File Coverage

blib/lib/Apache/Session/Generate/MD5.pm
Criterion Covered Total %
statement 18 18 100.0
branch 4 4 100.0
condition n/a
subroutine 5 5 100.0
pod 0 2 0.0
total 27 29 93.1


line stmt bran cond sub pod time code
1             #############################################################################
2             #
3             # Apache::Session::Generate::MD5;
4             # Generates session identifier tokens using MD5
5             # Copyright(c) 2000, 2001 Jeffrey William Baker (jwbaker@acm.org)
6             # Distribute under the Perl License
7             #
8             ############################################################################
9            
10             package Apache::Session::Generate::MD5;
11            
12 3     3   1527 use strict;
  3         7  
  3         97  
13 3     3   15 use vars qw($VERSION);
  3         5  
  3         116  
14 3     3   16 use Digest::MD5;
  3         6  
  3         722  
15            
16             $VERSION = '2.12';
17            
18             sub generate {
19 33     33 0 17393 my $session = shift;
20 33         58 my $length = 32;
21            
22 33 100       88 if (exists $session->{args}->{IDLength}) {
23 28         51 $length = $session->{args}->{IDLength};
24             }
25            
26             $session->{data}->{_session_id} =
27 33         455 substr(Digest::MD5::md5_hex(Digest::MD5::md5_hex(time(). {}. rand(). $$)), 0, $length);
28            
29            
30             }
31            
32             sub validate {
33             #This routine checks to ensure that the session ID is in the form
34             #we expect. This must be called before we start diddling around
35             #in the database or the disk.
36            
37 2     2 0 4 my $session = shift;
38            
39 2 100       14 if ($session->{data}->{_session_id} =~ /^([a-fA-F0-9]+)$/) {
40 1         5 $session->{data}->{_session_id} = $1;
41             } else {
42 1         10 die "Invalid session ID: ".$session->{data}->{_session_id};
43             }
44             }
45            
46             1;
47            
48             =pod
49            
50             =head1 NAME
51            
52             Apache::Session::Generate::MD5 - Use MD5 to create random object IDs
53            
54             =head1 SYNOPSIS
55            
56             use Apache::Session::Generate::MD5;
57            
58             $id = Apache::Session::Generate::MD5::generate();
59            
60             =head1 DESCRIPTION
61            
62             This module fulfills the ID generation interface of Apache::Session. The
63             IDs are generated using a two-round MD5 of a random number, the time since the
64             epoch, the process ID, and the address of an anonymous hash. The resultant ID
65             number is highly entropic on Linux and other platforms that have good
66             random number generators. You are encouraged to investigate the quality of
67             your system's random number generator if you are using the generated ID
68             numbers in a secure environment.
69            
70             This module can also examine session IDs to ensure that they are, indeed,
71             session ID numbers and not evil attacks. The reader is encouraged to
72             consider the effect of bogus session ID numbers in a system which uses
73             these ID numbers to access disks and databases.
74            
75             This modules takes one argument in the usual Apache::Session style. The
76             argument is IDLength, and the value, between 0 and 32, tells this module
77             where to truncate the session ID. Without this argument, the session ID will
78             be 32 hexadecimal characters long, equivalent to a 128-bit key.
79            
80             =head1 AUTHOR
81            
82             This module was written by Jeffrey William Baker .
83            
84             =head1 SEE ALSO
85            
86             L