Using Perl to find what address bar says

[jwcarlton]

Can you guys think of a way, in Perl, to find what the address bar
actually says? I don't think that $ENV{'SCRIPT_NAME'} is quite the
same, because it's only going to show me what it's SUPPOSED to be.

I'm trying to find if a user is using something like anonymizer.com or
hidemyass.com, and it seems like the easiest method is to compare
$ENV{'SCRIPT_NAME'} to the address bar. I can do it in Javascript, but
I'm hoping there's a way to do it in Perl.

 

[Jürgen Exner]

Can you guys think of a way, in Perl, to find what the address bar
actually says?

Address bar? What address bar? There ain't no address bar where you run
Perl programs.

jue

 

[Scott Bryce]

Can you guys think of a way, in Perl, to find what the address bar
actually says? I don't think that $ENV{'SCRIPT_NAME'} is quite the
same, because it's only going to show me what it's SUPPOSED to be.

I'm trying to find if a user is using something like anonymizer.com
or hidemyass.com, and it seems like the easiest method is to compare
$ENV{'SCRIPT_NAME'} to the address bar. I can do it in Javascript,
but I'm hoping there's a way to do it in Perl.

I am assuming that we are talking about a Perl CGI script communicating
with a browser. As Sherm already pointed out, a script running on the
server has no way of knowing what is happening in the browser. In fact,
there does not even have to be a browser involved in the transaction.
Your script can be called in any number of different ways, not all of
which involve a browser.

 

[jwcarlton]

One

has to wonder, since the user obviously wishes to remain anonymous,
why not simply let him do so?

Can you think of a non-malicious reason why someone would want to hide
their IP address? From my experience, this only occurs when they're
trying to hack someone's account.

 

[jwcarlton]

Address bar? What address bar? There ain't no address bar where you run
Perl programs.

jue

I'm sorry, is there a web-specific newsgroup for Perl? I've been using
this one since 1995 for web-related questions, and didn't realize that
the context had changed.

 

[jwcarlton]

I am assuming that we are talking about a Perl CGI script communicating

with a browser. As Sherm already pointed out, a script running on the
server has no way of knowing what is happening in the browser. In fact,
there does not even have to be a browser involved in the transaction.
Your script can be called in any number of different ways, not all of
which involve a browser.

That's true, but I'm not so concerned about logs that aren't web-based
for this application.

Based on this, I'll just grab the info via Javascript, then use Ajax
to database it. Unfortunately, Perl is dying a little more every day
when it comes to web applications.

 

[Uri Guttman]

j> I'm sorry, is there a web-specific newsgroup for Perl? I've been using
j> this one since 1995 for web-related questions, and didn't realize that
j> the context had changed.

you aren't getting the problem. NO application behind a web server can
get info from a browser. the browser decides what to send to the
server. so if your app is in perl or anything else that runs on the
server you can't do what you want. only code running in (and i mean IN)
the browser can do that. javascript is the primary lang for that.

uri

 

[Uri Guttman]

j> That's true, but I'm not so concerned about logs that aren't web-based
j> for this application.

j> Based on this, I'll just grab the info via Javascript, then use Ajax
j> to database it. Unfortunately, Perl is dying a little more every day
j> when it comes to web applications.

this was never anything perl or ANY OTHER LANG could ever do on the
server. your lack of understanding of how web apps works is amazing.

uri

 

[Keith Keller]

Unfortunately, Perl is dying a little more every day
when it comes to web applications.

No, it's not.

--keith

 

[Jürgen Exner]

Can you think of a non-malicious reason why someone would want to hide
their IP address?

Yes, there are many legitimate reasons. Try e.g. discussing your alcohol
or drug addiction when your employer will fire you on the spot if he
finds out. Or that you are a pilot and being treated for depression. Or
"Don't ask, don't tell" as a closeted gay member in the armed forces of
the USA.

Not to mention what agencies in some other countries will potentially do
if they ever find out that _you_ did something not to their liking.
There have been many people arrested and prosecuted just because they
outed themselves on the Internet.

jue

 

[Jürgen Exner]

Most especially since he once said:

I currently own a web design firm with more than 15 employees

Must be lotsa poor folks out there who are forced to rely on the
level of "expertise" he's displayed herein...

Not surprising at all. To own a business you don't need to have any
knowledge about the subject matter. You just need the right people
working for you such that you can benefit from their expertise.

jue

 

[Scott Bryce]

Not surprising at all. To own a business you don't need to have any
knowledge about the subject matter. You just need the right people
working for you such that you can benefit from their expertise.

Or be a very convincing salesman.

 

[jwcarlton]

Most especially since he once said:

    I currently own a web design firm with more than 15 employees

Must be lotsa poor folks out there who are forced to rely on the
level of "expertise" he's displayed herein...

--
Tad McClellan
email: perl -le "print scalar reverse qq/moc.liamg\100cm.j.dat/"
The above message is a Usenet post.
I don't recall having given anyone permission to use it on a Web site.

Tad & Uri, you guys are painfully presumptuous. And more often than
not, wrong.

I have a very clear understanding of how "web apps work." The question
was simply to ask if you guys knew of a way to do so, since I do not.

The thing is, you guys are under the false impression that you know
everything. You do not. You do not know me, nor do you know my level
of knowledge or expertise. I asked a question. That's all.

Here's a real question for you, Tad. When's the last time you actually
gave a Perl related answer to a question on this newsgroup? I can't
remember seeing one. It makes me wonder just how much you actually
know about the language.

Geez. No wonder this newsgroup is nothing but spam. Oh, well, spam and
assholes.

Don't bother replying. I'm so tired of wasting my time with childish
pricks.

