perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philippe M. Chiasson" <go...@ectoplasm.org>
Subject Re: srand
Date Mon, 06 Apr 2009 18:23:30 GMT


On 4/4/09 19:52, Adam Prime wrote:
> Stanisław T. Findeisen wrote:
>> Hello
>>
>> I have a question regarding srand() usage with mod_perl. The 
>> documentation says:
>>
>> =======================================================================
>> Do not call srand() (i.e. without an argument) more than once in a 
>> script. The internal state of the random number generator should contain 
>> more entropy than can be provided by any seed, so calling srand() again 
>> actually loses randomness.
>>
>> http://perldoc.perl.org/functions/srand.html
>> =======================================================================
>>
>> How does this relate to mod_perl? Is it safe to simply call srand() once 
>> per CGI script?
>>
> 
> Personally, i call srand in my startup.pl, and not in individual cgi 
> scripts.  I have no idea if that's actually a good practice or not 
> though.  It might for example be a better idea to call it in a ChildInit 
>   handler.

Yes, otherwise, each child httpd process (even these forked in the future),
will inherit the same random seed, so will go thru the exact same random
sequence. If you have multiple code paths consuming randomness, you might
not notice, but it can be a big problem, as your randomness will not be
nowhere as unpridictable as you'd think.

For instance, bugzilla.mozilla.org was hit by this very bug, as it was
making heavy use of rand() to generate unique tokens, and was finding itself
encountering a lot of duplicates, as each child process was starting at the
same exact random seed via a single srand() call from a PerlRequire'd file.

-- 
Philippe M. Chiasson     GPG: F9BFE0C2480E7680 1AE53631CB32A107 88C3A5A5
http://gozer.ectoplasm.org/       m/gozer\@(apache|cpan|ectoplasm)\.org/


Mime
View raw message