installing from CPAN without root
Saturday 14 August 2010 @ 7:20 pm

I found this nice site, that takes you step by step through installing perl modules without root access, using local::lib

Enjoy 🙂

Comments (0) - Posted in cpan by  

Microsoft bots made DDoS on CPAN
Wednesday 17 February 2010 @ 7:49 am

Bing’s (a Microsoft search engine 🙂 ) bots made something DDoS-like on CPAN site. Why? It may be either error (“Never attribute to malice what can be easily explained by stupidity.”) or something made on purpose (for conspiracy theories fans).

Quote form CPAN Testers blog (more details):

If you’ve suffered any problems accessing any of the sites, the databases, the CPAN mirror, etc. from the CPAN Testers server last night, please direct your wrath at Microsoft. Last night the msnbot took out the CPAN Testers server with a dedicated denial of service attack. As a consequence measures are now being put in place to completely ban the msnbot from accessing at least the Reports site, and probably all the sites on the server.

Perl testers  pointed out that msnbot does not obey robots.txt file.

Comments (1) - Posted in cpan by  

Website authorization – my solution
Wednesday 11 November 2009 @ 6:37 am

I wrote about wondering how to make “login” to a dynamic website in Perl. The best solution advised by was to make a temporary token: “cookie with an authorization token. Store the token in the database along with an expiration time separate of the cookie. The token should be random generated and completely seperate from the password but handed out when the password is validated. This is the best case;”, but it was overshot for now, so I settled up for this scheme:

Whan user registers, his password is stored as md5 digest in database. Salt is generated – string of eight random letters, numbers etc.I use Crypt::PasswdMD5 qw(unix_md5_crypt);

When user logs in, password is checked-  crypted using crypted pass from database as salt:

if ( $cryptedpassword eq unix_md5_crypt($password, $cryptedpassword)) {

and if it is ok, cookie is stored with user ID and crypted password.

The cookie is then checked on every page, whether it contains the crypted password from database.

Well, this is my idea of doing it for now, already implemented, I feel a bit unease about that – what is the point of crypting password and storing it crypted, as it really matters whether the pass from cookie is equal to pass in database – it could be not crypted and it would work the same way.

The only advantage is that the password is not stored in cookie – but it is not needed, as just the digest is needed to pretend to be logged in.

What do you think?

Comments (4) - Posted in cpan,work by  

My stuff on CPAN
Sunday 15 June 2008 @ 12:12 pm

Well, whis is very small input, but now I am proud to have something on CPAN:

( you may see there: Thanks to Lech Baczynski for dump_fortunes. )

The code I sent to Luke was somewhat different that the code he included, but anyway, I am proud 😉

Comments (0) - Posted in cpan by