You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mod_dtcl@tcl.apache.org by mi...@aldan.algebra.com on 2001/06/08 21:27:29 UTC
FreeBSD port updated
Please, update the reference to the FreeBSD package soon -- the package
should be built in a couple of days automaticly. In general, I'd suggest
you point FreeBSD users wishing to build from source to the port. Just
ask them to
cd /usr/ports/www/mod_dtcl
make
echo make install | su
make clean
Yours,
-mi
------ Forwarded message ------
From: Mikhail Teterin
Subject: cvs commit: ports/www/mod_dtcl Makefile distinfo
Date: Fri, 8 Jun 2001 12:12:31 -0700 (PDT)
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
mi 2001/06/08 12:12:31 PDT
Modified files:
www/mod_dtcl Makefile distinfo
Log:
Upgrade to 0.11.0. The next release is promised to contain most of our
patches!..
Revision Changes Path
1.10 +2 -2 ports/www/mod_dtcl/Makefile
1.6 +1 -1 ports/www/mod_dtcl/distinfo
Re: FreeBSD port updated
Posted by Wojciech Kocjan <zo...@nowiny.net>.
> > However, apreq, IMO, suffers from the same drawback many upload
> > handling APIs do -- the application only gets access to the file
> > once it is fully uploaded. This opens the server to DoS attacks and
> > others.
> There is an upload callback which I added to the code to be able to
> upload to Tcl variables. It could probably be exanded to do more...
Great to hear that ;-)
> > For example, if I only expect JPEG files, I can stop the upload of
> > something else after the first 512 bytes...
> I am going to add an 'upload' command to dtcl, which I will try and
> make as flexible as possible.
Great to hear that one too. I suppose a good and flexible solution is to
use regexp.
ie.
upload -method file -name $myfile -bcheck 16 -bregexp {......JFIF} - this
one could be a bit hard to do but should be quite useful. Also if you code
it well, the regexp checking could be easily converted to using Tcl proc
as well - but I'd really prefer using 1-line regexp ;-).
Maybe a good compromise would be to be able to do sth like in event/bind:
upload -method file -name $myfile -bcheck 256 \
-bregexp [list myregexp {......JFIF}]
and
proc myregexp {pattern data} {
}
It would be really useful, I suppose. Also, the proc could return 0/1
values and a 0 value should simply abor the upload. Maybe it should return
a message to send to the user client in the HTTP header).
Any ideas/comments on that?
--
Wojtek Kocjan
wojciech@kocjan.org
Re: FreeBSD port updated
Posted by "David N. Welton" <da...@apache.org>.
Mikhail Teterin <mi...@aldan.algebra.com> writes:
> On 14 Jun, David N. Welton wrote:
> > libapreq is a small C library for handling variables and file uploads.
> > I don't actually use it as a library, so that people don't have to
> > download an extra package.
> I'd actually prefer to see the extra package -- so there is no
> replication of code like this :)
Of course, this is better, but untill apreq is common, I'll just
include the 6 files in mod_dtcl. I suppose I could do something
similar in Debian, given that it has a dependency system as well...
But maintaining different versions is more hassle than it's worth,
IMO.
> There is a FreeBSD port of libapreq, it turns out. So I'll let its
> maintainer know about my patches and modify the mod_dtcl port to
> depend on the libapreq port instead of compiling its own... This
> way, the same library can be shared between TCL and Perl users.
Great - at some point in the future, I may want to borrow this work
for the main dtcl tree so that this is the standard behaviour. I
would highly encourage you to at least post your changes to the apreq
list, so you can discuss them directly, instead of passing them
through the apreq maintainer.
> However, apreq, IMO, suffers from the same drawback many upload
> handling APIs do -- the application only gets access to the file
> once it is fully uploaded. This opens the server to DoS attacks and
> others.
There is an upload callback which I added to the code to be able to
upload to Tcl variables. It could probably be exanded to do more...
> For example, if I only expect JPEG files, I can stop the upload of
> something else after the first 512 bytes...
I am going to add an 'upload' command to dtcl, which I will try and
make as flexible as possible.
Thanks,
--
David N. Welton
Free Software: http://people.debian.org/~davidw/
Apache Tcl: http://tcl.apache.org/
Personal: http://www.efn.org/~davidw/
Work: http://www.innominate.com/
Re: FreeBSD port updated
Posted by Mikhail Teterin <mi...@aldan.algebra.com>.
On 14 Jun, David N. Welton wrote:
> libapreq is a small C library for handling variables and file uploads.
> I don't actually use it as a library, so that people don't have to
> download an extra package.
I'd actually prefer to see the extra package -- so there is no
replication of code like this :) There is a FreeBSD port of libapreq, it
turns out. So I'll let its maintainer know about my patches and modify
the mod_dtcl port to depend on the libapreq port instead of compiling
its own... This way, the same library can be shared between TCL and Perl
users.
However, apreq, IMO, suffers from the same drawback many upload handling
APIs do -- the application only gets access to the file once it is fully
uploaded. This opens the server to DoS attacks and others.
For example, if I only expect JPEG files, I can stop the upload of
something else after the first 512 bytes...
I once wrote a callback-based handler for B. Welch's tclhttpd -- purely
in TCL, but tclhttpd gives you access to the HTTP-connection socket, so
it is easy to bind callbacks to it.
