srand

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig78AF10BBDC8ABDAAE03022F4
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Hello

I have a question regarding srand() usage with mod_perl. The=20
documentation says:

==================== =====3D=
==================== =====3D=
==================== =3D
Do not call srand() (i.e. without an argument) more than once in a=20
script. The internal state of the random number generator should contain =

more entropy than can be provided by any seed, so calling srand() again=20
actually loses randomness.

http://perldoc.perl.org/functions/srand.html
==================== =====3D=
==================== =====3D=
==================== =3D

How does this relate to mod_perl? Is it safe to simply call srand() once =

per CGI script?

Thanks!

STF

==================== =====3D=
==================== =====3D=
==================== =3D
http://eisenbits.homelinux.net/~stf/
OpenPGP: 9D25 3D89 75F1 DF1D F434 25D7 E87F A1B9 B80F 8062
==================== =====3D=
==================== =====3D=
==================== =3D


--------------enig78AF10BBDC8ABDAAE03022F4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAknX0VkACgkQ6H+hubgPgGIKqgCggvws/i3ObIcoc7NU996+ u3Qo
V+0AoKe4KxPdBkJWCVRsEekqRBLp+0Km
=kTMS
-----END PGP SIGNATURE-----

--------------enig78AF10BBDC8ABDAAE03022F4--

Re: srand

Stanisław T. Findeisen wrote:
> Hello
>
> I have a question regarding srand() usage with mod_perl. The
> documentation says:
>
> ============================================================ ===========
> Do not call srand() (i.e. without an argument) more than once in a
> script. The internal state of the random number generator should contain
> more entropy than can be provided by any seed, so calling srand() again
> actually loses randomness.
>
> http://perldoc.perl.org/functions/srand.html
> ============================================================ ===========
>
> How does this relate to mod_perl? Is it safe to simply call srand() once
> per CGI script?
>

Personally, i call srand in my startup.pl, and not in individual cgi
scripts. I have no idea if that's actually a good practice or not
though. It might for example be a better idea to call it in a ChildInit
handler.

Adam

Re: srand

2009/4/4 "Stanis=B3aw T. Findeisen" :
> How does this relate to mod_perl? Is it safe to simply call srand() once =
per
> CGI script?

It's safe, although there's not much reason to do it unless you have
access to something more random than what it will use by default. You
should not call srand more than once in a running perl interpreter,
which is why the mod_perl docs advise against it. The mod_perl docs
there are basically a quote from the perlfunc manpage:
http://perldoc.perl.org/functions/srand.html

- Perrin

Re: srand

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigE8F2996F9DFBC51672240AEA
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable



On 4/4/09 19:52, Adam Prime wrote:
> Stanisław T. Findeisen wrote:
>> Hello
>>
>> I have a question regarding srand() usage with mod_perl. The=20
>> documentation says:
>>
>> ==================== =====
==================== =====3D=
==================== ==
>> Do not call srand() (i.e. without an argument) more than once in a=20
>> script. The internal state of the random number generator should conta=
in=20
>> more entropy than can be provided by any seed, so calling srand() agai=
n=20
>> actually loses randomness.
>>
>> http://perldoc.perl.org/functions/srand.html
>> ==================== =====
==================== =====3D=
==================== ==
>>
>> How does this relate to mod_perl? Is it safe to simply call srand() on=
ce=20
>> per CGI script?
>>
>=20
> Personally, i call srand in my startup.pl, and not in individual cgi=20
> scripts. I have no idea if that's actually a good practice or not=20
> though. It might for example be a better idea to call it in a ChildIni=
t=20
> handler.

Yes, otherwise, each child httpd process (even these forked in the future=
),
will inherit the same random seed, so will go thru the exact same random
sequence. If you have multiple code paths consuming randomness, you might=

not notice, but it can be a big problem, as your randomness will not be
nowhere as unpridictable as you'd think.

For instance, bugzilla.mozilla.org was hit by this very bug, as it was
making heavy use of rand() to generate unique tokens, and was finding its=
elf
encountering a lot of duplicates, as each child process was starting at t=
he
same exact random seed via a single srand() call from a PerlRequire'd fil=
e.

--=20
Philippe M. Chiasson GPG: F9BFE0C2480E7680 1AE53631CB32A107 88C3A5A5
http://gozer.ectoplasm.org/ m/gozer\@(apache|cpan|ectoplasm)\.org/


--------------enigE8F2996F9DFBC51672240AEA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFJ2kiiyzKhB4jDpaURAr/PAKCiwYW3IV75N0oA2GESL1b+yC+auQCf e1qf
0zkLQ8JGdWXfHp7NNKPuIOc=
=4yK+
-----END PGP SIGNATURE-----

--------------enigE8F2996F9DFBC51672240AEA--