Pure perl encrypt/decryption?
grym...@my-deja.com
that is in pure perl. My ISP doesn't want to install any
external modules. I've looked at the perl modules but all the ones
I've looked at use an external library.
Is there a pure perl encryption/decryption routine someplace?
This is for low volume data, so speed isn't important.
Sent via Deja.com http://www.deja.com/
Before you buy.
Rob McMillin
> I'm setting up a web page, and need an encryption (not hash) function
> that is in pure perl. My ISP doesn't want to install any
> external modules. I've looked at the perl modules but all the ones
> I've looked at use an external library.
>
> Is there a pure perl encryption/decryption routine someplace?
> This is for low volume data, so speed isn't important.
Not that I've seen.
--
http://www.pricegrabber.com | Dog is my co-pilot.
Thomas Kratz
grym...@my-deja.com wrote in message <8q5cgg$kq6$1...@nnrp1.deja.com>...
>I'm setting up a web page, and need an encryption (not hash) function
>that is in pure perl. My ISP doesn't want to install any
>external modules. I've looked at the perl modules but all the ones
>I've looked at use an external library.
>
>
>Is there a pure perl encryption/decryption routine someplace?
>This is for low volume data, so speed isn't important.
>
What about Crypt::Blowfish_PP ? (the PP stands for Pure Perl)
--
Thomas
Godzilla!
> Is there a pure perl encryption/decryption routine someplace?
> This is for low volume data, so speed isn't important.
Mix and match as you wish. With a little thought, you
will decrypt my last two encrypted encryption routines.
If you are smart, you will beta test extensively before
messing with valuable data.
TEST SCRIPT:
____________
#!/usr/local/bin/perl
print "Content-Type: text/plain\n\n";
$sample = "Green Hornet Secret Decoder Ring";
print "Input Sample Is:
$sample\n\n";
## Encode:
$random_key = int(rand(2));
if (!($random_key))
{
srand;
$random_key = int(rand(2));
}
if ($random_key == 0)
{ $sample =~ tr/a-zA-Z/h-za-gH-ZA-G/; }
elsif ($random_key == 1)
{ $sample =~ tr/a-zA-Z/t-za-sT-ZA-S/; }
else
{ print "Random Key Generation Failed"; exit; }
$sample = reverse ($sample);
$sample =~ s/(.)/sprintf('%02x',ord($1))/ge;
$sample = join ("", $sample, $random_key);
print "Encoded Sample Is:
$sample\n\n";
## Decode:
$random_key = chop ($sample);
$sample =~ s/([0-9A-Fa-f]{2})/sprintf("%c",hex($1))/ge;
$sample = reverse ($sample);
if ($random_key == 0)
{ $sample =~ tr/h-za-gH-ZA-G/a-zA-Z/; }
elsif ($random_key == 1)
{ $sample =~ tr/t-za-sT-ZA-S/a-zA-Z/; }
else
{ print "Random Key Generation Failed"; exit; }
print "Decoded Sample Is:
$sample\n\n";
print "\n\n\n";
######
$sample = "God's Little Girl Kicks Ass!";
print "Input Sample Is:
$sample\n\n";
## Encode:
$sample =~ tr/ H-OV-ZP-UA-G/ИЙКЫЬБВГДЕЖЗЛМНОПР УФХЦЧШЩЪ/;
$sample = reverse ($sample);
