Re: [Catalyst] Alternatives to Catalyst ?
Oleg Pronin wrote: > Maybe it is not the bottleneck, but how many places do we have > like this that are "not a bottleneck" ? maybe the sum of all these > "mini" mistakes is the bottleneck ? NYTProf profile or it didn't happen :-) Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Alternatives to Catalyst ?
Dermot wrote: > Why wouldn't you, as you write, use the the fastest access methods > available? Surely you'd want to develop habits that will a) provide > better performance and b) as mentioned below avoid the thorny > side-effects of req->params(). This isn't a matter of premature > optimisation but simply establishing good practise. Answering this in the general case. If you know that the object is stored as a hash, yes you can access it like a hash - but that's your risk. When you upgrade your modules and it switches to being stored some other way - you get to fix all your code. That's one of the things that many perl coders like - to the degree that it's perl culture - you *can* poke inside the box if you want but you have to accept the risks that go with that. As far as other optimisations, yes it's nice to develop some good habits but you don't want that to be at the expense of maintainability. Even if you're a team of one - you will still have to come back and maintain your own code at some future time. I have plenty of code that I wrote and understood very well at the time, but is a confusing mess now! So if an optimisation doesn't impact maintenance too much it's worth turning into a habit. eg print with a list rather than using concatination Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Alternatives to Catalyst ?
Merlyn Kline wrote: > I propose that all references > to the req->param() interface should be replaced by references to the > $c->req->parameters->{} interface except where explicit discussions > of CGI.pm compatability are appropriate, which would only be very > briefly in the case of the Intro. It's not just useful for new users reading the intro with a CGI.pm background. There are other useful modules on CPAN that will process incoming request parameters, that have been designed to expect a CGI object that they can call param on. When using those modules with Cat it's handy to be able to pass the Cat Request object over to make them work the same. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Alternatives to DBIx?
kevin montuori wrote: > In my experience (two or so years with DBIC/Catalyst and many, many > more with sundry DBI hacks) DBIC code has proven trivial to maintain > and augment. Furthermore, it's relatively easy to find programmers > who are familiar with it and can be brought up to speed quickly. Your > situation might be different; for me the maintenance is as important > as the development. This. At $work we adopted DBIC around 3 years ago when we switched to Catalyst. Since then, whenever we've brought new people onto the team I've had plenty of discussions with them about how much DBIC gets in the way and they would be able to get stuff done quicker if we just allowed them to write the SQL queries. Eventually given enough experience with what we do, everybody comes around to seeing how much better things are with DBIC - especially when it comes to adding new features into the existing code base. I would say that DBIC actually becomes most useful when you stop thinking about SQL and start thinking in terms of the data that you actually need. Instead of trying to convert SQL to code, you just code and can be more productive. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Using Catalyst with mod_per or FastCGI on heavy traffic web application
Another mod_perl user here! I've looked at FastCGI, but ongoing management has always looked to be more complecated than just altering the apache config. We have a multi-server setup with hardware load-balancers. They balance between two threaded apache servers which serve all static files and then using mod_proxy, pass other requests via the load balancer again to the three apache/mod_perl/catalyst servers. (We did it with mod_proxy_balancer for a while, but found the hardware load-balancer did a better job). The front apache servers are configured for maximum threads, with Keep-Alive on and very high connection timeouts. The mod_perl servers are configured with the usual pre-fork and Keep-Alive off. We maximise buffers in the front-end to release the mod_perl process as soon as they can to handle another request. We generally restart the mod_perl servers in turn, so although there's a slow restart that's invisible to end users. Should there be a problem with all the servers the front apache gets a 502 proxy error, so we replace that with a pretty page. One of the advantages of mod_perl is that you only have a single instance of perl running, so you only have code in common to your apps loaded once (so that covers everything from core and CPAN as well as bespoke common code.) If we want to run a slightly different version of a codebase we use "PerlOptions +Parent" which gives you a separate perl interpreter for a particular vhost. Now I wouldn't say this is a good setup for *everybody* to use, but certainly there's a class of users where this type of setup will work very well. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Using Catalyst with mod_per or FastCGI on heavytraffic web application
