Mailing List Archive: ModPerl: ModPerl

uid

Index | Next | Previous | View Threaded

jleach at mail

Feb 17, 2000, 9:18 AM

Post #1 of 14 (1063 views)
Permalink

uid

hi,

I'm looking to generate a unique id, probably 128bits. Any suggestions
on how to do this with mod_perl/apache?

j.

matt at sergeant

Feb 17, 2000, 9:32 AM

Post #2 of 14 (1030 views)
Permalink

Re: uid [In reply to]

On Thu, 17 Feb 2000, you wrote:
> hi,
>
> I'm looking to generate a unique id, probably 128bits. Any suggestions
> on how to do this with mod_perl/apache?

MD5 of rand and %ENV ?

--
<Matt/>

Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.

wendell at ccstrade

Feb 17, 2000, 9:34 AM

Post #3 of 14 (1048 views)
Permalink

Re: uid [In reply to]

On Thu, Feb 17, 2000 at 08:18:16AM -0800, Jason C. Leach wrote:
> hi,
>
> I'm looking to generate a unique id, probably 128bits. Any suggestions
> on how to do this with mod_perl/apache?
>
> j.

mod_unique_id sets $ENV{'UNIQUE_ID'}

see: http://www.apache.org/docs/mod/mod_unique_id.html

also --
from wing-0.9 there is this code:

@session_chars = ('A' .. 'Z', 'a' .. 'z', 0 .. 9, '.', '-');

#
# Generate a cryptographically strongly random 120-bit session id
# returned as 24 characters from teh 64-character set [A-Za-z0-9.-].
# Platforms without /dev/urandom will have to rewrite this.
#
sub make_session_id {
if (!defined(fileno(RANDOM))) {
open(RANDOM, "/dev/urandom") or return undef;
}
my $rawid;
if (read(RANDOM, $rawid, 24) != 24){
return undef;
}
$rawid =~ s/(.)/$session_chars[ord($1) & 63]/egs;
return $rawid;
}

-- wendell

dclinton at eziba

Feb 17, 2000, 9:36 AM

Post #4 of 14 (1032 views)
Permalink

Re: uid [In reply to]

On Thu, Feb 17, 2000 at 04:32:55PM +0000, Matt Sergeant wrote:
> On Thu, 17 Feb 2000, you wrote:
> > hi,
> >
> > I'm looking to generate a unique id, probably 128bits. Any suggestions
> > on how to do this with mod_perl/apache?
>
> MD5 of rand and %ENV ?

An algorithm that I've used is to concatenate the IP address of the current host,
the PID, the current time in milliseconds, and a counter that goes from 1 to 1024.

Then MD5 it.

This will be globally unique (unless 1024 are created in one millisecond, or you
have two hosts with the same IP), I believe.

-DeWitt

steve.vanderburg at lhsc

Feb 17, 2000, 9:39 AM

Post #5 of 14 (1032 views)
Permalink

Re: uid [In reply to]

>> I'm looking to generate a unique id, probably 128bits. Any suggestions
>> on how to do this with mod_perl/apache?
>
>MD5 of rand and %ENV ?
>
Since you mentioned mod_perl I'll assume you're on Unix, so you can just use mod_unique_id, which already comes with Apache. Compile it in (or enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if using CGI emulation, or get at the value using the Apache request methods (?) if you're not.

...Steve

--
Steve van der Burg
Information Services
London Health Sciences Centre
(519) 685-8300 ext 35559
steve.vanderburg [at] lhsc

jleach at mail

Feb 17, 2000, 10:21 AM

Post #6 of 14 (1045 views)
Permalink

Re: uid [In reply to]

hi,

ok. I ended up fetching the $ENV. How can I do that and not use CGI
emulation; if not using CGI is better practice.

Thanks,
j.

On Thu, Feb 17, 2000 at 11:39:50AM -0500, Steve van der Burg wrote:
> >> I'm looking to generate a unique id, probably 128bits. Any suggestions
> >> on how to do this with mod_perl/apache?
> >
> >MD5 of rand and %ENV ?
> >
> Since you mentioned mod_perl I'll assume you're on Unix, so you can just use mod_unique_id, which already comes with Apache. Compile it in (or enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if using CGI emulation, or get at the value using the Apache request methods (?) if you're not.
>
> ...Steve
>
>
> --
> Steve van der Burg
> Information Services
> London Health Sciences Centre
> (519) 685-8300 ext 35559
> steve.vanderburg [at] lhsc
>

steve.vanderburg at lhsc

Feb 17, 2000, 11:26 AM

Post #7 of 14 (1044 views)
Permalink

Re: uid [In reply to]

>> I'm looking to generate a unique id, probably 128bits. Any
>suggestions
>> >> on how to do this with mod_perl/apache?
>> >
>> >MD5 of rand and %ENV ?
>> >
>> Since you mentioned mod_perl I'll assume you're on Unix, so you can just
>use mod_unique_id, which already comes with Apache. Compile it in (or
>enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if
>using CGI emulation, or get at the value using the Apache request methods
>(?) if you're not.
>>
>> ...Steve
>>
>
>ok. I ended up fetching the $ENV. How can I do that and not use CGI
>emulation; if not using CGI is better practice.

