WEB PUBLISHING'S FRONTIER
|
© copyright 2004 |
 |
Thursday, April 11, 2002 |
|
Potential Google SOAP API based Services It looks as if I've been thinking along the same line as James Snell for some time: Even better yet, allow me to create subscriptions to the google database. When the entry for a given site is updated, google gives me a ping. This could work for searches too. I send a search query with a callback address. Rather than getting results back right away, I get results back on an ongoing basis as sites are found that match the query.[Snell's Blog]Well James, with the SOAP API, you don't have to send the subscription query to Google. I'm sure a third party provider would be able to get your query, and provide the service while using the SOAP API to check on Google regularly.
As a matter of fact, I remember designing a similar service based on CGI and HTML scraping about 6 years ago. Google's performance and web services sure put a new twist on these things. |
|
Playing with the Google.Box Macro s l a m follows the latest trend, its home page now sports a 'Google Box'. Nifty, I was even able to supply \"secure perl code\" as the first macro argument, to make sure that Google would search for the string as a whole, not for separate words. |
|
French Speakers Only Can you find out which part of my previous post Google translated into French :-)) Les problèmes aiment accepter des pipes comme entrée, qui est le tour préféré d'un biscuit pour gagner la connaissance d'une exploitation du système.Right now, I can think of tons of fun ways to make use of Google's new SOAP API. 5:49:08 PM  Google It!
|
|
Securing SOAP::Lite - Addendum In my far from expert opinion, securing the open() call in HTTP::Daemon::ClientConn::sendfile would make for a more secure SOAP::Lite module. Paul Kulchenko, SOAP::Lite's author dropped me a line last night asking what I meant by the 'unprotected open() in HTTP::Daemon being less of a problem', and what he should do to fix it. Well, first let me state the obvious: if Paul fixes the module name traversal exploit in SOAP::Lite, a malicious user will no longer be able to call any loaded (by require) module from his remote code. It's thus far less likely that he will gain access to HTTP::Daemon::ClientConn::sendfile. So why worry ? Because security works in layers. Fixing 2 holes is always safer than fixing one, you never know where the next exploit will come from. Second: sendfile, as part of HTTP::Daemon, was authored by Gisle Aas. Gisle was one of ActiveState senior developers the last time I checked. Maybe he should get involved, if he's not already. He is no doubt far better qualified than I am. Now what's wrong with sendfile after all ? Our friend 'stealth' has noticed that it makes a straight call to Perl's open() function. Look at the code fragment he gives in his story : $soap->call("X:HTTP::Daemon::ClientConn::send_file" => "|/bin/ps");
Scary. That's because, according to the Linux Secure-Programs-HOWTO,The perl open() function comes with, frankly, "way too much magic" for most secure programs; it interprets text that, if not carefully filtered, can create lots of security problems.Problems like accepting pipes as input, which is a cracker's favorite trick to gain knowledge of a system operation. The traditional workaround for this is to use sysopen() instead of open(), which gives more fine grained control on what the open logic does, closer to a C library open actually.
There are probably other more clever / modern ways of doing this. That's for Paul and Gisle do decide. |
|
Jon Udell Cuts Through RSS Description
I know that truncating RSS items has been on top of his wish list for some time. Publishing in a heads / decks / stories format is one of his memes. Jon, this last link possibly is an opmlRendered intrusion into your work, I'll remove it if you wish. Heads and decks are also one of my pet subjects, so I think Jon's modification will soon find its way into s l a m. Since I'm sometimes using titles to link to a different place than the post itself (Radio's default setting), I'll probably add a Read more... link at the end of the first sentence, a la Slashdot. And of course, since Jon describes his hack as 'completely non-kosher', I'll wait for the Radio Beth Din to come up with the appropriate callback.
... Well, it didn't take long :-) Browsing s l a m 's home page in search of new reader comments, I ran into the latest extract from Dave's instant outline (opmlRender is sometimes surprising). Dave added some further observations in this morning's Scripting News. |
|
About s l a m... My original idea for developing this site was to keep well below radar coverage, that is until I was ready to launch. Dave made me modify my plans in a hurry yesterday morning.
Well, it's nice to have company :-) For readers who may be wondering what I'm up to, here is a short explanation. No doubt it will change over time, so I've placed a link in the home section of s l a m 's sidebar. |
| April 2002 | ||||||
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | ||||
| Mar May | ||||||
last updated: 3/20/04; 5:21:59 PM.