Adam Mackler wrote: > Finally, a wonderful benefit of using fastcgi is that each one of my > fastcgi applications runs as a separate user, and none of those > fastcgi users is the user that the web server runs as. I sleep that > much better at night knowing that the web server cannot read the files > that have database passwords in them, and so on. It's more likely that any security hole will be in the perl application rather than the web server, so your database password is equally exposed with either method. In any case you should be able to make your app root read-only - which will mean that the apache child processes can't read the files. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Page fragment caching
Tobias Kremer wrote: > c) somebody smarter than me has a better idea how to solve this > problem? :) Use Varnish as a caching-proxy in front-of your app. Use ESI to include the fragments and set appropiate cache-control headers in those reponses so Varnish can cache appropiately. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] uri_for
Tomohiro Hosaka wrote: > Is this correct result? Yes, the previous situation was a bug. Given sub foo : Args(1) { my ($c, $arg) = @_; }; The URL http://127.0.0.1/foo/bar%2Fbaz would match and set $arg to 'bar/baz' correctly. However reversing that using uri_for then returns the incorrect URL. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] determine MIME type of binary Webservice result?
Jens Schwarz wrote: > in my Catalyst application I use Webservices to connect to SAP. One > of these returns "binary" data (right now base64-encoded XML, later > also PDF). > > Is it possible to determine the MIME type of those returned > (sub)strings? If so, how? It doesn't matter that you're using Catalyst for this problem. Your first question should be whether SAP actually returns the data/MIME type as part of it's response to your request. If so crib it from there. If not, you could save the binary data to a file and run some form of file-type/magic number detection. If you're running in a unix environment you might find the "file" command useful for this. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: Avoiding UTF8 in Catalyst
Aristotle Pagaltzis wrote: > But there’s no room for “likelies” here: that’s programming by > coincidence. The "likely" was correct. When using UTF-8 whether the length of the string is different in bytes and characters depends entirely on what the contents of the string are. Given a particular string I could tell you exactly whether they should match, but in the general case all I can say is that it's *likely* to be different. In any case that's an argument about English :-) > Either you want it or you don’t, and in this case > you do. But bytes::length doesn’t do that. > > Please plese don’t make statements like “not in this case” > without knowing what the thing you are talking about does, i.e. > in this case bytes::length, does. There are enough misconceptions > about Unicode in Perl already. As far as the usage of bytes::length. Yes I agree with you that the code is wrong as it's taking the byte length of perl's internal representation - which happens to be utf-8 and whilst correct in that case, isn't for any other character set and shouldn't be relied upon. You *do* have to take a byte length of the string in the destination character set though, so I'm interested in what the correct solution would be. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: Avoiding UTF8 in Catalyst
Aristotle Pagaltzis wrote: > # everything should be bytes at this point, but just in case > $response->content_length( bytes::length( $response->body ) ); > > I was shocked to discover this! Any code that uses bytes::length > is automatically broken. Not in this case, the HTTP spec says that the Content-Length header should contain the number of octets in the body. If you're sending UTF-8 then this is likely different to the number of characters in the string. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst benchmark 5.7 VS 5.8
Tobias Kremer wrote: > So, what's a better way to find out how much memory is shared? On our > production servers "top" shows > > VIRT: 70116, RES: 64m, SHR: 3480 > > and I hope that 3480 is really not the amount of memory that is shared > because that'd be quite low. It's a different type of shared. That's amount of memory used through shared OS libraries. What everybody else in this thread is referring to as "shared" memory is actually the amount of memory that hasn't needed to be duplicated because of the copy-on-write semantics within the Linux kernel. Unfortunately there's currently no easy way I know of to get these figures on Linux. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst benchmark 5.7 VS 5.8
