Ya, exactly. /item/3 isn't really the request -- it's plus /item/3. Does adding a *second* md5 hash do
much more good?
well ..session id would authorize user to use the application . we
would need additional query to determine if "/item/3/view" is
accessible to user. something like "item.use
After spending the past two hours looking through code etc, I finally
discovered this was a bug of my own making. Basically, I've written a custom
little FormBuilder controller module that loads .pm files with formbuilder
specs. As part of that, it specified that it wanted { params => $c->req },
Bill Moseley wrote:
Last time I checked there were an infinite of integers. (And I'm not
planning on counting them again.)
I feel that we are talking past each other. Perhaps I was insufficiently
clear in my writing.
I don't have a special preference for alphabetic strings over numeric
stri
One more thing, can you set the environment variable
CATALYST_HTTP_DEBUG=1 and then run through your bad POST? This
should give some helpful info.
___
List: Catalyst@lists.rawmode.org
Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
Sea
On May 18, 2007, at 5:06 PM, Mark Zealey wrote:
Catalyst::Engine::HTTP::read_chunk(/usr/lib/perl5/site_perl/5.8.8/
Catalyst/Engine/HTTP.pm:131):
131:my $rc = *STDIN->sysread(@_);
I guess cat is mis-parsing the amount of data that it expects from
the POST
command? When i turn pa
Hi,
I have found a bug with catalyst, when Catalyst::Engine::HTTP is used with
parse_on_demand set to true, and POST content. when I post, the
connection 'hangs'. if i hit esc in the browser, I get the following cat
output:
Can't call FIRSTKEY method on handle DBI::db=HASH(0x9858670) after
ta
On Fri, May 18, 2007 at 12:16:34PM -0700, mla wrote:
> Bill Moseley wrote:
> >Using md5s for images, as in your example, is fine. But if the images
> >really needed to be protected then that scheme is purely security by
> >obscurity. That's what we were talking about -- the case where some
> >use
Has anyone had trouble with POST requests not being handled by the
Catalyst App, but rather the default handler under Ap2.2.4/MP2.0.3 on
Windows (XP)?
I have a simple situation (that works correctly on the standalone
myapp-server.pl) that is pretty much a copy of the suggested setup in
the do
Bill Moseley wrote:
Using md5s for images, as in your example, is fine. But if the images
really needed to be protected then that scheme is purely security by
obscurity. That's what we were talking about -- the case where some
user might type in the next sequence and see someone else's data. I
On Fri, May 18, 2007 at 07:55:35PM +0200, Matija Grabnar wrote:
> Bill Moseley wrote:
> >What you are proposing is if item 7 is instead encoded as
> >84bc3da1b3e33a18e8d5e1bdd7a18d7a then they are less likely to try
> >other numbers because of, ... why? Because it's too daunting of a task?
> >It's
John Napiorkowski wrote:
> --- "Christopher H. Laco" <[EMAIL PROTECTED]> wrote:
>
>> Christopher H. Laco wrote:
>>> Jamie Neil wrote:
Can anyone tell me the best way of wrapping a non
>> catalyst perl module
in a Catalyst Model?
I'm trying to setup the following stack:
>>>
Matija Grabnar wrote:
> Bill Moseley wrote:
>> What you are proposing is if item 7 is instead encoded as
>> 84bc3da1b3e33a18e8d5e1bdd7a18d7a then they are less likely to try
>> other numbers because of, ... why? Because it's too daunting of a task?
>> It's a big scary md5 instead of a primary key?
Bill Moseley wrote:
What you are proposing is if item 7 is instead encoded as
84bc3da1b3e33a18e8d5e1bdd7a18d7a then they are less likely to try
other numbers because of, ... why? Because it's too daunting of a task?
It's a big scary md5 instead of a primary key?
Well, in a way. Because the sp
--- "Christopher H. Laco" <[EMAIL PROTECTED]> wrote:
> Christopher H. Laco wrote:
> > Jamie Neil wrote:
> >> Can anyone tell me the best way of wrapping a non
> catalyst perl module
> >> in a Catalyst Model?