From p.332 of the Eagle book:

$r->subprocess_env('UNIQUE_ID')

There's been lots of discussion on the list about CGI emulation vs. "true" mod_perl coding. To get performance as high as possible, you need to throw away CGI emulation. In the real world, it's often a handy thing to have. I do some of each.

...Steve

--
Steve van der Burg
Information Services
London Health Sciences Centre
(519) 685-8300 ext 35559
steve.vanderburg [at] lhsc

gunther at extropia

Feb 17, 2000, 12:14 PM

Post #8 of 14 (1057 views)
Permalink

Re: uid [In reply to]

For a really nice "unique" id, I like Jeffrey Baker's APache::Session hash
function which uses a load of random stuff mungled together. You might want
to snag that out of the code.

His routine doesnt work too well on a select few platforms (eg Win98 + ISAPI
Perl), but it works great on Apache mod_perl.

One thing to note: MD5 hashes DO have a possibility of being having a hash
collision. Granted, it's unlikely, but it is POSSIBLE. Therefore, you should
probably still keep track of what ids had been generated previously. I guess
it depends on what you want to do.

Matt Sergeant wrote:

> On Thu, 17 Feb 2000, you wrote:
> > hi,
> >
> > I'm looking to generate a unique id, probably 128bits. Any suggestions
> > on how to do this with mod_perl/apache?
>
> MD5 of rand and %ENV ?
>
> --
> <Matt/>
>
> Details: FastNet Software Ltd - XML, Perl, Databases.
> Tagline: High Performance Web Solutions
> Web Sites: http://come.to/fastnet http://sergeant.org
> Available for Consultancy, Contracts and Training.

mckinnon at isis2000

Feb 17, 2000, 12:23 PM

Post #9 of 14 (1034 views)
Permalink

Re: uid [In reply to]

On Thu, 17 Feb 2000, Gunther Birznieks wrote:

> One thing to note: MD5 hashes DO have a possibility of being having a hash
> collision. Granted, it's unlikely, but it is POSSIBLE. Therefore, you should
> probably still keep track of what ids had been generated previously. I guess
> it depends on what you want to do.

Assuming that MD5 distributes things pretty evenly over its 128 bit
space, the chances are:

1 in 340,282,366,920,940,000,000,000,000,000,000,000,000

(approx...my calculator only has so many digits of precision. :) )

As long as you are hashing a decent sized piece of data to begin with
that's appropriately random, I wouldn't worry TOO much about it. :)

- Bill

ged at jubileegroup

Feb 18, 2000, 8:14 AM

Post #10 of 14 (1054 views)
Permalink

Re: uid [In reply to]

Hi all,

On Thu, 17 Feb 2000, Bill McKinnon wrote:

> Assuming that MD5 distributes things pretty evenly over its 128 bit
> space, the chances are:
>
> 1 in 340,282,366,920,940,000,000,000,000,000,000,000,000

Recently, somebody calculated live on TV that the odds against giving
birth on Jan 1 2000 (given certain assumptions) to be 32,000 to 1
against. Those of you who know that there aren't 32,000 days in a
month will spot the similarity with the 51-digit number above.

A famous British Prime Minister once said

"There are lies, damned lies, and statistics."

73,
Ged.

mckinnon at isis2000

Feb 18, 2000, 11:17 AM

Post #11 of 14 (1031 views)
Permalink

Re: uid [In reply to]

"G.W. Haywood" wrote:
>
> Hi all,
>
> On Thu, 17 Feb 2000, Bill McKinnon wrote:
>
> > Assuming that MD5 distributes things pretty evenly over its 128 bit
> > space, the chances are:
> >
> > 1 in 340,282,366,920,940,000,000,000,000,000,000,000,000
>
> Recently, somebody calculated live on TV that the odds against giving
> birth on Jan 1 2000 (given certain assumptions) to be 32,000 to 1
> against. Those of you who know that there aren't 32,000 days in a
> month will spot the similarity with the 51-digit number above.
>
> A famous British Prime Minister once said
>
> "There are lies, damned lies, and statistics."
>
> 73,
> Ged.

