[Catalyst] Advent calendar
Hi all The advent calendar is looking a bit thin for the rest of the month right now, and this year today's entry (10) is about the best I can do, because I've been doing very little software development this year. There are a couple of half finished entries, and a few stubs, but nothing else. So firstly I'd like anyone who wants to contribute to the advent calendar to join #catalyst-dev on irc.perl.org. Secondly, if you want to write a minimal test case application for some scratch you've had to itch, I can find someone to wrap some words around it for you, so long as you're available on irc to answer questions during some of your normal waking hours. Thirdly if you want to volunteer to wrap words around code, get in touch. I'm kd on #catalyst-dev, and jshirley (and maybe jrockway so long as you plug his book ;-) ). I really really really want to see an openid authentication example this year. Next year we should have a provider recipe so big kudos to anyone who can provide me with either an minimal working app and/ or words to wrap around it. --- We haven't got a king, we're an anarcho-syndacalist commune. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Date field error
Kalman Kiss wrote: Hi, im using FormFu through Catalyst::Controller::HTML::FormFu and i get an exception, when i include the following date field spec in the yml file: Forget it, i souldnt put a dash before the prefix settings. Sorry for the noise, Kami ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] error handling
Hi,all. Can anyone eplain me a bit about error handling. Where i can catch it and when? I use this: MyApp::C::MyController sub auto : Private { my ($self, $c) = @_; if ($c-error) { $c-stash-{error} = Critical ERROR!! ; $c-forward('/error'); $c-error(0); return 0; } } This works but then all my subs in this controller are redirected to /error. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] error handling
$c-error is a arrayref or not? So you must do this: if( @{$c-error} ) { ... } Angel Kolev schrieb: Hi,all. Can anyone eplain me a bit about error handling. Where i can catch it and when? I use this: MyApp::C::MyController sub auto : Private { my ($self, $c) = @_; if ($c-error) { $c-stash-{error} = Critical ERROR!! ; $c-forward('/error'); $c-error(0); return 0; } } This works but then all my subs in this controller are redirected to /error. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/ -- Mit freundlichen Grüßen Felix Antonius Wilhelm Ostmann -- Websuche Search Technology GmbH Co. KG Martinistraße 3 - D-49080 Osnabrück - Germany Tel.: +49 541 40666-0 - Fax:+49 541 40666-22 Email: [EMAIL PROTECTED] - Website: www.websuche.de -- AG Osnabrück - HRA 200252 - Ust-Ident: DE814737310 Komplementärin: Websuche Search Technology Verwaltungs GmbH - AG Osnabrück - HRB 200359 Geschäftsführer: Diplom Kaufmann Martin Steinkamp -- ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] using Catalyst with legacy cgi scripts
On 7 Dec 2007, at 19:53, Ashley Pond V wrote: Please do put this up. I can definitely see using it (maybe on something right now) and I think many others would end up using it in a Registry.pm-like way to segue into a shinier codebase. Any new trails on the migration path to Cat help everyone eventually b/c it will build up the community. OK. Can someone bootstrap the Catalyst way of testing Controller code please? I can add the code specific testing, but I don't really know how to test a controller properly. I'm happy to add documentation, the Module::Install and maybe even an advent entry. Can I have a commit bit for this portion of the svn tree? Ton http://www.altinity.com UK: +44 (0)870 787 9243 US: +1 866 879 9184 Fax: +44 (0)845 280 1725 Skype: tonvoon ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Advent calendar
On Mon, 2007-12-10 at 19:25 +1100, Kieren Diment wrote: I really really really want to see an openid authentication example this year. Next year we should have a provider recipe so big kudos to anyone who can provide me with either an minimal working app and/ or words to wrap around it. There is no clean way to do OpenID right now. Regards, Jonathan Rockway signature.asc Description: This is a digitally signed message part ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] ANNOUNCE: New Catalyst-Powered Site: Mister Poll
Hello! I'd like to announce a relaunch of my web site, Mister Poll, which is now powered by Catalyst / DBIC: http://www.misterpoll.com/ I've actually been running the site for 10 years now. It started out as CGI (of course) and has been mod_perl for many years now. When I finally decided to rewrite the blessed thing from the ground up, I chose Catalyst. I'm quite glad I did. For those who may be interested, it is now running on Linux, MySQL 5.0, Catalyst, DBIC, lighttpd + FastCGI. Many thanks to all of you on this list (and the DBIC list), who have either helped me directly or indirectly through the archives. My gratitude to everybody who has contributed to produce this software as well. It's a great benefit to the Perl community. Mark ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] ANNOUNCE: New Catalyst-Powered Site: Mister Poll
On Dec 10, 2007 11:52 AM, Mark Blythe [EMAIL PROTECTED] wrote: Hello! I'd like to announce a relaunch of my web site, Mister Poll, which is now powered by Catalyst / DBIC: http://www.misterpoll.com/ I've actually been running the site for 10 years now. It started out as CGI (of course) and has been mod_perl for many years now. When I finally decided to rewrite the blessed thing from the ground up, I chose Catalyst. I'm quite glad I did. For those who may be interested, it is now running on Linux, MySQL 5.0, Catalyst, DBIC, lighttpd + FastCGI. Many thanks to all of you on this list (and the DBIC list), who have either helped me directly or indirectly through the archives. My gratitude to everybody who has contributed to produce this software as well. It's a great benefit to the Perl community. Mark Many congrats Mark! Glad to see another Cat site make the push out. ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] Remember Me?
What's the current thinking about those remember me checkboxes on login forms that basically allow users to return to the site and automatically log in? I wonder how useful they are compared to just letting the browser save the login information and pre-fill the login form on return. Do they still add needed functionality that outweighs any reduction in security by offering the feature? So, the question is about security. Say the application is mostly non-SSL, but the login form is an SSL post. So the login credentials are never sent in plain text. But the cookies are returned non-SSL. Since some pages are non-SSL then the session cookie is sent in plain text and could thus be hijacked. I use session cookies so they do go away when the browser is closed or the logout link is selected. On the other hand, the remember me cookie persists for some number of days -- and provides password-less login. So, if this cookie is hijacked then an attacker can gain access for quite some time. On suggested solution is to change the cookie's value each time it's used to login. This is to limit the usefulness of a hijacked cookie. Of course, there's the window of time between stealing the cookie and the real user logging in again where the attacker has access. The page linked below extends that process to include a series number so that if a cookie is used out of sequence it's assumed there's been a stolen cookie and the application then sends a big fat warning to the user and destroys all remember me tokens for that series. Of course, by that time the damage may already be done. http://jaspan.com/improved_persistent_login_cookie_best_practice I'm somewhat against big fat warnings since I'm not so sure what the user can do with them, anyway. Perhaps the best solution it to make the logged in part of the site all SSL so that cookies are never on the wire unencrypted. Or maybe use two cookies to manage the remember me feature -- one non-SSL that flags that a remember me cookie may be available and when detected redirect to SSL to read that cookie and preform the auto login. But, then I'm back to wondering if the feature is worth all that trouble. -- Bill Moseley [EMAIL PROTECTED] ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/