Setting cookies in service overloader thingo

2008-05-17 Thread Bluebie, Jenna
I'm implementing a simpler version of the Cookie Session Store in Rails 2.0. If you know what that is, skip the next paragraph. A cookie session store stores the session data inside cookies, on the client, and signs them using a secret string, hashed together. The user can decode the

Re: Setting cookies in service overloader thingo

2008-05-17 Thread Bluebie, Jenna
I haven't read through all of camping yet, I only started playing with it seriously a few days ago, so I don't know where might be a better place for it. Maybe whatever it is which calls service could do the cookies. it would be nice if there was a way to set cookies long term too,

Re: Camping-Omnibus Doesn't Work With Ruby v1.8.6

2008-05-17 Thread Bluebie, Jenna
Yeah, and because ruby 1.8.6 comes with Mac OS X Leopard, that's probably scaring plenty of people (me included!) — Jenna “The Omnibus” Fox On 18/05/2008, at 2:40 AM, zimbatm wrote: Ok noted, it should probably be fixed once camping is released on rubyforge 2008/5/10 Trevor Johns [EMAIL

Sample Code, quick simple openid auth

2008-05-18 Thread Bluebie, Jenna
You'll need to install the 'openid' gem for this, and require it in your camping app: class Login R '/login' def get this_url = 'http:' + URL('/login').to_s unless input.finish.to_s == '1' # start doing the auth here begin oid_request

Re: Sample Code, quick simple openid auth

2008-05-20 Thread Bluebie, Jenna
, May 20, 2008 at 7:30 AM, Bluebie, Jenna [EMAIL PROTECTED] wrote: Also, here's a simple way to stop XSS dead! http://code.whytheluckystiff.net/camping/wiki/XssBeGoneWithSessions — Jenna is hoping all this will earn here some oats! Fox ___ Camping-list

Re: Sample Code, quick simple openid auth

2008-05-20 Thread Bluebie, Jenna
controllers which you'll find 3 replies ago. Encrypting cookies wont change that issue one bit. On 20/05/2008, at 7:01 PM, Magnus Holm wrote: Cookies can be stealt. I'm protecting you against yourself :-P 2008/5/20, Bluebie, Jenna [EMAIL PROTECTED]: Sure, but if you're building an app

Re: Rack, Camping 2.0++

2008-05-22 Thread Bluebie, Jenna
I really think shorter escaping methods are important, see if you can't include Rack::Utils or something Aside from that, it all sounds yummy! On 22/05/2008, at 8:32 PM, Magnus Holm wrote: If you're going to build cookie sessions in to the core, it should either do the rails thing of using

Re: An issue for consideration

2008-05-23 Thread Bluebie, Jenna
This should help. include Camping::ControllerSecurity in your controllers module or your Camping (or whatever Camping.goes has turned it in to) module, after requiring this: module Camping module ControllerSecurity def service(*a) @method = 'get' unless ['get', 'post', 'delete',

Re: Camping 2.0 - What's left?

2008-05-25 Thread Bluebie, Jenna
I forgot to mention though, the signing just stops users from changing the session data without the server knowing, it doesn't stop them from reading it. Any data in the session when using the cookie sessions store only needs to be base64 decoded and unmarshaled with ruby to find out

Re: Messy Cookies

2008-06-06 Thread Bluebie, Jenna
Judofyr: This isn't a question to ask _why. It simply cannot be done. Stealing cookies is not the same thing as XSS, and locking cookies to an IP address will not stop XSS at all. Locking cookies to an IP address (as I wrote in my git commit where I removed it) will lock out AOL users, and

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-14 Thread Bluebie, Jenna
Could you show us the .htaccess please? :) ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-14 Thread Bluebie, Jenna
Also, is it possible that you could simply rename dispatch.cgi to something like 'appname' and use htaccess to grant that file cgi execution type permissions? Or does this need to be on the root of a domain? ___ Camping-list mailing list

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-14 Thread Bluebie, Jenna
can you please try adding to htaccess SetEnv SCRIPT_NAME /path/to/app Assuming your dispatch is in /path/to/app/dispatch.cgi Let us know what happens! ___ Camping-list mailing list Camping-list@rubyforge.org

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-14 Thread Bluebie, Jenna
No wait, this is even better, at the end of your RewriteRule, put: [env=SCRIPT_NAME:/path/to/app] Let us know what happens! ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-14 Thread Bluebie, Jenna
I really do think we should build in the SCRIPT_URL || SCRIPT_NAME thingo. This is going to be a relatively common situation. Totally worth the bytes. ___ Camping-list mailing list Camping-list@rubyforge.org

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-14 Thread Bluebie, Jenna
We are talking about cgi here, not fast cgi. Specifically CGI's interactions with mod_rewrite in apache. ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list

Re: Troubleshooting: Camping 2.0 on CGI on a shared host

2008-07-16 Thread Bluebie, Jenna
Just add it :) ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list

Backwards compatibility broken with URL()... for the better?

2008-07-20 Thread Bluebie, Jenna
In 1.5, to get a full url to ones camping app, you had to do: this_url = 'http:' + URL('/some_action').to_s Useful, for instance, in my openid consumer sample code, to give the openid doodad a return address But in camping 1.9 off jud's gems, URL now returns actual url's with http: and

Re: Backwards compatibility broken with URL()... for the better?

2008-07-21 Thread Bluebie, Jenna
I thought your gems were based on your tree, not _why's? My mistake? ___ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list

File uploads

2008-07-21 Thread Bluebie, Jenna
NoMethodError undefined method `tempfile' for # That sure is odd... I guess in Camping 2.0, uploads are not a Camping::H. Can we please change Camping::H to output ::H's instead of the original value when the original value is_a?(::H) That be good. Recursive yumminess. Doesn't solve hashes

Re: Form File Uploads

2008-08-27 Thread Bluebie, Jenna
If you're using Camping 2.0 stuff off github, file uploads work exactly as they do in regular rack, so search around for rack upload examples. :) In camping 1.5, it works quite similarly, like this: input.fieldname.tempfile.length #= how many bytes long it is input.fieldname[:type] #=