Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > cannot concatenate 'str' and 'list' objects

Reply
Thread Tools

cannot concatenate 'str' and 'list' objects

 
 
Νικόλαος Κούρας
Guest
Posts: n/a
 
      09-15-2012
Τη Σάββατο, 15 Σεπτεμβρίου 2012 5:21:22 μ.μ. UTC+3, ο χρήστης Roy Smith έγραψε:
> In article <(E-Mail Removed)>,
>
>
>
> > i see you try to extract only the 1st element of the list, i tried thattoo

>
> > but it gives me now this weird message:

>
> >

>
> > if you visit my website http://superhost.gr

>
>
>
> Do you realize that the hosting service you're using (HostGator) is so
>
> mis-configured that it is exposing your source code and credentials to
>
> the entire world?
>
>
>
> When I go to that URL, I get a page which includes the name of the CGI
>
> script you are running (/home/nikos/public_html/cgi-bin/counter.py). I
>
> can then do a GET on http://superhost.gr/~nikos/cgi-bin/counter.py, and
>
> can see your script source code, including the credentials to attach to
>
> your database:
>
>
>
> conn = MySQLdb.connect( db = 'nikos_tech', host = 'localhost', user=
>
> 'nikos_nikos', passwd = <elided>)
>
>
>
> How to properly configure a web server is way beyond the scope of this
>
> mailing list, but you really need to do some research there to safeguard
>
> your own data.


I cant beleive that my source code can be seen form ANYONE this easily!!!!

I moved to HostGaot because i heard there were the best in the hosting business.....
 
Reply With Quote
 
 
 
 
Chris Angelico
Guest
Posts: n/a
 
      09-15-2012
On Sun, Sep 16, 2012 at 12:44 AM, Νικόλαος Κούρας <(E-Mail Removed)> wrote:
> Τη Σάββατο, 15 Σεπτεμβρίου 2012 5:21:22 μ.μ. UTC+3, ο χρήστης Roy Smith έγραψε:
>> Do you realize that the hosting service you're using (HostGator) is so
>> mis-configured that it is exposing your source code and credentials to
>> the entire world?

>
> I cant beleive that my source code can be seen form ANYONE this easily!!!!
>
> I moved to HostGaot because i heard there were the best in the hosting business.....


It's probably a simple misconfiguration that can be easily fixed. If
you don't yourself understand it, talk to HostGator support;
presumably you're paying them money for hosting, so they should be
both able and willing to help you sort that out.

I would recommend that you change your database password as soon as
that's done, lest someone "seize the day" and take control of your
database.

ChrisA
 
Reply With Quote
 
 
 
 
Νικόλαος Κούρας
Guest
Posts: n/a
 
      09-15-2012
in my case an .htaccess file gives redirects all html requests to /cgi-bin/counter.py by also provide as an argument to the counter.py script the initical html file request

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^/?(.+\.html) /cgi-bin/counter.py?page=$1 [L,PT,QSA]

so the latter you mentioned its not the case for me.
But iam wondering why this doesnt work on this server while on my previous host did.....
 
Reply With Quote
 
Νικόλαος Κούρας
Guest
Posts: n/a
 
      09-15-2012
in my case an .htaccess file gives redirects all html requests to /cgi-bin/counter.py by also provide as an argument to the counter.py script the initical html file request

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^/?(.+\.html) /cgi-bin/counter.py?page=$1 [L,PT,QSA]

so the latter you mentioned its not the case for me.
But iam wondering why this doesnt work on this server while on my previous host did.....
 
Reply With Quote
 
Chris Angelico
Guest
Posts: n/a
 
      09-15-2012
On Sun, Sep 16, 2012 at 12:51 AM, Νικόλαος Κούρας <(E-Mail Removed)> wrote:
> in my case an .htaccess file gives redirects all html requests to /cgi-bin/counter.py by also provide as an argument to the counter.py script the initical html file request
>
> RewriteEngine On
> RewriteCond %{REQUEST_FILENAME} -f
> RewriteRule ^/?(.+\.html) /cgi-bin/counter.py?page=$1 [L,PT,QSA]
>
> so the latter you mentioned its not the case for me.
> But iam wondering why this doesnt work on this server while on my previous host did.....


Okay, now we're getting to a possible difference. Check if this is
properly working; perhaps HostGator don't let you use the rewrite
engine in .htaccess. Make sure your .htaccess is in the right
directory, too. I just tried a quick check and was greeted with a 404
page, so the rule you describe isn't active.

ChrisA
 
Reply With Quote
 
Νικόλαος Κούρας
Guest
Posts: n/a
 
      09-15-2012
Thank i will do that, ill inform the support right away!
 
