"Fossies" - the Fresh Open Source Software Archive

Member "Apache-Session-1.93/lib/Apache/Session/Generate/MD5.pm" (15 Sep 2009, 2658 Bytes) of package /linux/www/Apache-Session-1.93.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Perl source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "MD5.pm" see the Fossies "Dox" file reference documentation.

    1 #############################################################################
    2 #
    3 # Apache::Session::Generate::MD5;
    4 # Generates session identifier tokens using MD5
    5 # Copyright(c) 2000, 2001 Jeffrey William Baker (jwbaker@acm.org)
    6 # Distribute under the Perl License
    7 #
    8 ############################################################################
    9 
   10 package Apache::Session::Generate::MD5;
   11 
   12 use strict;
   13 use vars qw($VERSION);
   14 use Digest::MD5;
   15 
   16 $VERSION = '2.12';
   17 
   18 sub generate {
   19     my $session = shift;
   20     my $length = 32;
   21     
   22     if (exists $session->{args}->{IDLength}) {
   23         $length = $session->{args}->{IDLength};
   24     }
   25     
   26     $session->{data}->{_session_id} = 
   27         substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, $length);
   28     
   29 
   30 }
   31 
   32 sub validate {
   33     #This routine checks to ensure that the session ID is in the form
   34     #we expect.  This must be called before we start diddling around
   35     #in the database or the disk.
   36 
   37     my $session = shift;
   38     
   39     if ($session->{data}->{_session_id} =~ /^([a-fA-F0-9]+)$/) {
   40         $session->{data}->{_session_id} = $1;
   41     } else {
   42         die "Invalid session ID: ".$session->{data}->{_session_id};
   43     }
   44 }
   45 
   46 1;
   47 
   48 =pod
   49 
   50 =head1 NAME
   51 
   52 Apache::Session::Generate::MD5 - Use MD5 to create random object IDs
   53 
   54 =head1 SYNOPSIS
   55 
   56  use Apache::Session::Generate::MD5;
   57 
   58  $id = Apache::Session::Generate::MD5::generate();
   59 
   60 =head1 DESCRIPTION
   61 
   62 This module fulfills the ID generation interface of Apache::Session.  The
   63 IDs are generated using a two-round MD5 of a random number, the time since the
   64 epoch, the process ID, and the address of an anonymous hash.  The resultant ID
   65 number is highly entropic on Linux and other platforms that have good
   66 random number generators.  You are encouraged to investigate the quality of
   67 your system's random number generator if you are using the generated ID
   68 numbers in a secure environment.
   69 
   70 This module can also examine session IDs to ensure that they are, indeed,
   71 session ID numbers and not evil attacks.  The reader is encouraged to 
   72 consider the effect of bogus session ID numbers in a system which uses
   73 these ID numbers to access disks and databases.
   74 
   75 This modules takes one argument in the usual Apache::Session style.  The
   76 argument is IDLength, and the value, between 0 and 32, tells this module
   77 where to truncate the session ID.  Without this argument, the session ID will
   78 be 32 hexadecimal characters long, equivalent to a 128-bit key.
   79 
   80 =head1 AUTHOR
   81 
   82 This module was written by Jeffrey William Baker <jwbaker@acm.org>.
   83 
   84 =head1 SEE ALSO
   85 
   86 L<Apache::Session>