perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From demerphq <>
Subject Re: random token re-used in subsequent requests
Date Tue, 17 May 2016 18:23:28 GMT
On 16 May 2016 at 20:03, Bruce  Johnson <> wrote:
>> On May 16, 2016, at 10:15 AM, André Warnier (tomcat) <> wrote:
>> join "", map +(0..9,"a".."z","A".."Z")[rand(10+26*2)], 1..32 ;
>> looks at first sight to me like quite inefficient and probably likely to generate
the same string regularly, even if it does not look that way.
>> (The only variable there is rand(), and it can only return values between 0 and 62).
> The  function is meant to map a random element from the 62-element-long  array (0..9,"a".."z","A".."Z”)
(hence a rand() call to generate a number from 0 and 62), 32 times, and join them into a string.
> Although I think that should really be rand(9+26*2) to properly generate array indices
for the entire array and no more. With a number between 0 and 62 (63 numbers) and a 62-element
array, you’ll be retrieving nulls from the array 1/62 calls,  but all that means is that
the string is one char shorter for each time '62’ comes up...
> So long as rand is properly seeded, you should not get repeats, at least not frequently
enough to ever notice, I’d think.
> This is textbook Perl, as in I’m pretty sure it’s out of one of Larry Wall’s books;
I use it to generate random strings for cookies.
> If it’s properly seeded in the original code, it should either work or not work on
all five servers. Not working on one out of the five makes me think maybe there’s some sort
of weird caching issue.

Or for some reason one of the servers goes through a code path where
it calls srand/rand prefork.

An unfortunate side effect of the rules of srand in perl is that if
you fork without calling rand each child process will have their own
seed. if you rand before fork then all the children will have their
own seed.

Thus you need to ensure you call srand() explicitly post fork in your webserver.


perl -Mre=debug -e "/just|another|perl|hacker/"

View raw message