Toby Corkindale wrote: > (CentOS 5 was one of the operating systems that came with the > badly-patched Perl with the slow bless performance.. > although I'm sure it's been patched by now? > ie. http://blog.vipul.net/2008/08/24/redhat-perl-what-a-tragedy/ > ) Was patched last year - stop spreading FUD. The RHEL/CentOS perl build isn't the best one is the world but it's adequate enough for most uses. Too much FUD will just scare decision makers who don't understand the technical details and just see perl + RHEL = fail. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Configuration based on hostname
Mihai Bazon wrote: > Let me clarify that. I don't want to run the app more than once. I > just want the application to switch configuration file and database > depending on the hostname that each particular request targets. > > I've done this a zillion times with plain mod_perl, I just don't know > what's the proper route with Catalyst. We do it with multiple vhosts running the same catalyst app, then in Root->auto of the app we check $c->apache->server->server_hostname which provides the servername for the vhost as in the apache config. Checking the ServerName means that we can ignore any alternate domains configured using a ServerAlias directive. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Configuration based on hostname
> One of the limitations of mod_perl is that you can't run the same app > more than once on the same server. Sorry. Not true. We run multiple versions of the same app in the same apache process. Look at the +Parent option, which will create additional separate perl interpreters within the same apache process on a per-virtual-host basis. However I'd say it's more useful for running separate versions of code using the same namespace than running the same app across multiple domains. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Scalable Catalyst
I think that the mod_perl mailing list would also be interested in this - there are very few people on that list with practical examples of multi-thread. As far as I'm aware pre-fork is still pretty much the only model recommended. Alejandro Imass wrote: > Ok. What would you have done? - not meant as a defensive question but > really, we would like to hear options for this application! I would've probably pushed for a change in the architecture, so that the browser makes a request then polls for results. Don't under-estimate the ability of users to hammer the F5 button because the page has taken 2 seconds longer to come back than they expected! However I do find your choice of solution interesting, as you've essentially managed to get a fairly out-of-the-box solution working. There are a bunch of things that could be done to process this type of workload quicker, but with the disadvantage that you've got a bigger custom code-base to maintain. I'm curious about the memory differences between pre-fork and threaded in mod_perl from your testing. General mod_perl advice is to pre-load as much perl code and data as possible and take advantage of the copy-on-write aspects of VM. Did you push this? How much difference was there between the models? Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] User timezones
Devin Austin wrote: > you could simply create a column and add the GMT offset. NO! If you only use GMT offsets you'll just annoy your users anywhere in the world that has DST. If that's the only solution don't bother - just use a relevant fixed timezone. Much better to use the Olsen DB timezone names (DateTime supports them). my $dt = DateTime->new( year => 2009, month => 6, day => 25, hour => 15, minute => 42, time_zone => 'Europe/London'); print $dt->datetime, "\n"; $dt->set_time_zone('America/New_York'); print $dt->datetime, "\n"; As far as the original question - you could pass the user's choice of timezone as a parameter when you call the model to request the time. So instead of: $object->creation_date->strftime(' ... '); $object->creation_date($user->prefs->tz)->strftime(' ... '); That still allows you to have a model that will work without being part of a web request and that is easily testable. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst needing LOTS of RAM
Neo [GC] wrote: > Currently, our project allocates 330MB RAM right after startup (with > myproject_server.pl or fastcgi). What OS? Where do you get the 330MB figure from? > Over the time this is getting worse; > some month after the projects start it used about 80MB and we think > with some additional controllers and stuff it will need over 500MB. That sounds like big queries sucking lots of data in or a memory leak. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Re: how to confirm before deleteing
Aristotle Pagaltzis wrote: > http://yourapp.example.org/addressbook/delete/all";> > > into a page they control and then send a link to that page to > your users. If you allow destructive actions on GET, you have > just allowed for your users to be screwed over through no fault > of their own. Note that using POST rather than GET doesn't protect you from this specific problem - it's still possible to form a CSRF request with a POST action. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Production session issue - commercial support inquiry?
