Subject: | CGI::Session::ID::Random new ID generator |
I've coded what I think is the fastest and most secure ID generator for
CGI::Session. It uses /dev/urandom thus using this good random generator.
It won't work on windows as I don't know how to access windows random
generator (if it has one) but will work on other unices with this
interface. This driver is using a hexencoded 128bit (16 bytes) data.
I think it would be a good idea to default to this ID generator and fall
back to other ID generator if the system doesn't have a random number
generator.
I've just post here so nobody forgets.
package CGI::Session::ID::Random;
# $Id: Random.pm,v 3.1 2002/11/27 12:26:05 sherzodr Exp $
use strict;
use Fcntl;
use vars qw($VERSION);
($VERSION) = '$Revision: 3.1 $' =~ m/Revision:\s*(\S+)/;
sub generate_id {
my $self = shift;
unless (sysopen(FH, '/dev/urandom', O_RDONLY) ) {
$self->error("Couldn't open /dev/urandom: $!");
return undef;
}
my $ID;
sysread(FH, $ID, 16);
unless ( close(FH) ) {
$self->error("Couldn't close /dev/urandom: $!");
return undef;
}
$ID =~ s/(.)/sprintf("%02x",ord($1))/eg;
return $ID;
}
1;
=pod
=head1 NAME
CGI::Session::ID::Random - CGI::Session Random driver
=head1 SYNOPSIS
use CGI::Session qw/-api3/;
$session = new CGI::Session("id:Random", undef);
=head1 DESCRIPTION
CGI::Session::ID::Random is to generate encoded hexidecimal random ids
using /dev/urandom. The method does not require any arguments.
This driver should be the fastest and most secure ID generator.
=head1 COPYRIGHT
Copyright (C) 2003 Eduardo Pérez Ureta. All rights reserved.
This library is free software. You can modify and distribute it under the same terms as Perl itself.
=head1 AUTHOR
Eduardo Pérez Ureta <eperez@it.uc3m.es>
Feedbacks, suggestions and patches are welcome.
=head1 SEE ALSO
=over 4
=item *
L<Incr|CGI::Session::ID::Incr> - Auto Incremental ID generator
=item *
L<CGI::Session|CGI::Session> - CGI::Session manual
=item *
L<CGI::Session::Tutorial|CGI::Session::Tutorial> - extended CGI::Session manual
=item *
L<CGI::Session::CookBook|CGI::Session::CookBook> - practical solutions for real life problems
=item *
B<RFC 2965> - "HTTP State Management Mechanism" found at ftp://ftp.isi.edu/in-notes/rfc2965.txt
=item *
L<CGI|CGI> - standard CGI library
=item *
L<Apache::Session|Apache::Session> - another fine alternative to CGI::Session
=back
=cut