Reply With Quote
 
Νικόλαος Κούρας
Guest
Posts: n/a
 
      09-15-2012
The .htaccess file works with HostGator because the page was working all day rediecting all html requests fine to the counter.py script.

Only when i tried to post data to the text area boxes this problem made its appearance.
 
Reply With Quote
 
Roy Smith
Guest
Posts: n/a
 
      09-15-2012
In article <(E-Mail Removed)>,
Νικόλαος Κούρας <(E-Mail Removed)> wrote:

> I cant beleive that my source code can be seen form ANYONE this easily!!!!


Which is why I pointed it out. I mean no disrespect, but you appear to
be in over your head. That's fine (we're all in over our heads at some
point, that's how we learn new things), but once you're running a server
on the Internet, the consequences of your actions become much more
severe.

> I moved to HostGaot because i heard there were the best in the hosting
> business.....


The hosting business means different things to different people. At one
end, there's places like WordPress and Tumblr which hide all the details
and let you pour content into a blog with some control over styling. At
the other end, there's places like AWS, Rackspace, etc, which give you a
raw (virtual) machine, and you're free to do anything you want on it.

In between, there's paces like HostGator, which give you a slice of a
shared host, and you're free to install cgi scripts under the control of
Apache. How much you get to play with the Apache configuration probably
varies wildly from provider to provider. It looks like HostGator either
has things mis-configured to allow your /cgi-bin directory to be
visible, or allows you the ability to configure those things yourself,
and you mis-configured it.
 
Reply With Quote
 
Νικόλαος Κούρας
Guest
Posts: n/a
 
      09-15-2012
Previous webhost has the same flaw as well, look:

http://www.errorweb.gr/~nikos/cgi-bin/

giving away all my scripts.

Webhost misconfiguration in both hosts!
 
Reply With Quote
 
Chris Angelico
Guest
Posts: n/a
 
      09-15-2012
On Sun, Sep 16, 2012 at 1:06 AM, Νικόλαος Κούρας <(E-Mail Removed)> wrote:
> Previous webhost has the same flaw as well, look:
>
> http://www.errorweb.gr/~nikos/cgi-bin/
>
> giving away all my scripts.
>
> Webhost misconfiguration in both hosts!


And when I look at the scripts, I see things that do not fill me with
confidence. You appear to be reinventing the wheel, and making it
hexagonal in the process. That's not to say you shouldn't tinker with
wheel design now and then, but as Roy said, the consequences get quite
severe once you're hosting a web site to the world.

I've been guilty of the same sorts of issues myself. I was poking at
some old code today (code that dates back a few years to when I was
new to PHP and didn't know of any other way to make a dynamic web site
other than CGI) and found some pretty ridiculous coding bloopers.
Stuff that didn't stop the site's primary functionality from working,
but it sure isn't what I'd call good code. Some day I'll rewrite it
all... some day I'll have time available... anyway.

Your counter.py appears to be doing what most people do after the fact
with log-file analysis. It's usually a lot better to simply parse
Apache's log files to find out how many people view your pages, rather
than maintaining the statistics. This has a race condition in it:

# update existing visitor record if same pin and same host found
try:
cursor.execute( '''UPDATE visitors SET hits = hits + 1, agent = %s,
date = %s WHERE pin = %s AND host = %s''', (agent, date, pin, host))
except MySQLdb.Error, e:
print ( "Error %d: %s" % (e.args[0], e.args[1]) )

# insert new visitor record if above update did not affect a row
if cursor.rowcount == 0:
cursor.execute( '''INSERT INTO visitors(pin, host, hits, agent,
date) VALUES(%s, %s, %s, %s, %s)''', (pin, host, 1, agent, date) )


If two page loads simultaneously execute this code, they'll both fail
to update, and then both attempt to insert.

Also, it's extremely insecure to simply print your database errors.
Emit them to a separate log file that only you have access to, and
monitor that log while you're developing. Once you're done developing,
switch to an alert system if you can, because SQL errors should never
occur (obviously don't alert if there are specific errors that you
intend to cause and catch).

See if you can replace the whole mess of CGI scripts with flat HTML
files and AWStats. You'll have much more flexibility in hosting
company choice, less risk of security breaches, and much MUCH easier
management.

ChrisA
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Concatenate/De-Concatenate Carlos VHDL 10 10-24-2012 01:04 PM
concatenate file-like objects -> file-like object kgk Python 1 07-11-2007 06:17 AM
class objects, method objects, function objects 7stud Python 11 03-20-2007 06:05 PM
TypeError: cannot concatenate 'str' and 'NoneType' objects thompson.marisa@gmail.com Python 9 12-20-2006 08:26 PM
Concatenate datalist variables with javascript and html Luis Esteban Valencia ASP .Net 0 01-20-2005 01:57 PM



Advertisments