You may want to consider using $r->spawn_proc_prog() instead of the
system() function to spawn external processes -- I've had really good
success with this in my projects:
Apache2::SubProcess -- Executing SubProcesses under mod_perl
https://perl.apache.org/docs/2.0/api/Apache2/SubProcess.html
This will essentially do the same thing as system() for you, but
it's part of mod_perl2. It also conveniently returns a set of file
handles that are immediately useful:
my ($in_fh, $out_fh, $err_fh) = $r->spawn_proc_prog($command);
Please also check the documentation (linked above) for variations on
what can be returned, and details for adding command-line arguments.
I hope this helps.
> On 20.11.2019 10:26, Tillman Peng wrote:
> > hello
> >
> > My client post the data body which is encrypted with public-key.
> > the private key is deployed in web server,powered by mp2.
> > How can I correctly decrypt the data with private key from within modperl
> > handler?
> >
>
> Hi.
> Do you have a separate command-line program on the server which can decrypt
> that content ?
> If yes : if you do not find an appropriate perl module to do this decryption,
> your
> mod_perl handler can always execute that external program using the system()
> function.
> (See : https://perldoc.perl.org/5.30.0/functions/system.html)
>
> General idea :
> - get the encrypted content from the request
> - write this encrypted content to a file in some appropriate work directory
> on the server
> - compose the external command that reads the encrypted data, and writes the
> decrypted
> content to a file
> - execute that command with system()
> - check for errors
> - read the decrypted results file
> - clean up
>
> If you end up using this method, and you are doing this from within an
> Apache/mod_perl
> handler, you have to be extra careful about many aspects, such as :
> - catching any errors which may happen in the external program, and interpret
> them
> correctly in the calling module.
> - logging the errors properly, so that if "it doesn't work", you can find out
> why
> - taking into account that your webserver may receive several simultaneous
> requests for
> such content, and thus that there may be several instances of that external
> command
> running at the same time (think about the temporary files that you may need,
> and make sure
> that each instance uses its own unique files)
> - cleaning up after succesfully running the command
> - maybe selectively "not cleaning up" if there were any problems, so that you
> can inspect
> what happened
> - check permissions (the external program will run under the same user-id as
> the
> webserver, so whatever it writes, must be in a directory writeable by the
> webserver)
> - verify that the external command cannot be running for too long, causing
> the client to
> time-out waiting for a response, and closing the connection to the webserver
> - make extra sure that the client cannot, through some malicious use of the
> parameters
> that it sends to the server (e.g. filenames), result in damage on your server
> (e.g. system("program > /etc/passwd"))
> - etc.
>
> If you prefer to use a perl module to do the decryption, you will have to
> look at what is
> available on CPAN. Most modules that relate to encryption/decryption are in
> the "Crypt"
> namespace, such as : https://metacpan.org/search?q=crypt%3A%3A
>
>
>
Randolf Richardson - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