 

[Uri Guttman]

j> Tad & Uri, you guys are painfully presumptuous. And more often than
j> not, wrong.

considering that tad and i have both done professional perl training, me
thinks you are a bit off base.

j> I have a very clear understanding of how "web apps work." The question
j> was simply to ask if you guys knew of a way to do so, since I do not.

if you knew about web apps, you wouldn't have asked such a silly
question. the simple case of a non-browser accessing your app makes your
concept null and void. the news for you is there ain't no url bar in
those programs! the bigger news is that http doesn't support anything
like the server asking the browser for info. the conclusion is that you
don't know how http works. this makes us correct. sherlock would be proud!

j> The thing is, you guys are under the false impression that you know
j> everything. You do not. You do not know me, nor do you know my level
j> of knowledge or expertise. I asked a question. That's all.

we don't know everything. we do know enough about http and perl and web
apps to know your question was wacko. and then to claim you run a web
app team and still didn't know that, was icing on the cake.

j> Here's a real question for you, Tad. When's the last time you actually
j> gave a Perl related answer to a question on this newsgroup? I can't
j> remember seeing one. It makes me wonder just how much you actually
j> know about the language.

j> Geez. No wonder this newsgroup is nothing but spam. Oh, well, spam and
j> assholes.

i know you aren't a spammer. so you must be the other choice! btw, there
is actuallly little spam here. usenet does a decent job of deleting spam.

j> Don't bother replying. I'm so tired of wasting my time with childish
j> pricks.

then stop playing with yourself!

(like dynamiting fish in a barrel!

please do come back for more tutoring on web apps.

uri

 

[Mart van de Wege]

Tad & Uri, you guys are painfully presumptuous. And more often than
not, wrong.

I have a very clear understanding of how "web apps work."

No you don't.

You *cannot*, by definition, know what happens on the client. Not even
with client-side scripting. You have to trust the client for that.

Mart

 

[Jürgen Exner]

I have a very clear understanding of how "web apps work."

Then I am sure you can show us this HTTP request that allows the server
to query the client for the content of the address bar.

The question
was simply to ask if you guys knew of a way to do so, since I do not.

Newsflash: there ain't no such thing in HTTP as a server sending a
request to the client.

The thing is, you guys are under the false impression that you know
everything. You do not. You do not know me, nor do you know my level
of knowledge or expertise. I asked a question. That's all.

Yep. And it was a question that reveiled a lot about the person asking.

It actually reminds me of an old joke:

An [insert your favourite minority] has heard that you can cut a lot
more wood with a chain saw, so he bought one. After several days he
returned to the store, complaining that it doesn't work and that
actually it is even more difficult to cut wood with that chain saw than
with his old trusted crosscut saw.
The store clerk: "That surprises me, sir, let's see what's wrong".
Primed the chain saw, pulled the cord, pushed the trigger: wwwroooommm,
wwwwwrrrrroooomm, wwwrrrroooooommmmmmm
The customer: "What is that noise?"

Your question was akin to the question of that customer. You don't
understand the underlying basic concept.

jue

 

[Keith Thompson]

No you don't.

You *cannot*, by definition, know what happens on the client. Not even
with client-side scripting. You have to trust the client for that.

I admit that *I* don't have a very clear understanding of how
web apps work, so the following is likely to be completely wrong.
I'd be interested in knowing what's wrong about it.

Perl generally runs on the server side, and therefore doesn't
have access to the browser's (client's) internal information (in
this case, the contents of the address bar). Javascript generally
runs on the client side: the browser downloads Javascript code and
executes it locally. Have I got that right so far?

Would it be possible for some Javascript code, running in the
browser, to query the contents of the address bar and then send
that information to code running on the server?

My first thought is that this could open up serious security holes,
and that there are measures already in place to prevent it, but I
don't know the details.

 

[J. Gleixner]

Keith Thompson wrote:
[...]

Would it be possible for some Javascript code, running in the
browser, to query the contents of the address bar and then send
that information to code running on the server?

Yes. Instead of posting that here, you could find out for
yourself by simply searching the Internet on Javascript
and address bar (hint:location.href or document.url)
and you'll find how to get the value in a few seconds.

Sending information from browser to a server is typically done
via AJAX or possibly on form.submit, also done in Javascript.

My first thought is that this could open up serious security holes,
and that there are measures already in place to prevent it, but I
don't know the details.

Referer might also be what you're after, but can be easily disabled
from the browser.

 

[Mart van de Wege]

I admit that *I* don't have a very clear understanding of how
web apps work, so the following is likely to be completely wrong.
I'd be interested in knowing what's wrong about it.

Perl generally runs on the server side, and therefore doesn't
have access to the browser's (client's) internal information (in
this case, the contents of the address bar). Javascript generally
runs on the client side: the browser downloads Javascript code and
executes it locally. Have I got that right so far?

Would it be possible for some Javascript code, running in the
browser, to query the contents of the address bar and then send
that information to code running on the server?

Perhaps.

However, you still run up against the fundamental problem: you're
trusting the client. You cannot *know* for sure that the information is
correct, because the client is in control of the information being sent
to you.

Mart

 

[Keith Thompson]

Perhaps.

However, you still run up against the fundamental problem: you're
trusting the client. You cannot *know* for sure that the information is
correct, because the client is in control of the information being sent
to you.

Sure.

My point, I guess, is that the original poster was flamed to a
crisp for allegedly not knowing what he's talking about when he
asked how Perl code on the server side can find out what's in the
client's address bar.

Your "Perhaps" seems to imply that it's not obvious that what the
OP was asking about is impossible.