Re: Differenz between developing websites with PHP/LISP

Robert Uhl schrieb:

That means that i need a little web server behind my apache-webserver?

No, but that's the way many of them work. mod_lisp takes another
approach--it talks directly from Apache to a running Lisp instance--but
frankly I never had much luck getting it working under my setup. And
it's kinda nice having a little web server--makes testing and
development a bit easier.

Because i am a webdeveloper there are 4 complete web-environments with
different configurations on my computer and i switch to the one i need.
That makes live easy, too.

You could if you wanted _just_ run the Lisp webserver, but I like having
Apache in front, as it offers a lot of nice features.

I will try this way.

Session hijacking is at the TCP level (and I'm guessing so is RCE), so
no, Lisp buys you nothing there--nor would any other language.

When you say "at the TCP level" it sounds harder than it is. Just
changing some cookie-values or urls.


Ah, you meant web sessions. I'm not familiar with the mechanism, so I
Googled a bit and the only references were to TCP/IP session hijacking.

The questions was a little ironically, because the stealing of
sessions and the injection of code in different ways is often a since
for a bad programmer (or a too short night or many other reasons). I
do not really beleave, that a language can protect us before this.

I daresay that you're probably correct, although I will note that, at
least for those Lisp frameworks I've used which provide sessions, one
doesn't need to write one's own session code--and hence one can rely on
the time and effort of someone else. So you & I needn't be great
programmers--just the guy who writes the framework.

I have read this, too. But this do not avoid the normaly
hacking-methods, because you can steal Websessions by many ways:
guessing the session-id, use undestroyed sessions, use man-of-the-middle
to log the session-id and so on. Often the user of a website paste a
link into the internet and at the end of the link stands the session-id.
Therefore it is not possible to use standard session-handling. You are
forced to change the session-id each time, have some changing values in
cookies and have to watch if some data of user (for example the used
browser) change. After this you have a little more security and there
are enough methods over to hack throught sessions.

Also i am interessting in the method handling the sessions. In PHP there
is a text-file with serialzed session-data. One file for every sessions.
That could be a problem, when there are many (experience says over
100.000) sessions at the same time, because than the
file-system/harddisk get slow. Because of this i often use a selfwritten
session-managment based on a database. A good alternative is
session-management at a dedicated server by storing them into RAM.

But i will look at the manual of the framework to discover how the
framework work ;)

I have clisp on my Mandriva Linux, but if i use the given commands,
clisp mentioned that there is no asdf.

Here's where the Internet makes life easy. I googled "clisp asdf"
and one of the links was to <http://www.cliki.net/asdf>, which has
links to the source code and a howto. Once you have it installed,
it's pretty easy to use.

I found this site too, but i always read about the needing of SBCL.

Well, different packages support different implementations. So if you
use several packages then you can only use an implementation supported
by _all_ of them (in mathematical terms you're limited to the
intersection of the sets of supported implementations). Today in the
free Lisp world it appears that the most commonly supported
implementations are SBCL and clisp.

Fine. At the moment i am compiling sbcl. :)

Otherwise it took a loooong time to see one of the linked site
(between 5 and 15 minutes).

CLiki? Are you on a slow link? It's typically very fast for me.
Perhaps it's undergoing maintenance or is under attack from some script
kiddies.

Cliki is always fast, but i have problems with:
http://sbcl.sourceforge.net/. But i already have the data i need.

I wish you a comfortable weekend,
Torsten
.

Relevant Pages

  • Re: NT in-place migration into Windows 2003 native forest
    ... I'm not sure about "software supposing null sessions" and I didn't hear ... Microsoft Online Partner Support ... >>Windows 2003 AD forest in Windows 2003 native mode. ...
    (microsoft.public.windows.server.migration)
  • Re: Differenz between developing websites with PHP/LISP
    ... Apache in front, as it offers a lot of nice features. ... Ah, you meant web sessions. ... different packages support different implementations. ...
    (comp.lang.lisp)
  • RE: What is the Excel equivilent of...
    ... to be used to preserve macro settings in between macro sessions. ... In Excel, we do not have the similar session issue. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.office.developer.com.add_ins)
  • Re: PPPoE to multiple ISP on same network card/DSL modem
    ... Regardless of the technology used to connect to your service provider, ... the protocol and technology to support multiple ... sessions is available, but that does not mean that the ...
    (comp.os.linux.networking)
  • Re: Change processname
    ... different apps running under different sessions. ... Manager based on their the config file settings. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.languages.vb)
Loading