[cgiapp] Fw: FormKeys / Nonce

Todd Ross tar.lists at yahoo.com
Mon Jul 19 11:52:52 EDT 2010 

Oops.  Meant to send this to the list.

Is anyone successfully using CGI::Application::Plugin::ProtectCSRF?

Todd



----- Forwarded Message ----
From: Todd Ross <tar.lists at yahoo.com>
To: Michael Peters <mpeters at plusthree.com>
Sent: Mon, July 19, 2010 10:48:30 AM
Subject: Re: [cgiapp] FormKeys / Nonce


Thanks for the reference Michael.

Unfortunately, I can't even get the module installed, so it's difficult for me 
to evaluate.

[myuserid at myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> 
export 
PERL5LIB=$PERL5LIB:/home/myuserid/build/perl-addons/inst/usr/local/lib/perl5:/home/myuserid/build/perl-addons/inst/usr/local/lib/perl5/site_perl


[myuserid at myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> perl 
Makefile.PL DESTDIR=/tmp/temp_perl
Checking if your kit is complete...
Looks good
Writing Makefile for CGI::Application::Plugin::ProtectCSRF

[myuserid at myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> make

[myuserid at myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> make  
test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 
'blib/lib', 'blib/arch')" t/*.t
t/00.load.....................ok   
t/01.csrf_error...............ok   
t/02.publish_csrf_ticket......ok   
t/03.protect_csrf.............ok   
t/04.protect_csrf_error.......ok   
t/perlcritic..................skipped: Test::Perl::Critic required for testing 
PBP compliance
t/pod-coverage................ok   
t/pod.........................ok   
All tests successful.
Files=8, Tests=8,  5 wallclock secs ( 0.09 usr  0.06 sys +  1.92 cusr  0.66 csys 
=  2.73 CPU)
Result: PASS

[myuserid at myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> make 
install
Writing 
/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF/.packlist

Appending  installation info to 
/tmp/temp_perl/usr/local/lib/perl5/5.8.8/sun4-solaris/perllocal.pod

[myuserid at myunixserver:~/cgitemp/CGI-Application-Plugin-ProtectCSRF-1.01]> find  
/tmp/temp_perl
/tmp/temp_perl
/tmp/temp_perl/lib
/tmp/temp_perl/lib/perl5
/tmp/temp_perl/lib/perl5/site_perl
/tmp/temp_perl/lib/perl5/site_perl/5.8.8
/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris
/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto
/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI
/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application
/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin

/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF

/tmp/temp_perl/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF/.packlist

/tmp/temp_perl/lib/perl5/5.8.8
/tmp/temp_perl/lib/perl5/5.8.8/sun4-solaris
/tmp/temp_perl/lib/perl5/5.8.8/sun4-solaris/perllocal.pod
/tmp/temp_perl/usr
/tmp/temp_perl/usr/local
/tmp/temp_perl/usr/local/lib
/tmp/temp_perl/usr/loc al/lib/perl5
/tmp/temp_perl/usr/local/lib/perl5/site_perl
/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8
/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris
/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto
/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI
/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application

/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin

/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF

/tmp/temp_perl/usr/local/lib/perl5/site_perl/5.8.8/sun4-solaris/auto/CGI/Application/Plugin/ProtectCSRF/.packlist

/tmp/temp_perl/usr/local/lib/perl5/5.8.8
/tmp/temp_perl/usr/local/lib/perl5/5.8.8/sun4-solaris
/tmp/temp_perl/usr/local/lib/perl5/5.8.8/sun4-solaris/perllocal.pod

The distribution doesn't even install its own  modules.  CPAN makes me sad 
sometimes.

Todd




________________________________
From: Michael Peters <mpeters at plusthree.com>
To: CGI Application <cgiapp at lists.openlib.org>
Cc: Todd Ross <tar.lists at yahoo.com>
Sent: Fri, July 16, 2010 1:31:12 PM
Subject: Re: [cgiapp] FormKeys / Nonce

On 07/16/2010 02:19 PM, Todd Ross wrote:

> 1) Are there existing Nonce solutions that I might be overlooking?
> 2) What's the best way to integrate the concept into CGI::Application?
>  (Plugin?)

For both of these you should look at the CGI::Application::Plugin::ProtectCSRF 
module. It might not be exactly what you're looking for, but it should give you 
at least a basis for your own solution.

-- Michael Peters
Plus Three, LP

More information about the cgiapp mailing list