Re: Doing Authorization using mod_perl from a programmers perspective

2001-11-15 Thread fliptop 

Jon Robison wrote:
 
 The most relevant section for you is the Ticket system he describes. (I
 believe the section header says something about Cookies, but you'll know
 you have the right one when you see TicketAccess.pm, TicketTools.pm, and
 TicketMaster.pm. One nice addition is the ability to add encryption to
 the Ticket, and the fact that the author used an MD5 hash (of an MD5
 hash!) in the cookie, so verification of the authenticity of the user is
 pretty solid so long as you leave in things like ip address, etc. which
 he uses in the cookie by default. (Although AOL and some proxy systems
 might cause this to be trouble).  AND, he also uses a mysql db for the

i have found that using the HTTP_USER_AGENT environment variable instead
of ip address solves the problem with proxy servers and the md5 hash. 
anyone ever tried this as a simple workaround?

Re: Doing Authorization using mod_perl from a programmers perspective

2001-11-16 Thread fliptop 

Joe Breeden wrote:
 
 How does this work in an environment with two (or more) computers with the
 exact same configuration, and probably the same HTTP_USER_AGENT behind the
 same proxy? How do you know that one user isn't using another users session?

you don't.  the session hijacker still would need to know the real
user's username, password, and HTTP_USER_AGENT configuration.  my point
was that this solves the problem of using the ip address in the md5 hash
when the client is behind a proxy server.

Re: Tips tricks needed :)

2001-12-19 Thread fliptop 

[EMAIL PROTECTED] wrote:

 
 1. Regarding the switch to postgresql, I think that's a good choice. Just pay
 attention to postgresql's data types, and try to get your fields types and
 lengths correct the first time if possible. It doesn't completely support the
 ALTER TABLE command, so changing column types can be a pain, although it's still
 possible. The other thing is that SQL syntax might be slightly different in a
 few cases, though it's been too long since I used MySQL to remember any
 examples. Postgresql's web site has some tips for switching, I think at
 http://techdocs.postgresql.org.


something i'll add to that - if your new postgresql db will have foreign 
keys, and you previously didn't have any code written to guarantee your 
data's integrity in mysql, then you probably won't be able to import all 
your data without some massaging (unless you're sure your data's 
integrity is ok).  i wholeheartedly second wes' statement that switching 
to postgresql is a good choice.

Re: [OT] Moving WYPUG

2002-02-15 Thread fliptop 

Jonathan M. Hollin wrote:

 I now need to install some Perl modules (DBD-MySql, Image-Magick, etc).
 Under ActivePerl on WYPUG's current Win2K box, I would simply use the
 Perl Package Manager (PPM) to download and install these modules.  Is
 there an equivalent under Unix?  If not, what's the best way to install
 modules?  In short, what do I need to know?
 
 A step-by-step guide would be great (I'm a 100% Unix newbie), but I
 would also be extremely grateful for pointers to the relevant docs,
 URI's, etc.


i'll toss in my $0.02 here - if you're running redhat, you can use 
makerpm.pl to generate rpm's from your cpan source code.  i use this all 
the time and have never had a problem.

http://www.perl.com/cs/user/query/q/6?id_topic=61

the version of makerpm.pl you find may not work with rpm version 4.0 or 
higher, this will fix that:

572c572
   } elsif ($rpm_version =~ /rpm\s+version\s+3\.+/i) {
---
} elsif ($rpm_version =~ /rpm\s+version\s+3|4\.+/i) {

Re: Apache::Registry question

2002-03-30 Thread fliptop 

Kirk Rogers wrote:

 How do i configure the httpd.conf file to maintain two different cgi-bin
 directories with Apache::Registry?  Not sure if I'm asking the question
 correctly so here's a quick explanation.
 
 I have two cgi-bin directories under one Virtual host:


this way works for me:

VirtualHost 1.2.3.4
   ServerAdmin  [EMAIL PROTECTED]
   DocumentRoot /path/to/doc/root
   ServerName   www.whatever.com
   ServerAlias  whatever.com
   ScriptAlias  /cgi-bin/ /path/to/cgi-bin/

   Directory /path/to/cgi-bin
 AllowOverride None
 Options   ExecCGI
 Order allow,deny
 Allow from all
 SetHandlerperl-script
 PerlHandler   Apache::Registry
   /Directory

   Directory /path/to/some/other/cgi-bin
 AllowOverride AuthConfig
 Options   ExecCGI
 Order allow,deny
 Allow from all

 Files somefile.cgi
   AuthName  Restricted Area
   AuthType  Basic
   AuthUserFile  /path/to/users/file
   require   valid-user
   SetHandlerperl-script
   PerlHandler   Apache::Registry
 /Files
   /Directory
/VirtualHost

Re: the cookbook review on perl.com

2002-04-26 Thread fliptop 

Jon Robison wrote:

 No it is not. It should read not so great if you need your hands held.


i think he was referring to the fact that you spelled grammar incorrectly.