$sample =~ s/(.)/sprintf('%02x',ord($1))/ge;
$sample =~ tr/975318642abcdef/ЖЗЛМНОКЫЬ УФХЦЧ/;
print "Encode:
$sample \n\n";
## Decode
$sample =~ tr/ЖЗЛМНОКЫЬ УФХЦЧ/975318642abcdef/;
$sample =~ s/([0-9A-Fa-f]{2})/sprintf("%c",hex($1))/ge;
$sample = reverse ($sample);
$sample =~ tr/ИЙКЫЬБВГДЕЖЗЛМНОПР УФХЦЧШЩЪ/ H-OV-ZP-UA-G/;
print "Decode:
$sample \n\n";
print "\n\n\n";
######
$sample = "Godzilla Rocks N Rolls!";
print "Input Sample Is:
$sample\n\n";
## Encode:
$sample =~ tr/ H-OV-ZP-UA-G/ УФХЦЧШЩЪЫЬБВГДЕЖЗИЙКЛМНОПР/;
$sample = reverse ($sample);
$sample =~ s/(.)/sprintf('%02x',ord($1))/ge;
$sample =~ tr/975318642abcdef/ЕЗЙ873514УХЧЩЫБ/;
print "Encode:
$sample \n\n";
## Decode
$sample =~ tr/ЕЗЙ873514УХЧЩЫБ/975318642abcdef/;
$sample =~ s/([0-9A-Fa-f]{2})/sprintf("%c",hex($1))/ge;
$sample = reverse ($sample);
$sample =~ tr/ УФХЦЧШЩЪЫЬБВГДЕЖЗИЙКЛМНОПР/ H-OV-ZP-UA-G/;
print "Decode:
$sample \n\n";
print "\n\n\n\n";
@й = (a .. z); @о = qw (7 15 4 26 9 12 12 1 18 15 3 11 19);
srand(time() ^ ($$ + ($$ << 15))); for ($з = $о[$о[0]];
$з < $о[0]-2; $з++) { sub G { rand(1000) < 500 ? "\u$1" : "\l$1" ; }
foreach $┐ (@о) { $в = $й[$┐-1]; $в =~ sб([a-z])бG($1)бgie;
$╪ = "$╪$в"; } $╪ ="$╪! "; $° = substr ($╪, $о[12] - $о[11], 0, " ");
$╪ =~ sп(a)(r)п$1 $2пi; push (@╪,$╪); } foreach $б (@╪)
{ print "$б\n"; } @╢ = reverse (@╪); foreach $╢ (@╢)
{ print "$╢\n"; } exit;
PRINTED RESULTS:
________________
Input Sample Is:
Green Hornet Secret Decoder Ring
Encoded Sample Is:
7a67624b206b787768767857206d786b76784c206d78676b6841206778786b5a1
Decoded Sample Is:
Green Hornet Secret Decoder Ring
Input Sample Is:
God's Little Girl Kicks Ass!
Encode:
ЬНЗМЗМЖЫООЗМКУКМКЖЖФООКФЗЬКЖЖ ООКЛКФЗЫЗЫКЖОНООЗМЬЗКЫКЧЖ
Decode:
God's Little Girl Kicks Ass!
Input Sample Is:
Godzilla Rocks N Rolls!
Encode:
47З85Ч5Ч5Б35ЗБЕЕЗБЗ85Х585Б35ЗБ575Ч5Ч5ЕЗУ515БЕ0
Decode:
Godzilla Rocks N Rolls!
gOdZiLlA roCks!
gOdZiLlA roCks! GOdZilla ROcKs!
gOdZiLlA roCks! GOdZilla ROcKs! GOdZILlA roCKS!
gOdZiLlA roCks! GOdZilla ROcKs! GOdZILlA roCKS! godzilLA rOCks!
gOdZiLlA roCks! GOdZilla ROcKs! GOdZILlA roCKS! godzilLA rOCks!
gOdZiLlA roCks! GOdZilla ROcKs! GOdZILlA roCKS!
gOdZiLlA roCks! GOdZilla ROcKs!
gOdZiLlA roCks!
nob...@mail.com
> I'm setting up a web page, and need an encryption (not hash) function
> that is in pure perl. My ISP doesn't want to install any
> external modules. I've looked at the perl modules but all the ones
> I've looked at use an external library.
Take a look at the Crypt:: modules on CPAN. Pay particular attension
to the ones with "pure Perl" in their on-liner descriptions.
There aren't all that many to choose from I'm affraid.
--
\\ ( )
. _\\__[oo
.__/ \\ /\@
. l___\\
# ll l\\
###LL LL\\
grym...@my-deja.com
"Thomas Kratz" <Thomas...@lrp.de.nospam> wrote:
>
> What about Crypt::Blowfish_PP ? (the PP stands for Pure Perl)
That should do it! Thanks!
