Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > FORM POST submission

Reply
Thread Tools

FORM POST submission

 
 
Cognition Peon
Guest
Posts: n/a
 
      02-19-2004

Hi,

I have followed the example in the perlfaq to automate
a post form submission:

#!/usr/bin/perl

use HTTP::Request::Common qw(POST);
use LWP::UserAgent;

$ua = LWP::UserAgent->new();
my $req = POST 'http://68.0.148.101:8055/login.html',
[ userid => 'File', password => 'pass'];
$content = $ua->request($req)->as_string;

HTML for the form is in the following file
http://68.0.148.101:8055/login.html

upon submission it must goto
http://68.0.148.101:8055/index.html

I am expecting the $content variable to have
the content of index.html but its getting login.html

I didn't find anybody who had similar problem.. and
its quite frustrating because it is a very simple
form submission page.

Thanks,
Prakash.

--
echo http://www.velocityreviews.com/forums/(E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'

Off the keyboard, over the bridge, past the hub, thru the
router, down the line, ....nothing but net!!
-------------------------------------
Printed using 100% recycled electrons
 
Reply With Quote
 
 
 
 
Andrew V. Tkachenko
Guest
Posts: n/a
 
      02-20-2004

If you will check source of http://68.0.148.101:8055/login.html
you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
but 'http://68.0.148.101:8055/index.html'


my $req = POST 'http://68.0.148.101:8055/index.html',
[ userid => 'File', password => 'pass'];



Cognition Peon wrote:
> Hi,
>
> I have followed the example in the perlfaq to automate
> a post form submission:
>
> #!/usr/bin/perl
>
> use HTTP::Request::Common qw(POST);
> use LWP::UserAgent;
>
> $ua = LWP::UserAgent->new();
> my $req = POST 'http://68.0.148.101:8055/login.html',
> [ userid => 'File', password => 'pass'];
> $content = $ua->request($req)->as_string;
>
> HTML for the form is in the following file
> http://68.0.148.101:8055/login.html
>
> upon submission it must goto
> http://68.0.148.101:8055/index.html
>
> I am expecting the $content variable to have
> the content of index.html but its getting login.html
>
> I didn't find anybody who had similar problem.. and
> its quite frustrating because it is a very simple
> form submission page.
>
> Thanks,
> Prakash.
>


 
Reply With Quote
 
 
 
 
Gregory Toomey
Guest
Posts: n/a
 
      02-20-2004
Andrew V. Tkachenko wrote:

>
> If you will check source of http://68.0.148.101:8055/login.html
> you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
> but 'http://68.0.148.101:8055/index.html'
>
>
> my $req = POST 'http://68.0.148.101:8055/index.html',
> [ userid => 'File', password => 'pass'];
>


And even its it its POST, you can often get away with
http://68.0.148.101:8055/index.html?...&password=YYYY

gtoomey
 
Reply With Quote
 
Andrew V. Tkachenko
Guest
Posts: n/a
 
      02-20-2004
I'm not sure its a good idea to pass passwords through GET method. They
may be viewed in log files either by admin or by successfull hacker
Also, in our case putting GET instead of POST looks like a dirty hack



Gregory Toomey wrote:
> Andrew V. Tkachenko wrote:
>
>
>>If you will check source of http://68.0.148.101:8055/login.html
>>you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
>>but 'http://68.0.148.101:8055/index.html'
>>
>>
>>my $req = POST 'http://68.0.148.101:8055/index.html',
>> [ userid => 'File', password => 'pass'];
>>

>
>
> And even its it its POST, you can often get away with
> http://68.0.148.101:8055/index.html?...&password=YYYY
>
> gtoomey


 
Reply With Quote
 
Andrew V. Tkachenko
Guest
Posts: n/a
 
      02-20-2004
Heh. forget it. POST queries are also visible in logs .

