value) = each %values) {
my $h_key = 'HTTP_' . uc($key);
$in-{$h_key} = $value;
$env-{$h_key} = $value;
}

return OK;
}

1;

in httpd.conf (or .htaccess), put the following line where approppriate:

PerlModule Your::SSOHandler
PerlHeaderParserHandler Your::SSOHandler

Or something like that. Cutting and pasting may cause parse errors on 
incompatible windowing environments :)

 NOTES:
   1. I'm running Apache 2.0 and mod_perl 2 right now, but I can bump
 it down if required

I don't know much about the differences in mod_perl 1 vs 2. These 
handlers work at least for Apache/mod_perl 1.

   2. I've already used mod_headers to simulate this, but
 unfortunately that isn't dynamic enough for testing, ie, I need to
 change httpd.conf and re-start the server to test different header
 scenarios.

For testing you could make the handler module stat and evaluate contents 
of an external Perl file. Put your code on the file to be evaluated, 
and avoid restarts.

Or simply sending SIGUSR1 to the Apache parent process should be enough 
for it to restart child processes and reread configuration.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+jp7eWD8Ca88cV68RAuBAAJ9u0KWd2bAsHrYes/DXtareCYi00gCgkIEC
o8OTRNmghIHRUhJZAqX+gbs=
=YCIq
-END PGP SIGNATURE-