Beginning Web Development With Perl : From Novice to ... - Nabo

More documents

Recommendations

Info

70CHAPTER 3 ■ DATABASES AND PERLTroubleshooting Database InteractionMany a Perl DBI developer has been perplexed by database connectivity. Troubleshootinga database connection is no different from troubleshooting another bit of code. Well, it maybe a little different, because troubleshooting a database connection is easier! Most serverswill have a command-line interface (CLI) into the database or another means for you to testyour connection apart from the program itself.Here are some troubleshooting tips for working with database connectivity issues ina Perl program:• If a connection to a database isn’t working, the first thing you should do is examinethe amount of error reporting that you have coming from the database. Be sure thatPrintError and RaiseError are enabled, and use the or die() construct as much aspossible.• One of the most helpful debugging and troubleshooting techniques is the frequent useof simple print statements to help determine where the problem might lie. In the contextof a SQL statement, it’s very helpful to print out the statement exactly as it’s aboutto be run on the database. Doing so can help you to see that a parameter isn’t beingfilled in correctly or might help you spot another error.• On some systems, you can enable logging of all queries for certain database serverssuch as MySQL. Be careful in doing so, however, as this can lead to a massive amount oflogging and can also log potentially sensitive information, depending on what’s storedin your database.• Databases that have a CLI are especially helpful. Connect to the CLI as the same userthat you’re using for the program, and attempt to execute the same SQL statement tosee if it works. You would be surprised how many issues can be solved by connecting tothe CLI to imitate the program’s behavior in an interactive way. Refer to the documentationfor your database server to determine the syntax for connecting to the CLI.Security Considerations with Data AccessAccessing a database from a Perl program, especially one that’s on the Web, presents its own setof security risks and challenges. You most definitely don’t want to allow unauthorized access tothe database and the data it contains. This section looks at some of the risks involved and givessuggestions for mitigating those risks.Stored CredentialsOne of the most obvious risks in connecting to a database from a program is that the credentials(username and password) are stored in the program itself or within a file that the program canread for those values. Unfortunately, there’s no truly effective method for mitigating this risk. Ifyou’re running the program on a shared server, such as some web hosting provider’s server, youneed to ensure that other users cannot read the program’s code to see the password. This is usuallyeasier said than done. However, many web hosting providers now have users running in
CHAPTER 3 ■ DATABASES AND PERL 71their own chroot’ed shell, which means that the risk of another user reading your files is greatlyreduced. (For more information about chroot, see http://www.braingia.org/projects/.)Unnecessary PrivilegesThere’s always a chance that someone might get access to the credentials stored in your program.For this reason, it’s important that the user credentials stored in that file allow only theminimum amount of privileges necessary to perform the task for that program. For example,if you have one program that performs SELECT statements for a catalog and another thatupdates a shopping cart database, it’s much better to use two separate users for these programs,each with separate privileges, than to have one “super-user” with all privileges.