Certainly you want to take into account how many times you will test
the likelihood of something...if the chances are 1 in 75,000,000 that
I'll win the lottery but I buy 50,000,000 tickets, the chances are a wee
bit better that I'll win. :) But to even begin to make a dent in the above
number you have to test a LARGE number of times. And all this might be
academic anyway, since I've realized that the math is slightly more complex
than I've made it out to be. Bruce Schneier does a great job of discussing
the issues in _Applied Cryptography_, in Chapter 18, "One-Way Hash
Functions." The whole point of message digest algorithms (or one of the
points) is, given a message M and its hash H(M), make it hard to find another
message M' where H(M) = H(M'). Just because of this fact alone you should
know that you are reasonably safe from that sort of thing happening. Schneier
points out a few theorectical flaws/past attacks against MD5 that might
make the ultra paranoid avoid it...if you are one of these, use SHA1 or
something (that has 160 bits of output). Mostly though, I think it's far more
likely that your memory or CPU will spontaneously blip and give you an
incorrect value, and we obviously don't test for that sort of thing. :)
This is probably going offtopic for modperl...if people want to discuss
things more, it might be best done offline.

- Bill

jleach at mail

Feb 18, 2000, 12:07 PM

Post #12 of 14 (1032 views)
Permalink

Re: uid [In reply to]

hi,

Ya. I take Apache's UID and run it through MD5.

j.

On Thu, Feb 17, 2000 at 12:23:44PM -0700, Bill McKinnon wrote:
>
> On Thu, 17 Feb 2000, Gunther Birznieks wrote:
>
> > One thing to note: MD5 hashes DO have a possibility of being having a hash
> > collision. Granted, it's unlikely, but it is POSSIBLE. Therefore, you should
> > probably still keep track of what ids had been generated previously. I guess
> > it depends on what you want to do.
>
> Assuming that MD5 distributes things pretty evenly over its 128 bit
> space, the chances are:
>
> 1 in 340,282,366,920,940,000,000,000,000,000,000,000,000
>
> (approx...my calculator only has so many digits of precision. :) )
>
> As long as you are hashing a decent sized piece of data to begin with
> that's appropriately random, I wouldn't worry TOO much about it. :)
>
> - Bill
>

ged at jubileegroup

Feb 18, 2000, 1:31 PM

Post #13 of 14 (1030 views)
Permalink

Re: uid [In reply to]

Hi all,

Sorry, I didn't mean to start a battle!

On Fri, 18 Feb 2000, Gunther Birznieks wrote:

> Just because I am unlikely to get killed bungee jumping isn't going
> to make me want to rush out and try it. :)

And just because I'm paranoid it doesn't mean that they aren't out to
get me...

But Bill's right, we're way off-topic with this.

73,
Ged.

sbekman at iname

Feb 20, 2000, 11:20 AM

Post #14 of 14 (1051 views)
Permalink

Re: uid [In reply to]

On Thu, 17 Feb 2000, Steve van der Burg wrote:

> >> I'm looking to generate a unique id, probably 128bits. Any
> >suggestions
> >> >> on how to do this with mod_perl/apache?
> >> >
> >> >MD5 of rand and %ENV ?
> >> >
> >> Since you mentioned mod_perl I'll assume you're on Unix, so you can just
> >use mod_unique_id, which already comes with Apache. Compile it in (or
> >enable it if you're doing DSO), and then just reference $ENV{UNIQUE_ID} if
> >using CGI emulation, or get at the value using the Apache request methods
> >(?) if you're not.
> >>
> >> ...Steve
> >>
> >
> >ok. I ended up fetching the $ENV. How can I do that and not use CGI
> >emulation; if not using CGI is better practice.
>
> >From p.332 of the Eagle book:
>
> $r->subprocess_env('UNIQUE_ID')
>
> There's been lots of discussion on the list about CGI emulation vs. "true" mod_perl coding. To get performance as high as possible, you need to throw away CGI emulation. In the real world, it's often a handy thing to have. I do some of each.

The %ENV gets set by default, no matter what you use -- see:
http://perl.apache.org/guide/performance.html#PerlSetupEnv_Off

_______________________________________________________________________
Stas Bekman mailto:sbekman [at] iname http://www.stason.org/stas
Perl,CGI,Apache,Linux,Web,Java,PC http://www.stason.org/stas/TULARC
perl.apache.org modperl.sourcegarden.org perlmonth.com perl.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads