On 4/4/09 19:52, Adam Prime wrote: > Stanisław T. Findeisen wrote: >> Hello >> >> I have a question regarding srand() usage with mod_perl. The >> documentation says: >> >> ======================================================================= >> Do not call srand() (i.e. without an argument) more than once in a >> script. The internal state of the random number generator should contain >> more entropy than can be provided by any seed, so calling srand() again >> actually loses randomness. >> >> http://perldoc.perl.org/functions/srand.html >> ======================================================================= >> >> How does this relate to mod_perl? Is it safe to simply call srand() once >> per CGI script? >> > > Personally, i call srand in my startup.pl, and not in individual cgi > scripts. I have no idea if that's actually a good practice or not > though. It might for example be a better idea to call it in a ChildInit > handler.
Yes, otherwise, each child httpd process (even these forked in the future), will inherit the same random seed, so will go thru the exact same random sequence. If you have multiple code paths consuming randomness, you might not notice, but it can be a big problem, as your randomness will not be nowhere as unpridictable as you'd think. For instance, bugzilla.mozilla.org was hit by this very bug, as it was making heavy use of rand() to generate unique tokens, and was finding itself encountering a lot of duplicates, as each child process was starting at the same exact random seed via a single srand() call from a PerlRequire'd file. -- Philippe M. Chiasson GPG: F9BFE0C2480E7680 1AE53631CB32A107 88C3A5A5 http://gozer.ectoplasm.org/ m/gozer\@(apache|cpan|ectoplasm)\.org/
signature.asc
Description: OpenPGP digital signature
