FORM POST submission

Discussion in 'Perl Misc' started by Cognition Peon, Feb 19, 2004.

  1. Hi,

    I have followed the example in the perlfaq to automate
    a post form submission:

    #!/usr/bin/perl

    use HTTP::Request::Common qw(POST);
    use LWP::UserAgent;

    $ua = LWP::UserAgent->new();
    my $req = POST 'http://68.0.148.101:8055/login.html',
    [ userid => 'File', password => 'pass'];
    $content = $ua->request($req)->as_string;

    HTML for the form is in the following file
    http://68.0.148.101:8055/login.html

    upon submission it must goto
    http://68.0.148.101:8055/index.html

    I am expecting the $content variable to have
    the content of index.html but its getting login.html

    I didn't find anybody who had similar problem.. and
    its quite frustrating because it is a very simple
    form submission page.

    Thanks,
    Prakash.

    --
    echo | perl -pe 'y/a-z/n-za-m/'

    Off the keyboard, over the bridge, past the hub, thru the
    router, down the line, ....nothing but net!!
    -------------------------------------
    Printed using 100% recycled electrons
    Cognition Peon, Feb 19, 2004
    #1
    1. Advertising

  2. If you will check source of http://68.0.148.101:8055/login.html
    you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
    but 'http://68.0.148.101:8055/index.html'


    my $req = POST 'http://68.0.148.101:8055/index.html',
    [ userid => 'File', password => 'pass'];



    Cognition Peon wrote:
    > Hi,
    >
    > I have followed the example in the perlfaq to automate
    > a post form submission:
    >
    > #!/usr/bin/perl
    >
    > use HTTP::Request::Common qw(POST);
    > use LWP::UserAgent;
    >
    > $ua = LWP::UserAgent->new();
    > my $req = POST 'http://68.0.148.101:8055/login.html',
    > [ userid => 'File', password => 'pass'];
    > $content = $ua->request($req)->as_string;
    >
    > HTML for the form is in the following file
    > http://68.0.148.101:8055/login.html
    >
    > upon submission it must goto
    > http://68.0.148.101:8055/index.html
    >
    > I am expecting the $content variable to have
    > the content of index.html but its getting login.html
    >
    > I didn't find anybody who had similar problem.. and
    > its quite frustrating because it is a very simple
    > form submission page.
    >
    > Thanks,
    > Prakash.
    >
    Andrew V. Tkachenko, Feb 20, 2004
    #2
    1. Advertising

  3. Gregory Toomey, Feb 20, 2004
    #3
  4. I'm not sure its a good idea to pass passwords through GET method. They
    may be viewed in log files either by admin or by successfull hacker :)
    Also, in our case putting GET instead of POST looks like a dirty hack :)



    Gregory Toomey wrote:
    > Andrew V. Tkachenko wrote:
    >
    >
    >>If you will check source of http://68.0.148.101:8055/login.html
    >>you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
    >>but 'http://68.0.148.101:8055/index.html'
    >>
    >>
    >>my $req = POST 'http://68.0.148.101:8055/index.html',
    >> [ userid => 'File', password => 'pass'];
    >>

    >
    >
    > And even its it its POST, you can often get away with
    > http://68.0.148.101:8055/index.html?userid=XXX&password=YYYY
    >
    > gtoomey
    Andrew V. Tkachenko, Feb 20, 2004
    #4
  5. Heh. forget it. POST queries are also visible in logs .

    Andrew V. Tkachenko wrote:
    > I'm not sure its a good idea to pass passwords through GET method. They
    > may be viewed in log files either by admin or by successfull hacker :)
    > Also, in our case putting GET instead of POST looks like a dirty hack :)
    >
    >
    >
    > Gregory Toomey wrote:
    >
    >> Andrew V. Tkachenko wrote:
    >>
    >>
    >>> If you will check source of http://68.0.148.101:8055/login.html
    >>> you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
    >>> but 'http://68.0.148.101:8055/index.html'
    >>>
    >>>
    >>> my $req = POST 'http://68.0.148.101:8055/index.html',
    >>> [ userid => 'File', password => 'pass'];
    >>>

    >>
    >>
    >> And even its it its POST, you can often get away with
    >> http://68.0.148.101:8055/index.html?userid=XXX&password=YYYY
    >>
    >> gtoomey

    >
    >
    Andrew V. Tkachenko, Feb 20, 2004
    #5
  6. Thanks for your response... but I always thought that action should point
    to the page where form data will be submitted to.. Upon submission I want
    the login.html page to goto index.html

    you can test its behaviour at http://68.0.148.101:8055/login.html
    it goes to index.html upon entering a random username and password.

