Tools

Here are some tools you may wish to use. Help yourself. No warranty.

In general, consider this software to be beta quality. That is, it works OK for me, but it isn't as forgiving of errors and configuration variations as it should be.

If you find bugs, and fix them yourself, please send mail to me and I may be able to incorporate your fix.

Directory

Web Tools

headpage.cgi: Generate HTML pages on the fly

headpage.cgi is a Perl program that can be called as a CGI from a web server. It reads a template and returns a HTML page that will be sent to a web browser. The template can return literal text, or can do various computations.

It is useful for setting up a page that changes at random on each load, or for setting up a page that is different depending on the browser or accessing computer.

Usage:

  1. Set this cgi file up so that the server interprets it as a CGI.
    • For some servers, you can name it index.cgi
    • If you need to name it index.html or something because people have bookmarked it, and your server uses NCSA conventions, you can add a line to your .htaccess that says
      	  AddType application/x-httpd-cgi index.html
      	
    • change the mode of this file to 710
    • place the file in your public_html directory, or wherever your web server looks for CGI files.
  2. Create a template, say headpage.txt describing your output. See below for format.
    • Put it in the same directory as the CGI.
    • Secure it 540
  3. If your script references other files, put them in the same directory, and secure them 740.

The format of the template file is as follows:

  :anything       prints anything
  print:anything  prints anything
  raw:file        includes file without parsing
  include:file    includes file with parsing
  today:xxx       prints "xxx: dd mmm yyyy hh:mm"
  fileinfo:fff    prints "(mm/dd/yy xxK)" 
  with the date mod & size for fff
  moddate:fff:nn  prints "nn: dd mmm yyyy hh:mm" 
  with the date mod for file fff
  ranpick:fff     outputs one random line from file fff
  ranpickpic:fff:pre:post     outputs random IMG tag from fff
  lookup:fff:xxx:yy  finds xxx: in fff and prints rest, else yy
  allvars:        outputs all environment variables
  varmatch:var:value:file  includes file if var =~ value
  setcookie:name:value     sets a cookie
  cookieval:name  outputs the value of cookie "name"
  exit:           exits (useful in a nested structure)

If you invoke headpage as

  <a href="headpage.cgi?textfile">
  

Then the template will come from textfile. If no query string is specified, the template will be read from headpage.txt.

Example: Here is a simple template that sets up a button the user can click to be sent to a randomly chosen place from a list. If it is invoked from a particular host, it adds a special message; it also displays all the environment variables as an aid to debugging.

  :<html><head><title>Jump page</title></head><body>
  :<h1>Mystery Jump</h1>
  moddate:jumplist:Updated
  :<p>
  ranpick:jumplist.txt
  :Click here for a mystery jump</a>
  :<p>
  varmatch:REMOTE_HOST:george.vip.best.com:headpage1.txt
  :<p>
  allvars:
  :</body></html>

Where each line in jumplist.txt is of the form

  <a href="somewhere"> 

And headpage1.txt contains

  :<font size=4 color=red>Hi George</font>

If a page sets a cookie, subsequent requests for the page will have the cookie in the HTTP_COOKIE variable, available for testing with varmatch or display with cookieval. The setcookie lines must come before anything is printed.

Security Tools

gpw: Password Generator

This package generates pronounceable passwords. It uses the statistics of three-letter combinations (trigraphs) taken from whatever dictionaries you feed it. Thus pronouceability may differ from language to language. It is based on the ideas in Morrie Gasser's password generator for Multics, and Dan Edwards's generator for CTSS. (Weaknesses in Gasser-like password generators were found in the 1990s. See the 1994 "A New Attack on Random Pronounceable Password Generators" by Ravi Ganesan and Chris Davies.) Don't use this generator blindly. (My programs are in C++ but are trivially convertible to C, just remove the word const.)

05/29/02: Minor changes to gpw.Makefile to compile under FreeBSD and Panther with gcc 3.3.
01/07/06: Made minor changes to gpw.C and loadtris.C to compile under with gcc 4.0.

gpw.C
Generate passwords. Execute
      gpw [npasswords] [passwordlength]
    

To generate pronounceable passwords. Default is 10 passwords of length 8.

gpw.C #includes a big table of constants from trigram.h giving frequencies.

loadtris.C
Generates trigram.h from your dictionaries.
gpw.Makefile
Compiles gpw for your system.

The same password generator in Javascript is available online.

01/08/06