> >>
> >> I'm trying to setup the following stack:
> >>
> >> MyApp::Controller::Widget
>
On Fri, May 18, 2007 at 04:10:13PM +0100, Matt S Trout wrote:
> http://markkeating.me.uk/catror/
Nice. Upvote @ reddit:
http://programming.reddit.com/info/1rqhe/comments
Regards,
Jonathan Rockway
___
List: Catalyst@lists.rawmode.org
Listinfo: http://
Christopher H. Laco wrote:
> Jamie Neil wrote:
>> Can anyone tell me the best way of wrapping a non catalyst perl module
>> in a Catalyst Model?
>>
>> I'm trying to setup the following stack:
>>
>> MyApp::Controller::Widget
>> MyApp::Model::Widget
>> MyApp::Logic::Widget
>> MyApp::Schema::DB
>>
>>
Mike Whitaker wrote:
I may arrange a bulk order for UK folk, since the shipping's about
$7/shirt. Need to get 15+ of the same item to make that sensible, though.
OK, count me in for a T-shirt for starters. Possibly a childrens' one as
well.
--
Richard Jones
**
On Fri, May 18, 2007 at 05:31:51PM +0200, Matija Grabnar wrote:
> I see another use to obfuscating **part** of the URL: when you have
> things you don't want the users enumerating. Like where you have
> edit-item/(itemnumber). You DON'T want itemnumber to be a global counter
> (for instance, the
On May 18, 2007, at 9:46 AM, Jonathan T. Rockway wrote:
Obscurity is a "constant factor". As soon as one person figures out
your obfuscation, it's useless. When someone figures our your real
security, it does them no good at all. Since there are 6_000_000_000
people in the world, it's likely
--- Richard Jones <[EMAIL PROTECTED]> wrote:
> Having struggled to get my actions to match my urls
> the way I (think) I
> want, it was suggested in another thread that I put
> one or more action
> methods in the Root controller. I would be
> interested in opinions about
> what should/should n
Jamie Neil wrote:
> Can anyone tell me the best way of wrapping a non catalyst perl module
> in a Catalyst Model?
>
> I'm trying to setup the following stack:
>
> MyApp::Controller::Widget
> MyApp::Model::Widget
> MyApp::Logic::Widget
> MyApp::Schema::DB
>
> where MyApp::Model::Widget is based o
On 18 May 2007, at 17:27, Richard Jones wrote:
Mike Whitaker wrote:
The Catalyst Online Store - http://www.cafepress.com/catalystdev
Very nice. You have a UK mobile prefix - are you a UK distributer?
It doesn't show shipping charges unless you're registered. And it's
probably not worth
On Fri, May 18, 2007 at 03:37:27PM +0200, A. Pagaltzis wrote:
> Just because this is a pet peeve of mine:
>
> Yes it is.
Obscurity is a "constant factor". As soon as one person figures out
your obfuscation, it's useless. When someone figures our your real
security, it does them no good at all.
Thanks to the first few shirt and mug sales, there's already enough
coming into the kitty (once it clears from CafePress) to announce the
first Catalyst SwagReward. Like the beer rewards, the payment's
dependent on a checked-in, working, documented solution, with tests,
in SVN that meets my
Having struggled to get my actions to match my urls the way I (think) I
want, it was suggested in another thread that I put one or more action
methods in the Root controller. I would be interested in opinions about
what should/should not go in the Root C. At the moment I just have login
logic i
Mike Whitaker wrote:
The Catalyst Online Store - http://www.cafepress.com/catalystdev
Very nice. You have a UK mobile prefix - are you a UK distributer? It
doesn't show shipping charges unless you're registered. And it's
probably not worth the overhead for one mouse mat anyway ;-)
--
Richar
Can anyone tell me the best way of wrapping a non catalyst perl module
in a Catalyst Model?
I'm trying to setup the following stack:
MyApp::Controller::Widget
MyApp::Model::Widget
MyApp::Logic::Widget
MyApp::Schema::DB
where MyApp::Model::Widget is based on Catalyst::Model, contains the
configur
Matt S Trout wrote:
The only use I can see for obfuscating the URL would be to convince a naive
client that your app's more secure than it is (note as Bruce Schneier says,
managing -perceived- security can be as important as managing -actual-
security, but don't confuse the two :).