■Tip Grant only the exact privileges necessary to perform the task at hand on only the databases (andeven tables) necessary to perform that task from only the necessary host.Having performed a number of security audits, I can’t count the number of times that I’veseen developers grant their users full privileges (with grant option in MySQL, for example).By doing so, they’ve effectively made a super-user who even has the power to add other users!I can’t think of a worse scenario than having attackers get that username and password and beable to not only control the database, but also to add hidden users for themselves to get backin later! Again, it’s important to keep privileges at a minimum and separate privileges wheneverpossible.Unsanitized Statements and InputAnother common mistake is to execute statements on a database that haven’t been properlysanitized. The DBI includes the quote() method to make sanitization easy. Employ the quote()method whenever you’ll be using a variable within a SQL statement.Putting data on the Web through a database magnifies the problem of unsanitized input.Improperly checking (or not checking at all) the input that arrives from a web form or elsewhereis only asking for trouble when the input can lead to database interaction. Be sure to untaint thedata, as discussed Chapter 1, and be sure to use the quote() method to clean the input and preventusers from executing more than they should on a database.SummaryThis chapter looked at database access through Perl. Much of the chapter was devoted to theDBI, which provides the interface into databases in Perl. The DBI uses database-dependentcode, or DBDs, to connect to various database server implementations. Much of the chapter’smaterial was not specific to web programming per se, but rather covered how to work withdatabases.
Page 3 and 4:
Beginning Web Development with Perl
Page 5 and 6:
PART 5 ■ ■ ■ Creating Web Tem
Page 8 and 9:
■CONTENTSvii■CHAPTER 4 System I
Page 10 and 11:
■CONTENTSixCreating a SOAP Listen
Page 12 and 13:
■CONTENTSxiTemplate Toolkit Synta
Page 14 and 15:
About the Author■STEVE SUEHRING i
Page 16 and 17:
AcknowledgmentsThanks to James Lee
Page 18 and 19:
xx■INTRODUCTIONThis book will use
Page 20 and 21:
CHAPTER 1■ ■ ■The CGI ModuleT
Page 22 and 23:
CHAPTER 1 ■ THE CGI MODULE 5for t
Page 24 and 25:
CHAPTER 1 ■ THE CGI MODULE 7Obvio
Page 26 and 27:
CHAPTER 1 ■ THE CGI MODULE 9exit;
Page 28 and 29:
CHAPTER 1 ■ THE CGI MODULE 11Each
Page 30 and 31:
CHAPTER 1 ■ THE CGI MODULE 13When
Page 32 and 33:
CHAPTER 1 ■ THE CGI MODULE 15Upda
Page 34 and 35:
CHAPTER 1 ■ THE CGI MODULE 17rese
Page 36 and 37: CHAPTER 1 ■ THE CGI MODULE 19prin
Page 38 and 39: CHAPTER 1 ■ THE CGI MODULE 21Sett
Page 40 and 41: CHAPTER 1 ■ THE CGI MODULE 23You
Page 42 and 43: CHAPTER 1 ■ THE CGI MODULE 25■C
Page 44 and 45: CHAPTER 1 ■ THE CGI MODULE 27No m
Page 46 and 47: CHAPTER 1 ■ THE CGI MODULE 29The
Page 48 and 49: CHAPTER 1 ■ THE CGI MODULE 31prin
Page 50 and 51: CHAPTER 1 ■ THE CGI MODULE 33Also
Page 52 and 53: CHAPTER 2■ ■ ■Popular CGI Mod
Page 54 and 55: CHAPTER 2 ■ POPULAR CGI MODULES 3
Page 66 and 67: 50CHAPTER 3 ■ DATABASES AND PERLT
Page 68 and 69: 52CHAPTER 3 ■ DATABASES AND PERLm
Page 70 and 71: 54CHAPTER 3 ■ DATABASES AND PERLl
Page 72 and 73: 56CHAPTER 3 ■ DATABASES AND PERLc
Page 74 and 75: 58CHAPTER 3 ■ DATABASES AND PERLR
Page 78 and 79: 62CHAPTER 3 ■ DATABASES AND PERLw
Page 80 and 81: 64CHAPTER 3 ■ DATABASES AND PERLA
Page 88 and 89: 72CHAPTER 3 ■ DATABASES AND PERLT
Page 90 and 91: 74CHAPTER 4 ■ SYSTEM INTERACTION
Page 92 and 93: 76CHAPTER 4 ■ SYSTEM INTERACTIONt
Page 94 and 95: 78CHAPTER 4 ■ SYSTEM INTERACTIONc
Page 96 and 97: 80CHAPTER 4 ■ SYSTEM INTERACTIONA
Page 98 and 99: 82CHAPTER 4 ■ SYSTEM INTERACTIONm
Page 100 and 101: 84CHAPTER 4 ■ SYSTEM INTERACTIONs
Page 102 and 103: 86CHAPTER 4 ■ SYSTEM INTERACTIONr
Page 104 and 105: CHAPTER 5■ ■ ■LWP ModulesLWP
Page 106 and 107: CHAPTER 5 ■ LWP MODULES 91HTTP Re
Page 108 and 109: CHAPTER 5 ■ LWP MODULES 93Get Fun
Page 110 and 111: CHAPTER 5 ■ LWP MODULES 95When ca