(It wasn't listed in the Security modules)....
grym...@my-deja.com
grym...@my-deja.com wrote:
> That should do it! Thanks!
Oops! it only encrypts the first 8 characters.
I'll have to do it in chunks, I guess
Andy Flisher
> In article <8q60qe$eni$1...@nnrp1.deja.com>,
> grym...@my-deja.com wrote:
>
> > That should do it! Thanks!
> Oops! it only encrypts the first 8 characters.
> I'll have to do it in chunks, I guess
Encrypting's not too much of a hardship, just through 8 Bytes at a time
at it, it's the decoding that gave me grief.
Splitting text on the way in is easier as it's 8 chars, but there's no
guarantee that you're gonna get 8 chars back. Ideally I would like to
append the encrypted chunks together into one string and output to
wherever, and then read back int, split, and decrypt, but can't fathom
out how?
The only thought that sprang to mind was to either seperate the chunks
with \n and then chomp on the way back in, but to be honest haven't tried
it. Theories would be useful on this one, else I'm back to piping output
through PGP again :-(
--
Andy Flisher
'All postings are a reflection of my state of mind,
and not necessarily of any worthwhile opinion'
Andy Flisher
to...@svanstrom.com says...
> As long as you know what you're doing (RTFM and/or check the output) you
> can pad it anyway you like, \n is most likely the best solution though;
> simply because it's quite unlikely that something like that will use \n
> in its output.
>
What I figured, I'll have to find time to go back and play with this.
We've worked recently piping through mcrypt, but would prefer to keep it
in with the script.
We'll see how it goes, cheers.
Andy Flisher
andrew....@onyx.net says...
> In article <1eh8yup.12zxv2p1wpkh1vN%to...@svanstrom.com>,
> to...@svanstrom.com says...
>
> > As long as you know what you're doing (RTFM and/or check the output) you
> > can pad it anyway you like, \n is most likely the best solution though;
> > simply because it's quite unlikely that something like that will use \n
> > in its output.
As a follow up this works a treat, basically take your string to encode
and loop through this putting each 8bytes into an array.
Then loop through the array, encrypt each element, and put the returned
into a string with a \n at the end, ie
$encrypted .= $blowfish->encrypt($split_text[$i])."\n";
To Decrypt simply read the string in line by line (assuming from file
here, but simply seperate on \n if from elsewhere) and chomp. Each
section being put into an array. Then again beform opposite of aove
decrypting each element and put back into a single string.
Works well, fast, and still pure perl.
grym...@my-deja.com
Andy Flisher <andrew....@onyx.net> wrote:
> Splitting text on the way in is easier as it's 8 chars, but there's no
> guarantee that you're gonna get 8 chars back.
Really? Oh my. That may complicate things. I only need to encrypt a
credit card number, but if I get chunks of varying size, it will be
messy.
When I tested it, it always returned chunks of 8 bytes.
How sure are you about this? How often does it happen?
grym...@my-deja.com
> with \n and then chomp on the way back in, but to be honest haven't
tried
> it. Theories would be useful on this one, else I'm back to piping
output
> through PGP again :-(
I tested it, and the following code works.
I am not sure I beilieve your statement that sometimes Blowfish_PP
returns blocks of size different from 8. I ran some text cases through
it, and it seems fine.
sub ENCRYPT {
# Big crypt - handles big chunks
my $plain = shift;
my $results = "";
while (length($plain) > 0) {
# take first 8 bytes
my $piece = substr($plain,0,8);
substr($plain,0,8) = "";
$results .= &encrypt($piece);
}
return $results;
}
sub DECRYPT {
# Big decrypt - handles big chunks
my $cipher = shift;
my $plain = "";
while (length($cipher) > 0) {
# take first 8 bytes
my $piece = substr($cipher,0,8);
substr($cipher,0,8) = "";
$plain .= &decrypt($piece);
}
return $plain;
Andy Flisher
> I tested it, and the following code works.