I see anoth
Matt S Trout wrote:
> The other Shadowcat founder got bored and decided it was time for a skit
> of our own, albeit in comic form (dunno about him but I'm too ugly for video
> :)
Hehe. I want another CafePress beer Stein:
"Matt S. Trout: Too Ugly for Video
signature.asc
Description:
On May 18, 2007, at 10:57 AM, Dave Rolsky wrote:
On Fri, 18 May 2007, Andy Grundman wrote:
The ‚use mod_perl;‘ breaks it for mod_perl2 installations.
The Catalyst applications still work under apache2 with mod_perl2
(because MP20.pm is loaded) but Module::Install can’t find the
installed
The other Shadowcat founder got bored and decided it was time for a skit
of our own, albeit in comic form (dunno about him but I'm too ugly for video :)
You can find 'em at -
http://markkeating.me.uk/catror/
(if anybody decides to digg/reddit/whatever this please post the link here
so others can
On Fri, 18 May 2007, Andy Grundman wrote:
The ‚use mod_perl;‘ breaks it for mod_perl2 installations.
The Catalyst applications still work under apache2 with mod_perl2 (because
MP20.pm is loaded) but Module::Install can’t find the installed
Catalyst::Engine::Apache version because it doesn’t l
* Matt S Trout <[EMAIL PROTECTED]> [2007-05-18 16:30]:
> On Fri, May 18, 2007 at 03:29:20PM +0200, A. Pagaltzis wrote:
> > * Matt S Trout <[EMAIL PROTECTED]> [2007-05-18 14:30]:
> > > I prefer to have my code wired up fairly explicitly for GET
> > > vs. POST but that's more an obsession with the HT
On Fri, May 18, 2007 at 03:37:27PM +0200, A. Pagaltzis wrote:
> * Chisel Wright <[EMAIL PROTECTED]> [2007-05-18 13:05]:
> > Security through obscurity isn't security at all.
>
> Just because this is a pet peeve of mine:
>
> Yes it is.
>
> Relying on obscurity as your only defense is foolish, but
On 5/18/07, Mike Whitaker <[EMAIL PROTECTED]> wrote:
> We may have to commission a mango-based ordering system.
In the end, obviously, we should sell Catalyst merchandise from a
Catalyt-based shop... however, the aim here was to get stuff out and
available, and PoD via whoever is clearly the wa
On Fri, May 18, 2007 at 03:29:20PM +0200, A. Pagaltzis wrote:
> * Matt S Trout <[EMAIL PROTECTED]> [2007-05-18 14:30]:
> > I prefer to have my code wired up fairly explicitly for GET vs.
> > POST but that's more an obsession with the HTTP and URI
> > standards than any practical concern.
>
> The R
On Fri, 18 May 2007, A. Pagaltzis wrote:
> Relying on obscurity as your only defense is foolish, but using
> it as a supplemental layer on top of a defense in depth is
> generally wise.
Ah you mean like http://xkcd.com/c257.html ?
Sorry, it's Friday :-)
Simon.
_
We may have to commission a mango-based ordering system.
In the end, obviously, we should sell Catalyst merchandise from a
Catalyt-based shop... however, the aim here was to get stuff out and
available, and PoD via whoever is clearly the way to go.
--
Mike Whitaker| Yahoo! UK Ltd - inte
On Fri, May 18, 2007 at 06:38:37PM +0530, Harshal Shah wrote:
> Hi Matt,
>
>
> sorry for misleading ..but my problem is quite similar to
> http://www.mail-archive.com/catalyst@lists.rawmode.org/msg01940.html
>
> I got it to work by keeping my auth code in "auto"
A mixture of chained, controller
* Chisel Wright <[EMAIL PROTECTED]> [2007-05-18 13:05]:
> Security through obscurity isn't security at all.
Just because this is a pet peeve of mine:
Yes it is.
Relying on obscurity as your only defense is foolish, but using
it as a supplemental layer on top of a defense in depth is
generally wi
* Matt S Trout <[EMAIL PROTECTED]> [2007-05-18 14:30]:
> I prefer to have my code wired up fairly explicitly for GET vs.
> POST but that's more an obsession with the HTTP and URI
> standards than any practical concern.
The Rails crew learned the painful way that there can be very
practical concern
On 5/18/07, Mike Whitaker <[EMAIL PROTECTED]> wrote:
Embroidered golf shirts would be cool, as would black ones, but they
don't do them yet.