As for down-stream proxies, I am not explicitly setting no-cache headers from the app, should I be? < You might want to look into it. I've had problems with aggressive ISP caches before where they cached pages and sent them to other users - every page has "welcome username" at the top. The complaints dried up once we set all the pages to no-cache. At the same time we also set an explicit Expires header on all image/css/js etc files to increase the amount of caching. Note that playing about with stuff like this affects browser caches as well as proxies. There's a good tutorial here: http://www.mnot.net/cache_docs/ Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Production session issue - commercial support inquiry?
Just a quick thought - are you setting appropiate no-cache headers in your responses? Are the problems due to transparent caching at ISPs? Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Running java inside Catalyst
Not sure which specific engine you asked, but I'll just put all of them. He meant Catalyst engine... Catalyst::Engine::? Were you using the server script that comes with Catalyst? FastCGI? mod_perl? Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] CatalystSites.org
Is the Guardian run on Catalyst? No, not exactly sure what they're using but I believe they've gone down the Java route. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] CatalystSites.org
The site looks nice, but I find it a little "bloatware" to talk of 40+ sites, when it's obvious that a good part of them share the same layout and codebase and only differ in the content. That would actually be my "fault", as I added those sites. The aim is to create a list of public facing web sites running on Cat - we (currently) run 20 newspaper sites that do run on Cat. The fact they share a lot of code and have some design consistency could be seen as a bonus for the framework. For reference I work for the Regional division of the Guardian Media Group (our most known publication is The Guardian newspaper www.guardian.co.uk ) - the sites I listed served around 10 million pages last month to around a million different people. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] CatalystSites.org
I'm not sure what the 50%/51% good bit means - this isn't clear. Maybe replace this with "X users marked this as a favourite" - no point in allowing people to vote down ;) Would probably work better displayed Digg style (plus_votes - minus_votes) rather than having 50% as the default. If you're going to use a % then I would use (plus_votes/total_votes)*100 with a "nobody has voted yet" fallback. In any case, a good idea - I've added all our (public facing) sites at work to the site. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Distributed session storage problems/questions
4. Is it just crazy to run a load balanced setup without some type of sticky session setup on the proxy? If so, any implementations of this using Apache 2.x mod_proxy(_balancer) as the frontend would be greatly appreciated. < You should only use "sticky sessions" as a performance enhancer (more likely the back-end will have the right stuff for that user in cache) rather than a requirement for your app. Once it becomes a requirement your app is no longer able to cope with a server failure. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Development environments and performance
From: "Jonathan Rockway" <[EMAIL PROTECTED]> If you are using the same Apache process for more than one web app, You're Doing It Wrong (tm). For development or production? In production as long as you're using the same versions of Cat for your apps, I would've thought the memory gains would make it worthwhile. If you've got multiple sets of apache processes, then each set will load all the Catalyst (and other CPAN modules) into memory separately. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] LDAP
From: "Gavin Henry" <[EMAIL PROTECTED]> Ah, ok. What Directory server are you using btw? openldap Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] LDAP
Externally in your organisation? No to an external organisation that has been contracted by us to provide and host a web application. This application needs to share a single sign-on with applications built in-house using Catalyst. For configuration, why don't you have one set and reference it from both *::LDAP ?? Or I am being dumb here? No you're right that I can combine some of the configuration and reference it accordingly. However I don't have a single obvious place to add an extra method (although J Rockway may have a hack around that). You're pulling LDAP users into your RDBMS? Why not keep them there? If you are using PostgreSQL you can use dblink-ldap as a function. Might be handy. No I've got data in my RDBMS that has a relationship to the data in my LDAP directory. For example "comments" are added by users, therefore the comments in the database have a submitter for which the details are held in LDAP. dblink-ldap is interesting but we're a MySQL shop. I'm also taking a look at DBD::LDAP on CPAN which does a similar thing in perl-land. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
LDAP Injection [Catalyst]
Oh another LDAP subject that I meant to mention - LDAP Injection. It's something that's been mentioned regarding our use of LDAP. For example C:P:Auth:Store:LDAP suggests using a filter like: (&(objectClass=posixAccount)(uid=%s)) Then does: $filter =~ s/\%s/$replace/g; Which on a casual glance would seem to be a possibility for a LDAP-injection attack. The problems due to SQL Injection are well known and nobody would write similar code to interact with a DB. However there seems to be little in CPAN that acknowledges the risks of LDAP Injection. I suspect that Net::LDAP doesn't help here, there is a reference to making use of Net::LDAP::Filter to specify queries that will be properly escaped - however there isn't an example in the POD (hell I glanced at the source and couldn't be entirely sure). So again is this an area that anybody has considered and has some experience to share? Thanks again, Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] LDAP