> I am not sure I beilieve your statement that sometimes Blowfish_PP
> returns blocks of size different from 8. I ran some text cases through
> it, and it seems fine.
You may well be correct, however I was mainly relying on output to
console which can go a little mad, in one example a sting or 8 chars
echoes out 2 'spaces' and another char. This may just be the console
misinterpreting I don't know.
I decided to play safe in the end by using \n to seperate, it's no
hardship on the code and means that I know categorically where the
seperators should be.
I'm only using this for passwords anyway so the 8 char business was for
my own benefit as opposed to necessity.
I already use a pipe to PGP for credit card numbers and the like, my
customers seem to prefer this as it uses keys that they have created, and
gives them a feeling of better control.
Cameron Dorey
>
> I'm setting up a web page, and need an encryption (not hash) function
> that is in pure perl. My ISP doesn't want to install any
> external modules. I've looked at the perl modules but all the ones
> I've looked at use an external library.
>
> This is for low volume data, so speed isn't important.
What would be the problem with you putting a module in your personal
space, if the ISP doesn't want to put it in the default path?
Cameron
--
Cameron Dorey
Associate Professor of Chemistry
University of Central Arkansas
Phone: 501-450-5938
came...@mail.uca.edu
Mark-Jason Dominus
>guarantee that you're gonna get 8 chars back.
Perhaps I'm mistaken, but I thought that Blowfish was a block cipher,
which means that yes, there *is* a guarantee that you're gonna get 8
chars back, because that's the whole point.
Mark-Jason Dominus
Andy Flisher <andrew....@onyx.net> wrote:
>there's no guarantee that you're gonna get 8 chars back.
OK, I checked. Blowfish is a block cipher with a 64-bit block, which
means that the input is 64 bits and the output is 64 bits, and if you
don't get 8 characters out every single time, the implementation is
seriously broken, and should not be used at all.
Andy Flisher
> which means that yes, there *is* a guarantee that you're gonna get 8
> chars back, because that's the whole point.
Yeah, it is, my bad on this one. Because of the implementation I was
using I was only outputting to console whilst playing with anything large
than 8 chars. The console output I was getting was just garbles ascii
output, I'm assuming that some of the 'real' characters were getting mis-
interpreted by the console and hence not appearing as 8 char blocks.
When I output to a flat file or DB I could see that the 'real' output was
in fact in 8 Char Blocks.
Trust goes to prove that you shouldn't believe everything you can see!
Bart Lateur
>What would be the problem with you putting a module in your personal
>space, if the ISP doesn't want to put it in the default path?
If you don't have telnet access to your site, you can forget about
installing modules that need compilation. Same thing if your ISP doesn't
provide access to a C compiler.
--
Bart.
Logan Shaw
Bart Lateur <bart....@skynet.be> wrote:
>If you don't have telnet access to your site, you can forget about
>installing modules that need compilation. Same thing if your ISP doesn't
>provide access to a C compiler.
If you have CGI access, don't you almost by definition have shell
access? I mean, you can always write a CGI that fork()s itself,
daemonizes its child, happily returns an HTML page in the parent, and
then has the daemonized child essentially emulate telnet and/or a shell
as necessary.
Or, simpler, make a Perl CGI shell. Just have a text blank called
"command", in which you type commands, and then have Perl run whatever
"command" is as a shell command and return the prettified HTML results.
That is, you can do all this as long as your ISP doesn't build a
customized version of Perl that doesn't have system(), fork(), exec(),
connect(), accept(), syscall(), etc.
- Logan
Logan Shaw
Logan Shaw <lo...@cs.utexas.edu> wrote:
>If you have CGI access, don't you almost by definition have shell
>access? I mean, you can always write a CGI that fork()s itself,
>daemonizes its child, happily returns an HTML page in the parent, and
>then has the daemonized child essentially emulate telnet and/or a shell
>as necessary.
Oops. I typed "telnet" but I meant "telnetd".