Re: RPM for apache/mod_perl/mod_ssl

2002-06-05 Thread fliptop 

Fran Fabrizio wrote:

 
 We're currently struggling for an easy way to distribute our 
 apache/mod_perl/mod_ssl-based application to our data center folks who 
 are in a different state and whom we must presume know nothing about 
 apache, mod_perl or mod_ssl and are capable of nothing more complicated 
 than using RPM to install/update a package. 
 As such, does there exist such a thing as an RPM that installs apache 
 with mod_perl AND mod_ssl enabled?  I presume this would also have to 
 include openssl.  I can only imagine what a pain it would be to create 
 this beast, but if it's been done, I'd like to give it a try.


what o/s and version are you running?

i have an rpm for apache 1.3.22, mod_perl 1.26, and mod_ssl 2.8.5 that i 
run on redhat 6.2.  i'd be glad to give you the .src (or the .rpm if you 
also run redhat 6.2) if you would like it.

or, i could just give you the .spec if you'd like to build a new rpm 
with the latest versions.

Re: RPM for apache/mod_perl/mod_ssl

2002-06-06 Thread fliptop 

Fran Fabrizio wrote:

 
 In the spirit of the teach a man to fish proverb (sorry if that's a 
 random reference), maybe I should really be asking what's involved in 
 making such an rpm? 
 Is it a case of just figuring out which files are installed by 
 openssl/mod_ssl/mod_perl/apache and making a big ole spec file, or is 
 there some configuration magic that needs to happen?
 
 If this is straying too far off-topic I'll take the discussion off-list, 
 but I really should learn how to do this properly for myself.


it probably is ot, so i'll make this short.  a good place to start is

http://www.rpm.org/max-rpm/

Re: Sending Mail

2002-06-13 Thread fliptop 

Jon Robison wrote:

 Can MIME::Lite do attachments?


yes, it can.  install it, then read

perldoc MIME::Lite

for info on how.

Re: Perl Configured VirtualHost question

2002-10-30 Thread fliptop 
On Wed, 30 Oct 2002 at 02:24, [EMAIL PROTECTED] opined:

:Typically my manually configured vhosts look like this :
:
:NameVirtualHost 10.0.0.20:80
:
:VirtualHost 10.0.0.20:80
:  ServerName BladeBla.com
:  DocRoot 
:  ...
:  ...
:/VirtualHost
:VirtualHost 10.0.0.20:80
:...
:/VirtualHost
:
:This works great for my statically configured hosts. How 
:do you accomplish this same VHost scheme wheh configuring 
:via perl? Each %VirtualHost key is a single server and I 
:am so far unable to assign multiple values ( array ref? ) 
:to a single key (the IP assigned in NameVirtualHost).

do you have the eagle book?  how to do this is documented on page 418.  
you are correct, use an array ref, with each value being a hash ref, one 
for each virtual host:

my @config = (
  { ServerName = 'one.fish.net',
ServerAdmin = '[EMAIL PROTECTED]',
etc },
  { ServerName = 'red.fish.net',
ServerAdmin = '[EMAIL PROTECTED]',
etc }
);

$VirtualHost{'192.168.2.5'} = \@config;

Re: [OT] use http-equiv to refresh the page

2002-11-06 Thread fliptop 
On Tue, 5 Nov 2002 at 22:52, Chris Shiflett opined:

[snip]
CS:The W3C's stance on refresh is the same for the header as well as the 
CS:meta tag: they did not originally intend for it to be used to specify a 
CS:*different* URL as a rudimentary method of redirection. They meant it to 
CS:be used to refresh the current resource only. However, this rogue 
CS:practice of redirection is quite common with both the header and the 
CS:meta tag and is very well supported by browsers. In fact, I am not aware 
CS:of any Web client that supports refresh but also limits the URL to the 
CS:current resource only.

i was bitten by this assumption recently.  case in point:

i needed to develop a way to display several images as a slideshow using
plain html files.  i would glob the images, and in each html file i
inserted a meta refresh that would load the next image in the series after
a 7 second delay.  since the html files were eventually going to be burned
to a cd, i had to point to each new file as such:

meta http-equiv=refresh content=7;file02.html

because i cannot always assume to know the user's cd-rom drive
designation.  this worked fine in netscape and mozilla, but did not work
at all in internet explorer versions previous to 5.5.  in older versions
of ie, it simply refreshed the current page after the 7 second delay, no
matter what was put after the semicolon in the content attribute.  so i
had to include instructions for the users that if they used internet
explorer, they must upgrade to at least version 5.5 for the slideshow to
work.  of course, i had tested the app on ie 5.5, so i didn't discover
this myself until a user contact me and complained the slideshow wasn't
working.

and you'd be surprised how many old versions of ie are being used out 
there.