Page 112 and 113: CHAPTER 5 ■ LWP MODULES 97These a
Page 114 and 115: CHAPTER 5 ■ LWP MODULES 99Recall
Page 116 and 117: CHAPTER 5 ■ LWP MODULES 101which
Page 118 and 119: CHAPTER 5 ■ LWP MODULES 103For th
Page 120 and 121: CHAPTER 5 ■ LWP MODULES 105Obviou
Page 122 and 123: 108CHAPTER 6 ■ NET:: TOOLSCreatin
Page 124 and 125: 110CHAPTER 6 ■ NET:: TOOLSThe out
Page 126 and 127: 112CHAPTER 6 ■ NET:: TOOLSmy $pop
Page 128 and 129: 114CHAPTER 6 ■ NET:: TOOLSthe POP
Page 130 and 131: 116CHAPTER 6 ■ NET:: TOOLS($messa
Page 132 and 133: 118CHAPTER 6 ■ NET:: TOOLSListing
Page 134 and 135: 120CHAPTER 6 ■ NET:: TOOLSFor the
Page 136 and 137:
122CHAPTER 6 ■ NET:: TOOLSNet::SM
Page 138 and 139:
124CHAPTER 6 ■ NET:: TOOLS$smtpco
Page 140 and 141:
126CHAPTER 6 ■ NET:: TOOLSuse Net
Page 142 and 143:
128CHAPTER 6 ■ NET:: TOOLSListing
Page 144 and 145:
130CHAPTER 6 ■ NET:: TOOLSFor exa
Page 146 and 147:
132CHAPTER 6 ■ NET:: TOOLSSending
Page 148 and 149:
PART 3■ ■ ■XML and RSS
Page 150 and 151:
138CHAPTER 7 ■ SOAP-BASED WEB SER
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
154CHAPTER 8 ■ PERL AND RSSFigure
Page 168 and 169:
156CHAPTER 8 ■ PERL AND RSShttp:/
Page 170 and 171:
158CHAPTER 8 ■ PERL AND RSSDebugg
Page 172 and 173:
160CHAPTER 8 ■ PERL AND RSS$rsswr
Page 174 and 175:
162CHAPTER 8 ■ PERL AND RSSListin
Page 176 and 177:
CHAPTER 9■ ■ ■XML Parsing wit
Page 178 and 179:
CHAPTER 9 ■ XML PARSING WITH PERL
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
PART 4■ ■ ■PerformanceEnhance
Page 194 and 195:
184CHAPTER 10 ■ APACHE AND MOD_PE
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
202CHAPTER 11 ■ DEVELOPMENT WITH
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
CHAPTER 12■ ■ ■The Template T
Page 244 and 245:
CHAPTER 12 ■ THE TEMPLATE TOOLKIT
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
CHAPTER 13■ ■ ■Perl Web Sites
Page 274 and 275:
CHAPTER 13 ■ PERL WEB SITES WITH
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
284APPENDIX ■ PERL BASICSKeywords
Page 294 and 295:
286APPENDIX ■ PERL BASICS$ perl n
Page 296 and 297:
288APPENDIX ■ PERL BASICSAnd line
Page 298 and 299:
290APPENDIX ■ PERL BASICSCan you
Page 300 and 301:
292APPENDIX ■ PERL BASICSBy defau
Page 302 and 303:
294APPENDIX ■ PERL BASICS#!/usr/b
Page 304 and 305:
296APPENDIX ■ PERL BASICSThe last
Page 306 and 307:
298APPENDIX ■ PERL BASICSThe NOT
Page 308 and 309:
300APPENDIX ■ PERL BASICSprint "S
Page 310 and 311:
302APPENDIX ■ PERL BASICSthe syst
Page 312 and 313:
304APPENDIX ■ PERL BASICS$ perl s
Page 314 and 315:
306APPENDIX ■ PERL BASICSThis cod
Page 316 and 317:
308APPENDIX ■ PERL BASICS$a = 6 *
Page 318 and 319:
310APPENDIX ■ PERL BASICS$a = "A9
Page 320 and 321:
312APPENDIX ■ PERL BASICS#!/usr/b
Page 322 and 323:
314APPENDIX ■ PERL BASICSmy $name
Page 324 and 325:
316APPENDIX ■ PERL BASICSis short
Page 326 and 327:
318APPENDIX ■ PERL BASICSLet’s
Page 328 and 329:
320APPENDIX ■ PERL BASICSOther Te
Page 330 and 331:
322APPENDIX ■ PERL BASICS}}}actio
Page 332 and 333:
324APPENDIX ■ PERL BASICSNotice t
Page 334 and 335:
326APPENDIX ■ PERL BASICSLooping
Page 336 and 337:
328APPENDIX ■ PERL BASICSuse stri
Page 338 and 339:
330APPENDIX ■ PERL BASICSuntil ($
Page 340 and 341:
332APPENDIX ■ PERL BASICSuse stri
Page 342 and 343:
334APPENDIX ■ PERL BASICSdoneAll
Page 344 and 345:
336APPENDIX ■ PERL BASICS$ perl r
Page 346 and 347:
338APPENDIX ■ PERL BASICSSummaryT
Page 348 and 349:
340■INDEXmethods for retrieving r
Page 350 and 351:
342■INDEXdo() method for, 62dumpi
Page 352 and 353:
344■INDEXhello option for Net::SM
Page 354 and 355:
346■INDEXNet::DNS module, 125-128
Page 356 and 357:
348■INDEXrecord with Net::DNS mod
Page 358 and 359:
350■INDEXstoring mail server in e
Page 360 and 361:
352■INDEXlogging based on, 229pri
show all

Beginning Web Development With Perl : From Novice to ... - Nabo

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?