Andrew V. Tkachenko wrote:
> I'm not sure its a good idea to pass passwords through GET method. They
> may be viewed in log files either by admin or by successfull hacker
> Also, in our case putting GET instead of POST looks like a dirty hack
>
>
>
> Gregory Toomey wrote:
>
>> Andrew V. Tkachenko wrote:
>>
>>
>>> If you will check source of http://68.0.148.101:8055/login.html
>>> you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
>>> but 'http://68.0.148.101:8055/index.html'
>>>
>>>
>>> my $req = POST 'http://68.0.148.101:8055/index.html',
>>> [ userid => 'File', password => 'pass'];
>>>

>>
>>
>> And even its it its POST, you can often get away with
>> http://68.0.148.101:8055/index.html?...&password=YYYY
>>
>> gtoomey

>
>


 
Reply With Quote
 
Cognition Peon
Guest
Posts: n/a
 
      02-20-2004

Thanks for your response... but I always thought that action should point
to the page where form data will be submitted to.. Upon submission I want
the login.html page to goto index.html

you can test its behaviour at http://68.0.148.101:8055/login.html
it goes to index.html upon entering a random username and password.

Thanks.
Prakash.

Tomorrow, IP packets from Andrew V. Tkachenko delivered:

>
> If you will check source of http://68.0.148.101:8055/login.html
> you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
> but 'http://68.0.148.101:8055/index.html'
>
>
> my $req = POST 'http://68.0.148.101:8055/index.html',
> [ userid => 'File', password => 'pass'];
>
>
>
> Cognition Peon wrote:
> > Hi,
> >
> > I have followed the example in the perlfaq to automate
> > a post form submission:
> >
> > #!/usr/bin/perl
> >
> > use HTTP::Request::Common qw(POST);
> > use LWP::UserAgent;
> >
> > $ua = LWP::UserAgent->new();
> > my $req = POST 'http://68.0.148.101:8055/login.html',
> > [ userid => 'File', password => 'pass'];
> > $content = $ua->request($req)->as_string;
> >
> > HTML for the form is in the following file
> > http://68.0.148.101:8055/login.html
> >
> > upon submission it must goto
> > http://68.0.148.101:8055/index.html
> >
> > I am expecting the $content variable to have
> > the content of index.html but its getting login.html
> >
> > I didn't find anybody who had similar problem.. and
> > its quite frustrating because it is a very simple
> > form submission page.
> >
> > Thanks,
> > Prakash.
> >

>
>


--
echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'

Fashion is a form of ugliness so intolerable that we have
to alter it every six months. -- Oscar Wilde (1854 - 1900)
-------------------------------------
Printed using 100% recycled electrons
 
Reply With Quote
 
Cognition Peon
Guest
Posts: n/a
 
      02-20-2004

Please ignore my last question.. Thanks for the help.. Now I understood
after testing it on apage which accepts form variables submitted from
login.html

Thanks,
prakash

6:22pm, IP packets from Cognition Peon delivered:

>
> Thanks for your response... but I always thought that action should point
> to the page where form data will be submitted to.. Upon submission I want
> the login.html page to goto index.html
>
> you can test its behaviour at http://68.0.148.101:8055/login.html
> it goes to index.html upon entering a random username and password.
>
> Thanks.
> Prakash.
>
> Tomorrow, IP packets from Andrew V. Tkachenko delivered:
>
> >
> > If you will check source of http://68.0.148.101:8055/login.html
> > you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
> > but 'http://68.0.148.101:8055/index.html'
> >
> >
> > my $req = POST 'http://68.0.148.101:8055/index.html',
> > [ userid => 'File', password => 'pass'];
> >
> >
> >
> > Cognition Peon wrote:
> > > Hi,
> > >
> > > I have followed the example in the perlfaq to automate
> > > a post form submission:
> > >
> > > #!/usr/bin/perl
> > >
> > > use HTTP::Request::Common qw(POST);
> > > use LWP::UserAgent;
> > >
> > > $ua = LWP::UserAgent->new();
> > > my $req = POST 'http://68.0.148.101:8055/login.html',
> > > [ userid => 'File', password => 'pass'];
> > > $content = $ua->request($req)->as_string;
> > >
> > > HTML for the form is in the following file
> > > http://68.0.148.101:8055/login.html
> > >
> > > upon submission it must goto
> > > http://68.0.148.101:8055/index.html
> > >
> > > I am expecting the $content variable to have
> > > the content of index.html but its getting login.html
> > >
> > > I didn't find anybody who had similar problem.. and
> > > its quite frustrating because it is a very simple
> > > form submission page.
> > >
> > > Thanks,
> > > Prakash.
> > >