Hi, I've been playing around with the LDAP stuff in Catalyst, we have a need to share user data externally for authentication reasons and currently believe LDAP is a good solution for this. To this end I've got C:P:Auth:Store:LDAP correctly authenticating users against a LDAP database. I've also got C:Model:LDAP pulling users out of the DB so that we can display names next to user-submitted content. Now to get to this stage I've got two lots of configuration, and effectively two chunks of code doing very similar jobs. I now need to add a custom method, and can't see anyway outside of doing it twice. Next up I want to link my DBIC schema to the LDAP stuff so I can automatically inflate users, however on this project we have some chunks of code that work outside Catalyst using the same schema, so I can't link them to the Catalyst Model. Ideally what I need here is some kind of generic ORM layer, an a thinner Catalyst Model which uses it. So anybody else got any experiences to share here? Is there some easy way to achieve what I want that I've missed? Anybody got code to share? Thanks Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: white-labelling [Catalyst]
Interesting term, 'white labelling'; where do you get it from. It's a fairly standard term for the process. One origin I've come across is it comes from manufacturers selling products with plain white labels to supermarkets, who would then brand them as own-brand products. However these days it applies in all industries where such practices are common, for example white-label credit cards are common. Good web examples would be LOVEFiLM ( www.lovefilm.com ) providing a DVD rental service under several other brands :- http://www.tescodvdrental.com/ http://dvd.easycinema.com/ http://www.odeondirect.com/ A client wants something similar so I am interested in the issue. The sites will have some differences such as CSS but access the same application. If you can get it just down to CSS changes, you could probably just put a conditional in where you load the CSS files (testing the hostname used to access the site). It's likely that sooner or later though you're going to need actual template changes, in which case you could just use an alternate view in Catalyst pointing to a separate set of templates. You probably want to experiment a little as it depends where you want the balance between separate and common stuff. Too much common stuff and it gets harder to customise the look and feel for a client to what they'd like. Too much separation means more maintenance work when improving your application. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] warning
Our sysadmin told me that this way is better because we won't make traffic (and slow down) on the public network interface. Marginal, you'd need to be doing *a lot* of data transfer. I think our data transfer at our ISP maxes out at around 12Mbps on an average lunch time - well below the 100Mpbs a poor network can do. And he also told me that he cannot assign a single domain name that points to 2 different IP addresses, because we have a single DNS. He told that yes, if we would have 2 DNS, he could make one work for the intranet and one for the internet access, but it is not the case. Use HOSTS files on the local machines to override the DNS IP? cookies_expire => 0, If you have also tried with this kind of cookies and it works in Firefox, please tell me the version of Firefox. I've it on my dev setup and it works on current Firefox 2, however checking the raw cookie and it's setting a time of 2 hours, so I think something else is going on. I've not got time to dig further at the moment. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Authentication for web services (slightly off topic)
I could use Apache Basic Authentication, but I would prefer to hold usernames passwords in a database rather than a htpasswd file. I realise that you've been given an all-Cat solution for this however I just want to point out that just because you're using Basic Auth in Apache, doesn't mean that you have to hold the details in a htpasswd file. They've separated the Basic Auth at the front-end from how the details are stored at the back-end in Apache 2.2. So you could use mod_auth_basic to handle the client-side, and mod_authn_dbd to do the DB lookup. http://httpd.apache.org/docs/2.2/howto/auth.html Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: white-labelling [Catalyst] (Was: warning)
You may want to deliver somewhat different content depending on which URL they use; is that what you mean by 'white-labelled'? By white labelling I mean the same functionality and data wrapped up in different branding like: http://www.stockportexpress.co.uk/news/s/1033042_wii_posing_injury_risk http://www.manchestereveningnews.co.uk/news/s/1033042_wii_posing_injury_risk The main part of the content is the same, however the stuff around that is different. That said you might want to do more subtle tweaks according to domain name. However I can't see a reason for doing stuff like this: http://www.thesun.co.uk/sol/homepage/ http://thesun.co.uk/sol/homepage/ Never mind the case where the actual domains are different. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] index and default actions (was: Why no extra attributes on Private actions?)