    Thanks.
    Prakash.

    Tomorrow, IP packets from Andrew V. Tkachenko delivered:

    >
    > If you will check source of http://68.0.148.101:8055/login.html
    > you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
    > but 'http://68.0.148.101:8055/index.html'
    >
    >
    > my $req = POST 'http://68.0.148.101:8055/index.html',
    > [ userid => 'File', password => 'pass'];
    >
    >
    >
    > Cognition Peon wrote:
    > > Hi,
    > >
    > > I have followed the example in the perlfaq to automate
    > > a post form submission:
    > >
    > > #!/usr/bin/perl
    > >
    > > use HTTP::Request::Common qw(POST);
    > > use LWP::UserAgent;
    > >
    > > $ua = LWP::UserAgent->new();
    > > my $req = POST 'http://68.0.148.101:8055/login.html',
    > > [ userid => 'File', password => 'pass'];
    > > $content = $ua->request($req)->as_string;
    > >
    > > HTML for the form is in the following file
    > > http://68.0.148.101:8055/login.html
    > >
    > > upon submission it must goto
    > > http://68.0.148.101:8055/index.html
    > >
    > > I am expecting the $content variable to have
    > > the content of index.html but its getting login.html
    > >
    > > I didn't find anybody who had similar problem.. and
    > > its quite frustrating because it is a very simple
    > > form submission page.
    > >
    > > Thanks,
    > > Prakash.
    > >

    >
    >


    --
    echo | perl -pe 'y/a-z/n-za-m/'

    Fashion is a form of ugliness so intolerable that we have
    to alter it every six months. -- Oscar Wilde (1854 - 1900)
    -------------------------------------
    Printed using 100% recycled electrons
    Cognition Peon, Feb 20, 2004
    #6
  7. Please ignore my last question.. Thanks for the help.. Now I understood
    after testing it on apage which accepts form variables submitted from
    login.html

    Thanks,
    prakash

    6:22pm, IP packets from Cognition Peon delivered:

    >
    > Thanks for your response... but I always thought that action should point
    > to the page where form data will be submitted to.. Upon submission I want
    > the login.html page to goto index.html
    >
    > you can test its behaviour at http://68.0.148.101:8055/login.html
    > it goes to index.html upon entering a random username and password.
    >
    > Thanks.
    > Prakash.
    >
    > Tomorrow, IP packets from Andrew V. Tkachenko delivered:
    >
    > >
    > > If you will check source of http://68.0.148.101:8055/login.html
    > > you will see that 'action' is not 'http://68.0.148.101:8055/login.html'
    > > but 'http://68.0.148.101:8055/index.html'
    > >
    > >
    > > my $req = POST 'http://68.0.148.101:8055/index.html',
    > > [ userid => 'File', password => 'pass'];
    > >
    > >
    > >
    > > Cognition Peon wrote:
    > > > Hi,
    > > >
    > > > I have followed the example in the perlfaq to automate
    > > > a post form submission:
    > > >
    > > > #!/usr/bin/perl
    > > >
    > > > use HTTP::Request::Common qw(POST);
    > > > use LWP::UserAgent;
    > > >
    > > > $ua = LWP::UserAgent->new();
    > > > my $req = POST 'http://68.0.148.101:8055/login.html',
    > > > [ userid => 'File', password => 'pass'];
    > > > $content = $ua->request($req)->as_string;
    > > >
    > > > HTML for the form is in the following file
    > > > http://68.0.148.101:8055/login.html
    > > >
    > > > upon submission it must goto
    > > > http://68.0.148.101:8055/index.html
    > > >
    > > > I am expecting the $content variable to have
    > > > the content of index.html but its getting login.html
    > > >
    > > > I didn't find anybody who had similar problem.. and
    > > > its quite frustrating because it is a very simple
    > > > form submission page.
    > > >
    > > > Thanks,
    > > > Prakash.
    > > >