> >
> >

>
>


--
echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'

Off the keyboard, over the bridge, past the hub, thru the
router, down the line, ....nothing but net!!
-------------------------------------
Printed using 100% recycled electrons
 
Reply With Quote
 
Gregory Toomey
Guest
Posts: n/a
 
      02-20-2004
Andrew V. Tkachenko wrote:

> I'm not sure its a good idea to pass passwords through GET method. They
> may be viewed in log files either by admin or by successfull hacker


GET and POST offer the same level of security (ie none) unless you are using
https.

> Also, in our case putting GET instead of POST looks like a dirty hack


And your solution isn't? Its just very basic html.

BTW, there's also a syntax to supply userid & password in the URL when using
basic authentication ie those pop up boxes the browser gives you for some
sites. The syntax to logon would be:
http://userid(E-Mail Removed)/rest-of-url

gtoomey



 
Reply With Quote
 
Tad McClellan
Guest
Posts: n/a
 
      02-20-2004
Cognition Peon <(E-Mail Removed)> wrote:

> HTML for the form is in the following file

^^^^
> http://68.0.148.101:8055/login.html



That is not a file spec, that is an URL.

"resources" are not the same as "files".


HTML for the form is at the following URL ...

would have been accurate.


--
Tad McClellan SGML consulting
(E-Mail Removed) Perl programming
Fort Worth, Texas
 
Reply With Quote
 
Alan J. Flavell
Guest
Posts: n/a
 
      02-20-2004
On Fri, 20 Feb 2004, Gregory Toomey wrote:

> Andrew V. Tkachenko wrote:
>
> > I'm not sure its a good idea to pass passwords through GET method. They
> > may be viewed in log files either by admin or by successfull hacker


There's a generic URL syntax for providing passwords as part of a URL,
and such passwords would indeed get logged; but for the http://
scheme, the use of this generic syntax is explicitly excluded. Basic
authentication credentials are supposed to be provided in response to
401 status (which in a typical browser would result in a user dialog).
Such credentials (passwords) are NOT logged, unless the server admin
has gone crazy.

The above is true irrespective of GET or POST. Sure, the actual
software implementations _do_ support supplying credentials as part of
the URL, despite the specifications ruling them out for http://, but
the fact that they're implemented doesn't mean it's a good idea to use
them (except maybe for special cases such as guest:guest).

Nevertheless, the credentials will be passed over the network "in
clear", and are thus insecure on the end-to-end path, unless https is
used.

> GET and POST offer the same level of security (ie none) unless you
> are using https.


Even there, if some idiot server admin decided to log the passwords,
all bets would be off. https only provides security over the network
path. You need some other kind of authentication if it's to be proof
against snoopers on the same machine.

> BTW, there's also a syntax to supply userid & password in the URL when using
> basic authentication ie those pop up boxes the browser gives you for some
> sites. The syntax to logon would be:
> http://userid(E-Mail Removed)/rest-of-url


That's exactly the problem, and that's exactly why the http:// URL
rules out this usage, even though it's defined in the generic URL
syntax.

(For URL read "URI", if you are so inclined

ref: rfc1738 section 3.1 "Common Internet Scheme Syntax" and
3.3 "HTTP". The latter says specifically:

| No user name or password is allowed.

(, not that implementers have felt themselves much constrained by this
prohibition.)

I think you'll find this confirmed in later RFCs.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
POST form triggers bad GET submission kirk.hedden@gmail.com HTML 3 07-15-2005 07:00 PM
Form target change affecting POST-based submission behaviour Chris Wood Javascript 0 11-22-2003 10:29 PM
Post post post. Shel-hed Computer Support 2 11-08-2003 07:41 AM
(onetime) Form Submission Leon Shaw ASP .Net 1 08-15-2003 03:15 AM
Form Submission: Final URL that has form options included ?? Jared Javascript 5 07-10-2003 10:33 AM



Advertisments