Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: CGI.pm not processing POST within AuthenHandler: msg#00133

apache.mod-perl.devel

Subject: Re: CGI.pm not processing POST within AuthenHandler

[moving this discussion to the dev list. it's very important]

Joe Schaefer wrote:
Stas Bekman <stas@xxxxxxxxxx> writes:


[offlist]

Joe Schaefer wrote:


Apache/2.0.44 (Gentoo/Linux) mod_perl/1.99_09 Perl/v5.8.0 CGI.pm/2.93

Attempting to read POST data before the content-handler is called
is unsafe with httpd-2. You'll probably have to wait for
Apache::Request to be ported over in order to do something like that.

Why do you say that it's unsafe?



I haven't looked at how CGI.pm implements this, but IIRC the problem
with reading POST data from an auth handler is that ap_run_insert_filter
doesn't get called until the content handler is invoked. If there
are any request filters that are supposed to be active for the request, they'll be missed by CGI.pm 's parse.

Good point. We need to document this and make sure that CGI.pm does the right thing. Either it needs to check some flag that is available only inside the response handler or use the API that checks which phase we are in, which I haven't committed yet.

However what should do those who want to devise their own custom auth handlers, not based on mechanisms provided by Apache, but using HTML forms? Perhaps we need a technique to call ap_run_insert_filter(r) early if there is a need for that? Of course developers will have to be aware of the risks. I guess if CGI.pm and Apache::Request do the right thing, then they shouldn't worry about it.

mod_apreq.c still doesn't handle this situation quite right, but
I have a good idea about how it should be fixed.

mod_cache.c runs it manually:
modules/experimental/mod_cache.c: ap_run_insert_filter(r);
however it has an excuse of being run as quick handler hook


__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@xxxxxxxxxx http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Fwd: Apache::Reload Module], Stas Bekman
Next by Date:  Re: [Fwd: Re: [Fwd: error in Apache::SizeLimit for BSD]], Vivek Khera
Previous by Thread:  Re: [Fwd: Apache::Reload Module], Stas Bekman
Next by Thread:  Re: [Fwd: Re: [Fwd: error in Apache::SizeLimit for BSD]], Vivek Khera
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
hardware.arm.at...    cms.citadel.dev...    video.gstreamer...    java.facelets.u...    misc.basics.qna...    web.wiki.instik...    network.uip.use...    xdg.devel/2003-...    tex.bibtex.bibd...    finance.quotesp...    ietf.zeroconf/2...    redhat.blinux.g...    suse.db2/2003-0...    php.phpesp/2004...    uml.devel/2003-...    gnome.labyrinth...    qnx.openqnx.dev...    boot-loaders.gr...    db.dataperfect....    audio.audacity....    linux.uclinux.m...    editors.j.devel...    os.openbsd.tech...    kde.users.multi...   
Home | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe

Navigation