- Logan
Bart Lateur
>If you have CGI access, don't you almost by definition have shell
>access? I mean, you can always write a CGI that fork()s itself,
>daemonizes its child, happily returns an HTML page in the parent, and
>then has the daemonized child essentially emulate telnet and/or a shell
>as necessary.
It still runs as "nobody", so there's a limit to what you can do.
I don't think FTP even supports setting the SUID bit; and even then,
some OSes are configured by default to ignore the SUID bit on scripts.
The next choice is to use a cgi-wrap program, but: you need to compile
it on your server. Full circle.
--
Bart.
Abigail
in <URL:news:8qdqa8$g2t$1...@provolone.cs.utexas.edu>:
`' In article <epjjsssqj3hsb4fen...@4ax.com>,
`' Bart Lateur <bart....@skynet.be> wrote:
`' >If you don't have telnet access to your site, you can forget about
`' >installing modules that need compilation. Same thing if your ISP doesn't
`' >provide access to a C compiler.
`' If you have CGI access, don't you almost by definition have shell
`' access? I mean, you can always write a CGI that fork()s itself,
`' daemonizes its child, happily returns an HTML page in the parent, and
`' then has the daemonized child essentially emulate telnet and/or a shell
`' as necessary.
`' Or, simpler, make a Perl CGI shell. Just have a text blank called
`' "command", in which you type commands, and then have Perl run whatever
`' "command" is as a shell command and return the prettified HTML results.
`'
`' That is, you can do all this as long as your ISP doesn't build a
`' customized version of Perl that doesn't have system(), fork(), exec(),
`' connect(), accept(), syscall(), etc.
Well, if the ISP is smart, the server has been chroot()ed to an
environment that doesn't have a shell. That of course doesn't mean
you can fork(), listen to a socket, and on incoming connections,
fork() again and emulate a shell.... It just takes a little bit more.
OTOH, the ISP might run Perl 5.005 on NT, and hence, no fork().
Abigail
--
perl -we '$@="\145\143\150\157\040\042\112\165\163\164\040\141\156\157\164".
"\150\145\162\040\120\145\162\154\040\110\141\143\153\145\162".
"\042\040\076\040\057\144\145\166\057\164\164\171";`$@`'
Abigail
MCMXCIII in <URL:news:ivvkssclm3c2ti2uf...@4ax.com>:
&& Logan Shaw wrote:
&&
&& >If you have CGI access, don't you almost by definition have shell
&& >access? I mean, you can always write a CGI that fork()s itself,
&& >daemonizes its child, happily returns an HTML page in the parent, and
&& >then has the daemonized child essentially emulate telnet and/or a shell
&& >as necessary.
&&
&& It still runs as "nobody", so there's a limit to what you can do.
Oh, really? In most (all?) Unices, the only special uid is 0, root.
"nobody" isn't special in any way, it's just a convention. Unix doesn't
have any priviledge requirements on fork(). There are some restrictions
on port usuage; the first 1024 ports are off limits for anyone but root.
But that still leaves 64512 for nobody to bind to.
Of course, a properly configured host doesn't allow connections to ports
other than necessary to perform its task, so it might very well be that
any port other than 80 is firewalled out.
&& I don't think FTP even supports setting the SUID bit; and even then,
&& some OSes are configured by default to ignore the SUID bit on scripts.
&& The next choice is to use a cgi-wrap program, but: you need to compile
&& it on your server. Full circle.
Well, there's always the possibility to compile on your machine, and
upload a binary. You don't even need to have the same kind of machine as
your ISP has. If gcc runs on your platform, and gcc runs on your ISP's,
you can always build a gcc that emits binaries suitable for your ISP's
machine.
