Skip Menu |

This queue is for tickets about the CGI-Session CPAN distribution.

Report information
The Basics
Id: 3130
Status: resolved
Priority: 0/
Queue: CGI-Session

People
Owner: MARKSTOS [...] cpan.org
Requestors: eperez [...] it.uc3m.es
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: CGI::Session::ID::Random new ID generator
I've coded what I think is the fastest and most secure ID generator for CGI::Session. It uses /dev/urandom thus using this good random generator. It won't work on windows as I don't know how to access windows random generator (if it has one) but will work on other unices with this interface. This driver is using a hexencoded 128bit (16 bytes) data. I think it would be a good idea to default to this ID generator and fall back to other ID generator if the system doesn't have a random number generator. I've just post here so nobody forgets.
package CGI::Session::ID::Random; # $Id: Random.pm,v 3.1 2002/11/27 12:26:05 sherzodr Exp $ use strict; use Fcntl; use vars qw($VERSION); ($VERSION) = '$Revision: 3.1 $' =~ m/Revision:\s*(\S+)/; sub generate_id { my $self = shift; unless (sysopen(FH, '/dev/urandom', O_RDONLY) ) { $self->error("Couldn't open /dev/urandom: $!"); return undef; } my $ID; sysread(FH, $ID, 16); unless ( close(FH) ) { $self->error("Couldn't close /dev/urandom: $!"); return undef; } $ID =~ s/(.)/sprintf("%02x",ord($1))/eg; return $ID; } 1; =pod =head1 NAME CGI::Session::ID::Random - CGI::Session Random driver =head1 SYNOPSIS use CGI::Session qw/-api3/; $session = new CGI::Session("id:Random", undef); =head1 DESCRIPTION CGI::Session::ID::Random is to generate encoded hexidecimal random ids using /dev/urandom. The method does not require any arguments. This driver should be the fastest and most secure ID generator. =head1 COPYRIGHT Copyright (C) 2003 Eduardo Pérez Ureta. All rights reserved. This library is free software. You can modify and distribute it under the same terms as Perl itself. =head1 AUTHOR Eduardo Pérez Ureta <eperez@it.uc3m.es> Feedbacks, suggestions and patches are welcome. =head1 SEE ALSO =over 4 =item * L<Incr|CGI::Session::ID::Incr> - Auto Incremental ID generator =item * L<CGI::Session|CGI::Session> - CGI::Session manual =item * L<CGI::Session::Tutorial|CGI::Session::Tutorial> - extended CGI::Session manual =item * L<CGI::Session::CookBook|CGI::Session::CookBook> - practical solutions for real life problems =item * B<RFC 2965> - "HTTP State Management Mechanism" found at ftp://ftp.isi.edu/in-notes/rfc2965.txt =item * L<CGI|CGI> - standard CGI library =item * L<Apache::Session|Apache::Session> - another fine alternative to CGI::Session =back =cut
[guest - Sun Aug 3 05:38:07 2003]: Show quoted text
> I've coded what I think is the fastest and most secure ID generator > for > CGI::Session. It uses /dev/urandom thus using this good random > generator. > It won't work on windows as I don't know how to access windows random > generator (if it has one) but will work on other unices with this > interface. This driver is using a hexencoded 128bit (16 bytes) data. > I think it would be a good idea to default to this ID generator and > fall > back to other ID generator if the system doesn't have a random number > generator. > > I've just post here so nobody forgets.
Hello, I'm sorry it's taken so long for someone to respond to you about this. Your project sounds interesting. Please go ahead and complete your driver with tests and docs and post it on CPAN. From there we can evaluate whether to make it the new default. I know that FreeBSD deals with randomness a little differently and takes more configuration, so I'll be interested to find out about the portability of your solution. Mark
I'm resolving this due to lack response from the original requestor. The request can be mostly addressed by a third-party upload anyway. Mark