I foresee index and default going the fuck away for 5.80 unless you're in compat mode. I'm curious about these two. I've made plenty of use of index, and off the top of my head can't see another way of doing the home page of site. As far as default, I'd currently use that to do my 404 handling - is there an alternative way of doing that? Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] warning
My site is accessed with 2 different domain names, and the app must send a cookie that specify a domain, because otherwise Firefox doesn't send the cookie back to the server. I've given you an answer to that problem once. Redirect domain2.com to domain1.com and only serve your site through domain1.com You can't use the same cookies on both domains, which means that a users state will be changing if they switch between domain1 and domain2. You SEO will be better because all your pages and traffic are concentrated on the same domain. I can't think of any reason why you should be serving the same site on different domains. Note (before somebody pulls me up again) that different white-labelled sites based on the same app is a different situation. As far as your problem with Firefox - I don't get that here! Here's the raw cookie as returned in the HTTP Response from our app in the production environment: Set-Cookie: men_session=79e37a10cd324c8ac0761e90c7f73b37bb0161bd; path=/; expires=Wed, 06-Feb-2008 13:45:26 GMT We've never had any problems with sessions and Firefox, we use them for flash messages as well as tracking authenticated sessions. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Debugging Catalyst with Eclipse
I'd love to help write more docs. What format do I use POD and who do I submit them to? I'd suggest starting on the catalyst-dev list. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] PostgreSQL quoting issues
my $rsts = $c->model ('MintAppDB::TransSum')->find ({ category => $c->req->param ('category'), sentto => $c->req->param ('sentto'), iso => $c->req->param ('iso') }); This is broken! Simply try requesting a URL such: ?category=cat1&category=cat2 Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] hostname
cookie_domain => the_host() in the MyApp config, but when I try to start the server it gives an error telling that I can't use the method "req" because $c is undefined. I'd be curious about why you wanted the cookie domain in the config anyway! I presume you've got a bit of code like: $c->response->cookies->{'foo'} = { domain => $c->config('cookie_domain') }; In which case why couldn't you just do $c->response->cookies->{'foo'} = { domain => $c->req->hostname }; But anyway, what I need is working because I can avoid setting a domain name for the cookie. Yeah exactly, setting the domain in the cookie to match the domain requested is pretty pointless anyway as that's what browsers do by default. About the only time you need to send a domain back is when you want to set a cookie across all subdomains or similar. Eg: { domain => '.example.com' } Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] hostname
From: <[EMAIL PROTECTED]> How would you propose handling an ASP like service that is branded (both host whatever.companya.com ... othersuch.company9.com, and templates) for 1 companies? You should've a bit further down to where I wrote: That said, there's a case for needing to know the hostname if you've got multiple sites running from the same Cat App. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] hostname
from the context object, but is unavailable to MyApp.pm. cookie_domain Both the context object and the hostname should be available to code within MyApp.pm, but only if the code is running during a request. In any case I wouldn't point multiple domains at the same site, you're always best off choosing your preferred name and redirecting alternatives. Otherwise you're going to have fun with users following links to domain1.com and coming back via links to domain2.com - often within minutes of each other. That said, there's a case for needing to know the hostname if you've got multiple sites running from the same Cat App. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] configurable base url?