    > >
    > >

    >
    >


    --
    echo | perl -pe 'y/a-z/n-za-m/'

    Off the keyboard, over the bridge, past the hub, thru the
    router, down the line, ....nothing but net!!
    -------------------------------------
    Printed using 100% recycled electrons
    Cognition Peon, Feb 20, 2004
    #7
  8. Andrew V. Tkachenko wrote:

    > I'm not sure its a good idea to pass passwords through GET method. They
    > may be viewed in log files either by admin or by successfull hacker :)


    GET and POST offer the same level of security (ie none) unless you are using
    https.

    > Also, in our case putting GET instead of POST looks like a dirty hack :)


    And your solution isn't? Its just very basic html.

    BTW, there's also a syntax to supply userid & password in the URL when using
    basic authentication ie those pop up boxes the browser gives you for some
    sites. The syntax to logon would be:
    http://userid:/rest-of-url

    gtoomey
    Gregory Toomey, Feb 20, 2004
    #8
  9. Cognition Peon <> wrote:

    > HTML for the form is in the following file

    ^^^^
    > http://68.0.148.101:8055/login.html



    That is not a file spec, that is an URL.

    "resources" are not the same as "files".


    HTML for the form is at the following URL ...

    would have been accurate.


    --
    Tad McClellan SGML consulting
    Perl programming
    Fort Worth, Texas
    Tad McClellan, Feb 20, 2004
    #9
  10. On Fri, 20 Feb 2004, Gregory Toomey wrote:

    > Andrew V. Tkachenko wrote:
    >
    > > I'm not sure its a good idea to pass passwords through GET method. They
    > > may be viewed in log files either by admin or by successfull hacker :)


    There's a generic URL syntax for providing passwords as part of a URL,
    and such passwords would indeed get logged; but for the http://
    scheme, the use of this generic syntax is explicitly excluded. Basic
    authentication credentials are supposed to be provided in response to
    401 status (which in a typical browser would result in a user dialog).
    Such credentials (passwords) are NOT logged, unless the server admin
    has gone crazy.

    The above is true irrespective of GET or POST. Sure, the actual
    software implementations _do_ support supplying credentials as part of
    the URL, despite the specifications ruling them out for http://, but
    the fact that they're implemented doesn't mean it's a good idea to use
    them (except maybe for special cases such as guest:guest).

    Nevertheless, the credentials will be passed over the network "in
    clear", and are thus insecure on the end-to-end path, unless https is
    used.

    > GET and POST offer the same level of security (ie none) unless you
    > are using https.


    Even there, if some idiot server admin decided to log the passwords,
    all bets would be off. https only provides security over the network
    path. You need some other kind of authentication if it's to be proof
    against snoopers on the same machine.

    > BTW, there's also a syntax to supply userid & password in the URL when using
    > basic authentication ie those pop up boxes the browser gives you for some
    > sites. The syntax to logon would be:
    > http://userid:/rest-of-url


    That's exactly the problem, and that's exactly why the http:// URL
    rules out this usage, even though it's defined in the generic URL
    syntax.

    (For URL read "URI", if you are so inclined ;-)

    ref: rfc1738 section 3.1 "Common Internet Scheme Syntax" and
    3.3 "HTTP". The latter says specifically:

    | No user name or password is allowed.

    (, not that implementers have felt themselves much constrained by this
    prohibition.)

    I think you'll find this confirmed in later RFCs.
    Alan J. Flavell, Feb 20, 2004
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    3
    Views:
    682
  2. Don Glover the younger

    ASP, FORMS, POST METHOD And Post with out form(???)

    Don Glover the younger, Jul 13, 2003, in forum: ASP General
    Replies:
    0
    Views:
    449
    Don Glover the younger
    Jul 13, 2003
  3. Jared
    Replies:
    5
    Views:
    207
    Jared
    Jul 10, 2003
  4. J. Muenchbourg
    Replies:
    0
    Views:
    356
    J. Muenchbourg
    Aug 6, 2003
  5. Chris Wood
    Replies:
    0
    Views:
    122
    Chris Wood
    Nov 22, 2003
Loading...

Share This Page