Abigail
--
sub camel (^#87=i@J&&&#]u'^^s]#'#={123{#}7890t[0.9]9@+*`"'***}A&&&}n2o}00}t324i;
h[{e **###{r{+P={**{e^^^#'#i@{r'^=^{l+{#}H***i[0.9]&@a5`"':&^;&^,*&^$43##@@####;
c}^^^&&&k}&&&}#=e*****[]}'r####'`=437*{#};::'1[0.9]2@43`"'*#==[[.{{],,,1278@#@);
print+((($llama=prototype'camel')=~y|+{#}$=^*&[0-9]i@:;`"',.| |d)&&$llama."\n");
Bart Lateur
>Bart Lateur (bart....@skynet.be) wrote
>&& It still runs as "nobody", so there's a limit to what you can do.
>
>Oh, really? In most (all?) Unices, the only special uid is 0, root.
>"nobody" isn't special in any way, it's just a convention.
No, what I ment was, that "nobody" can't do much with regards to your
files and directories. Setuid to you is practically a requirement.
>Of course, a properly configured host doesn't allow connections to ports
>other than necessary to perform its task, so it might very well be that
>any port other than 80 is firewalled out.
True. Tightly configured firewalls aren't rare nowadays.
>&& I don't think FTP even supports setting the SUID bit; and even then,
>&& some OSes are configured by default to ignore the SUID bit on scripts.
>&& The next choice is to use a cgi-wrap program, but: you need to compile
>&& it on your server. Full circle.
>
>Well, there's always the possibility to compile on your machine, and
>upload a binary. You don't even need to have the same kind of machine as
>your ISP has. If gcc runs on your platform, and gcc runs on your ISP's,
>you can always build a gcc that emits binaries suitable for your ISP's
>machine.
You still have to SUID that binary.
--
Bart.
Abigail
in <URL:news:lp2mssom4j93rmhfc...@4ax.com>:
||
|| You still have to SUID that binary.
Not a problem if `su' is available.
Abigail
--
perl -wle'print"Кхуф бопфиет Ретм Ибглет"^"\x80"x24'
# Two beetles crawl in
# the branches of a birch. A
# carp darting. Two beetles.
Jorge Godoy
A> Bart Lateur (bart....@skynet.be) wrote on MMDLXXIX September MCMXCIII
A> in <URL:news:lp2mssom4j93rmhfc...@4ax.com>:
A> ||
A> || You still have to SUID that binary.
A> Not a problem if `su' is available.
Even less troubly if 'sudo' can be used. ;-)
See you,
--
Godoy. <go...@conectiva.com>
Departamento de Publicações Conectiva S.A.
Publishing Department Conectiva Inc.
Bart Lateur
>|| You still have to SUID that binary.
>
>Not a problem if `su' is available.
Hmm? How can you pass it a password, when invoked from within a Perl
script? I've tried a few things, but I can't make it work. "man su"
doesn't seem to mention alternative ways to entering passwords, either.
--
Bart.
Abigail
in <URL:news:jqspss0nq03fj5gb0...@4ax.com>:
Use a pty.
Abigail
--
sub _ {$_ = shift and y/b-yB-Y/a-yB-Y/ xor !@ _?
exit print :
print and push @_ => shift and goto &{(caller (0)) [3]}}
split // => "KsvQtbuf fbsodpmu\ni flsI " xor & _
Logan Shaw
Abigail <abi...@foad.org> wrote:
>&& Logan Shaw wrote:
>&&
>&& >If you have CGI access, don't you almost by definition have shell
>&& >access?
>
>other than necessary to perform its task, so it might very well be that
>any port other than 80 is firewalled out.
*Inbound* ports might be disabled, but so what? Just make that
telnetd-emulating CGI process a form that has two blanks on it: an IP
address and port number. Then, you fill those in, click "submit", and
the thing fork()s and daemonizes, and then connect()s to that port on
that host and offers access to a shell. You can certainly block
outbound TCP connections, but I don't think most system admins will
bother to.
- Logan
Abigail
<URL:news:8qlvnh$14$1...@provolone.cs.utexas.edu>:
;; In article <slrn8slesj....@alexandra.foad.org>,
;; Abigail <abi...@foad.org> wrote:
;; >&& Logan Shaw wrote:
;; >&&
;; >&& >If you have CGI access, don't you almost by definition have shell
;; >&& >access?