So if I want to run multiple versions of the same app it looks like I'll have to do it on Apache with cgi/fcgi because mod-perl won't let you have competing stuff in the same namespace. We run 17 versions of the same app for 17 different sites on different domains. The only thing we do do is poke into: $c->apache->server->server_hostname To get the servername (as in the apache config) for the site so that we can filter content and change logos appropiately. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] Catalyst::Plugin::Authentication::Store::LDAP problems
I've got LDAP authentication working with Apache. Is there an authentication method that simply takes over the username and password that Apache got from the user? I believe Apache stores the user name from its auth in the REMOTE_USER env var. Or if you're using mod_perl you should be able to get it from the request object. $c->apache->user Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] difficulty in assigning an array to a stash
jagdish eashwar wrote: I am getting only the last value in the tt2 template. You're actually getting the number of items in the list, because that's what you get when you turn a list into a single value. Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] DProf
It's probably useful to tell you what these various commands are actually doing, rather than just saying check-this and check-that... lsof = LiSt Open Files basically it lists every file that a process has open, that includes the executable file itself and any libraries or shared code. The best way to use it is with a process ID: lsof -p 1234 Pick a process ID for one of the "stuck" httpd processes. It's use would be looking to see if your app is reading files it shouldn't need to, or maybe reading lots and lots of files. strace = System TRACE It'll allow you to attach to a process and show every system call the program makes. System calls are things like opening/reading/writing/closing files/network connections. Again you should run it on one of your stuck processes that's using lots of CPU and isn't finishing. Finally, you've found top, but I find that when you've got a server that's overloaded, frequently "vmstat" provides more interesting information. vmstat 5 Will give you a snapshot of what's happening on your system every 5 seconds. The columns are described on the man page, however it'll give you a better breakdown of what's happening across the system as a whole (although not what processes are causing that activity) Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
Re: [Catalyst] New Catalyst site
I would like to announce that www.manchestereveningnews.co.uk has just been relaunched using Catalyst and mod_perl. Further to my original email, we've now finished rolling out our Manchester newspaper sites onto Catalyst. a.. Accrington Observer www.accringtonobserver.co.uk b.. The Asian News www.theasiannews.co.uk c.. Glossop Advertiser www.glossopadvertiser.co.uk d.. Heywood Advertiser www.heywoodadvertiser.co.uk e.. Macclesfield Express www.macclesfield-express.co.uk f.. Manchester Metro News www.metronews.co.uk g.. Middleton Guardian www.middletonguardian.co.uk h.. North East Manchester Advertiser www.nemadvertiser.co.uk i.. Oldham Advertiser www.oldhamadvertiser.co.uk j.. Prestwich Advertiser www.prestwichadvertiser.co.uk k.. Rochdale Observer www.rochdaleobserver.co.uk l.. Rossendale Free Press www.rossendalefreepress.co.uk m.. Salford Advertiser www.salfordadvertiser.co.uk n.. South Manchester Reporter www.southmanchesterreporter.co.uk o.. Stockport Express www.stockportexpress.co.uk p.. Tameside Advertiser www.tamesideadvertiser.co.uk q.. Wilmslow Express www.wilmslowexpress.co.uk Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
[Catalyst] merging DB data with XML data
Hi, This may be more of a DBIx::Class question than Catalyst, but anyway. I have a system where the bulk of the content is generated elsewhere in XML format, I've implemented a Catalyst Model that reads the XML, and returns a blessed perl data structure (with appropriate caching etc.) Where I've got problems is searching, it's impractical to search 1000s of XML files, so I want to put some of the meta-information (and maybe dump a copy of the text) into a DB for search purposes. What I'd like to do though is when I do a search in the DB, turn any rows returned into these XML objects so I can then access the whole of the content as usual. Suggestions welcome! Carl ___ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/