We are the coordinators for the logo-wear for our kids' elementary school
(they call it spiritwear), so I have connections in the on-demand embroidery
i
Hi Matt,
sorry for misleading ..but my problem is quite similar to
http://www.mail-archive.com/catalyst@lists.rawmode.org/msg01940.html
I got it to work by keeping my auth code in "auto" ..its just that ..I had
seen a mod_perl application ..which use to encrypt urls to add one more
level of che
On May 18, 2007, at 4:49 AM, Hartmaier Alexander wrote:
Hi!
The ‚use mod_perl;‘ breaks it for mod_perl2 installations.
The Catalyst applications still work under apache2 with mod_perl2
(because MP20.pm is loaded) but Module::Install can’t find the
installed Catalyst::Engine::Apache vers
On Fri, May 18, 2007 at 09:33:29AM +0100, Richard Jones wrote:
> >>I also sometime see [% Catalyst.uri_for('search') %] translating to
> >>'base_url/search/search' in the template, and though ugly, it does work.
> >
> >That's cuz it generates a URI relative to the current namespace. I'd
> >general
On Fri, May 18, 2007 at 03:35:21PM +0530, Harshal Shah wrote:
> Hi Chisel,
>
> just didn't want user to see the url details.to prevent unauthorized
> access...
>
> I know authorization plugin does the same ..but i had too many rules and
> conditions..so I thought it would be lot simpler if u
On Fri, May 18, 2007 at 03:35:21PM +0530, Harshal Shah wrote:
>Hi Chisel,
>
>just didn't want user to see the url details.to prevent unauthorized
>access...
>
>I know authorization plugin does the same ..but i had too many rules and
>conditions..so I thought it would be l
On Thu, May 17, 2007 at 10:29:26PM +0100, Matt S Trout wrote:
> On Thu, May 17, 2007 at 10:59:09PM +0400, Oleg Pronin wrote:
> > Use
> >
> > sub index : Private {
> >#search code
> > }
>
> Please don't, index is a nasty hack.
>
> sub base :Path :Args(0)
Maybe Catalyst could emit something v
On Fri, May 18, 2007 at 08:29:18AM +0530, Harshal Shah wrote:
> just tryin to hide URLs from users ..
That's not good enough. Most web browsers will show the page title as
well as the URI in lists like tab lists and history. You also need to
cipher the tag on every page, to ensure your app has no
Hi Chisel,
just didn't want user to see the url details.to prevent unauthorized
access...
I know authorization plugin does the same ..but i had too many rules and
conditions..so I thought it would be lot simpler if users can't figure out
the urls ..
but i think ..its better to stick with a
Matt S Trout wrote:
> Erm. I was more thinking returning it after a prepare but with ->req
> populated.
>
> The idea for me would be for unit testing controllers/views (and any model
> code
> that uses ACCEPT_CONTEXT).
>
> Of course, if you wanted you could then call ->dispatch and then ->finaliz
On Fri, May 18, 2007 at 08:29:18AM +0530, Harshal Shah wrote:
> just tryin to hide URLs from users ..
If you don't want users to see URLs, why are you writing a web-app?
--
Chisel Wright
e: [EMAIL PROTECTED]
w: http://www.herlpacker.co.uk/
Brownian motion: the motion of money from individuals'
On 01/02/07, Matt S Trout <[EMAIL PROTECTED]> wrote:
On 1 Feb 2007, at 02:05, Michael Reece wrote:
> is there something like detach that will also set the current
> 'action' to the one being detached to?
Not until 5.80 but there's no reason you can't simply set $c->action
- it -is- an accessor
Hi!
The ‚use mod_perl;‘ breaks it for mod_perl2 installations.
The Catalyst applications still work under apache2 with mod_perl2 (because
MP20.pm is loaded) but Module::Install can’t find the installed
Catalyst::Engine::Apache version because it doesn’t load.
-Alex
smime.p7s
Descri
Matt S Trout wrote:
Couldn't render template "file error - search/search: not found"
And as documented, View::TT uses the private path to determine the default
template.
$c->stash(template => 'search');
would override that.
It does, and I'm nearly there now. Providing I set the template nam
Carl Johnstone a écrit :
Have you setup another VirtualHost for site.domain.tld?
The first VirtualHost is automatically the default for all hostnames
that don't have their own VirtualHost configured.
It was exactly that !
ServerNamesite1.domain.tld:80
DocumentRoot /var/
56 matches
Mail list logo