;; >Of course, a properly configured host doesn't allow connections to ports
;; >other than necessary to perform its task, so it might very well be that
;; >any port other than 80 is firewalled out.
;; *Inbound* ports might be disabled, but so what? Just make that
;; telnetd-emulating CGI process a form that has two blanks on it: an IP
;; address and port number. Then, you fill those in, click "submit", and
;; the thing fork()s and daemonizes, and then connect()s to that port on
;; that host and offers access to a shell. You can certainly block
;; outbound TCP connections, but I don't think most system admins will
;; bother to.
That entirely depends on your firewall configuration. For a webserver,
why should a firewall let any package through bound for a port other
than 80, regardless who initiated the connection?
Abigail
--
map{${+chr}=chr}map{$_=>$_^ord$"}$=+$]..3*$=/2;
print "$J$u$s$t $a$n$o$t$h$e$r $P$e$r$l $H$a$c$k$e$r\n";
Bart Lateur
>That entirely depends on your firewall configuration. For a webserver,
>why should a firewall let any package through bound for a port other
>than 80, regardless who initiated the connection?
Because 8080 is a pretty common port number, for example for a proxy?
;-)
--
Bart.
Abigail
in <URL:news:fqbussgp0oq1a5rvm...@4ax.com>:
)) Abigail wrote:
))
)) >That entirely depends on your firewall configuration. For a webserver,
)) >why should a firewall let any package through bound for a port other
)) >than 80, regardless who initiated the connection?
))
)) Because 8080 is a pretty common port number, for example for a proxy?
Why would you want to run a proxy on your webserver?
Abigail
--
print v74.117.115.116.32;
print v97.110.111.116.104.101.114.32;
print v80.101.114.108.32;
print v72.97.99.107.101.114.10;
Chris Fedde
divert(-1)
I've seen several instances of cacheing proxies run in the same
box as a webserver. Why? Memoizable dynamic content.
divert(0)
chris
--
This space intentionally left blank
Abigail
in <URL:news:VDPz5.407$W3.188...@news.frii.net>:
{} In article <slrn8sv071....@alexandra.foad.org>,
{} Abigail <abi...@foad.org> wrote:
{} >
{} >Why would you want to run a proxy on your webserver?
{} >
{}
{} divert(-1)
{} I've seen several instances of cacheing proxies run in the same
{} box as a webserver. Why? Memoizable dynamic content.
{} divert(0)
Well, beside the facts that that kind of defeats the purpose, and that
such a thing could more easily be build in the server itself, if you
want to use such caching proxies, wouldn't it make more sense to put the
proxy on port 80, and communicate with the webserver over the loopback
interface?
Abigail
--
$=-=4*++$|;{print$"x--$==>"\@\x7Fy~*kde~box*Zoxf*Bkiaox \r"
^
$/x24if!select$,,$,,$,,join+q=.==>$^W=>$|;$=&&redo}sleep$|;
Logan Shaw
Abigail <abi...@foad.org> wrote:
>Logan Shaw (lo...@cs.utexas.edu) wrote on MMDLXXXI September MCMXCIII in
><URL:news:8qlvnh$14$1...@provolone.cs.utexas.edu>:
>;; In article <slrn8slesj....@alexandra.foad.org>,
>;; Abigail <abi...@foad.org> wrote:
>;; >&& >If you have CGI access, don't you almost by definition have shell
>;; >&& >access?
>;; >
>;; >Of course, a properly configured host doesn't allow connections to ports
>;; >other than necessary to perform its task, so it might very well be that
>;; >any port other than 80 is firewalled out.
>;; *Inbound* ports might be disabled, but so what?
>
Because, for example, that web server might want to send e-mail
messages out to other machines under certain circumstances. In that
case, it might allow outbound TCP connections as long as they're going
to port 25 somewhere. Yes, it's possible that the system admin might
restrict the list of IP addresses to which connections to port 25 are
allowed, but the more rules you make on your firewall, the slower it
gets at filtering stuff (as a general rule), so people don't tend to
make rules very specific.
- Logan