Hi,
OK, I have nailed down a second major headache I suffered from last week:
authentication keys for server generated emails which did appear to be not
as random as I hoped.
It seems that within Apache::ASP (probably mod_perl) the pseudo random
number generator (rand) is not reinitialized (srand) when Apache forks a new
process, so each child generates the same sequence of numbers using rand. In
Apache::ASP 2.03, I can see
/usr/lib/perl5/site_perl/5.6.0/Apache/ASP.pm 510:
# Ken said no need for seed ;)
# unless($Apache::ASP::RandSeed) {
# my $seed = $$.time;
# $self->Debug("seed srand with $seed");
# srand($seed);
# $Apache::ASP::RandSeed = 1;
# }
commented out. It's not the first time I hear that playing around with srand
is bad, even perlfunc mentions that. Can anybody explain to me the reason?
Shouldn't this srand thing actually be done somewhere in mod_perl?
Test page is at http://194.109.252.12/test/random.asp , running
Apache/1.3.12 (Unix) mod_perl/1.24 on Linux 2.4.0-test8, perl5.6.0.
MaxRequestPerChild is set to 10, so it won't take too long.
Ime