Yours,
-mi
Re: FreeBSD port updated
Posted by "David N. Welton" <da...@apache.org>.
mi@aldan.algebra.com writes:
> > The link I'm using is this:
> >
> > http://www.freebsd.org/cgi/ports.cgi?query=mod_dtcl
>
> The http://tcl.apache.org/mod_dtcl/documentation.ttml links to
> http://www.freebsd.org/ports/www.html#mod_dtcl-0.8.1.1
Ah, woops, there's the reason for the discrepancy!
> > Is there something else I should be using?
> >
> >> cd /usr/ports/www/mod_dtcl
> >> make
> >> echo make install | su
> >> make clean
> >
> > Hrm, currently, I don't have OS specific install instructions, in the
> > hope that users of specific OS's will know how to install for their
> > OS. I guess some minimal instructions like the above (and apt-get
> > install libapache-mod-dtcl, and rpm -i mod_dtcl.deb) couldn't hurt...
>
> The same page has build instructions in item 3...
They are generic, though. I suppose I can see about putting system
specific instructions there. Actually, I need to break the whole
thing up into install/runtime/other, in any case.
> >> Upgrade to 0.11.0. The next release is promised to contain most of our
> >> patches!..
> >
> > Are you going to post the other patches to the libapreq list? They
> > looked good to me, but I didn't include them because I want to be in
> > sync with apreq, so that is the correct place to try and get them
> > added.
>
> I'll see what it takes :) I don't yet know, what libapreq is -- if it's
> part of Apache, the FreeBSD Apache-port maintainers will do the work :)
Ok, a brief introduction:
Originally, I wrote all the code for variable handling (relatively
easy), and file uploads (a big pain in the neck), not having found
anything I could use to do this 'out of the box'. Subsequently, I
discovered libapreq as it was added to the ASF CVS repository.
libapreq is a small C library for handling variables and file
uploads. I don't actually use it as a library, so that people don't
have to download an extra package. And also because I only use a few
files:
apache_cookie.[ch] apache_multipart_buffer.[ch] apache_request.[ch]
which I copy straight out of libapreq. So, any changes in these files
should really be ported to the 'real' libapreq, which is currently
used both by mod_dtcl and mod_perl (maybe others?).
cvs -d:pserver:anoncvs@www.apache.org:/home/cvspublic login
(passwd anoncvs)
cvs -d:pserver:anoncvs@www.apache.org:/home/cvspublic checkout httpd-apreq
apreq-dev@httpd.apache.org is the mailing list...
Ciao,
--
David N. Welton
Free Software: http://people.debian.org/~davidw/
Apache Tcl: http://tcl.apache.org/
Personal: http://www.efn.org/~davidw/
Work: http://www.innominate.com/
Re: FreeBSD port updated
Posted by mi...@aldan.algebra.com.
On 12 Jun, David N. Welton wrote:
> mi@aldan.algebra.com writes:
>
>> Please, update the reference to the FreeBSD package soon -- the package
>> should be built in a couple of days automaticly. In general, I'd suggest
>> you point FreeBSD users wishing to build from source to the port. Just
>> ask them to
>
> The link I'm using is this:
>
> http://www.freebsd.org/cgi/ports.cgi?query=mod_dtcl
The http://tcl.apache.org/mod_dtcl/documentation.ttml links to
http://www.freebsd.org/ports/www.html#mod_dtcl-0.8.1.1
> Is there something else I should be using?
>
>> cd /usr/ports/www/mod_dtcl
>> make
>> echo make install | su
>> make clean
>
> Hrm, currently, I don't have OS specific install instructions, in the
> hope that users of specific OS's will know how to install for their
> OS. I guess some minimal instructions like the above (and apt-get
> install libapache-mod-dtcl, and rpm -i mod_dtcl.deb) couldn't hurt...
The same page has build instructions in item 3...
>> Upgrade to 0.11.0. The next release is promised to contain most of our
>> patches!..
>
> Are you going to post the other patches to the libapreq list? They
> looked good to me, but I didn't include them because I want to be in
> sync with apreq, so that is the correct place to try and get them
> added.
I'll see what it takes :) I don't yet know, what libapreq is -- if it's
part of Apache, the FreeBSD Apache-port maintainers will do the work :)
Yours,
-mi
Re: FreeBSD port updated
Posted by "David N. Welton" <da...@apache.org>.
mi@aldan.algebra.com writes:
> Please, update the reference to the FreeBSD package soon -- the package
> should be built in a couple of days automaticly. In general, I'd suggest
> you point FreeBSD users wishing to build from source to the port. Just
> ask them to
The link I'm using is this:
http://www.freebsd.org/cgi/ports.cgi?query=mod_dtcl
Is there something else I should be using?
> cd /usr/ports/www/mod_dtcl
> make
> echo make install | su
> make clean
Hrm, currently, I don't have OS specific install instructions, in the
hope that users of specific OS's will know how to install for their
OS. I guess some minimal instructions like the above (and apt-get
install libapache-mod-dtcl, and rpm -i mod_dtcl.deb) couldn't hurt...
> Upgrade to 0.11.0. The next release is promised to contain most of our
> patches!..
Are you going to post the other patches to the libapreq list? They
looked good to me, but I didn't include them because I want to be in
sync with apreq, so that is the correct place to try and get them
added.
Thanks,
--
David N. Welton
Free Software: http://people.debian.org/~davidw/
Apache Tcl: http://tcl.apache.org/
Personal: http://www.efn.org/~davidw/
Work: http://www.innominate.com/