You may want to consider using $r->spawn_proc_prog() instead of the system() function to spawn external processes -- I've had really good success with this in my projects:
Apache2::SubProcess -- Executing SubProcesses under mod_perl https://perl.apache.org/docs/2.0/api/Apache2/SubProcess.html This will essentially do the same thing as system() for you, but it's part of mod_perl2. It also conveniently returns a set of file handles that are immediately useful: my ($in_fh, $out_fh, $err_fh) = $r->spawn_proc_prog($command); Please also check the documentation (linked above) for variations on what can be returned, and details for adding command-line arguments. I hope this helps. > On 20.11.2019 10:26, Tillman Peng wrote: > > hello > > > > My client post the data body which is encrypted with public-key. > > the private key is deployed in web server,powered by mp2. > > How can I correctly decrypt the data with private key from within modperl > > handler? > > > > Hi. > Do you have a separate command-line program on the server which can decrypt > that content ? > If yes : if you do not find an appropriate perl module to do this decryption, > your > mod_perl handler can always execute that external program using the system() > function. > (See : https://perldoc.perl.org/5.30.0/functions/system.html) > > General idea : > - get the encrypted content from the request > - write this encrypted content to a file in some appropriate work directory > on the server > - compose the external command that reads the encrypted data, and writes the > decrypted > content to a file > - execute that command with system() > - check for errors > - read the decrypted results file > - clean up > > If you end up using this method, and you are doing this from within an > Apache/mod_perl > handler, you have to be extra careful about many aspects, such as : > - catching any errors which may happen in the external program, and interpret > them > correctly in the calling module. > - logging the errors properly, so that if "it doesn't work", you can find out > why > - taking into account that your webserver may receive several simultaneous > requests for > such content, and thus that there may be several instances of that external > command > running at the same time (think about the temporary files that you may need, > and make sure > that each instance uses its own unique files) > - cleaning up after succesfully running the command > - maybe selectively "not cleaning up" if there were any problems, so that you > can inspect > what happened > - check permissions (the external program will run under the same user-id as > the > webserver, so whatever it writes, must be in a directory writeable by the > webserver) > - verify that the external command cannot be running for too long, causing > the client to > time-out waiting for a response, and closing the connection to the webserver > - make extra sure that the client cannot, through some malicious use of the > parameters > that it sends to the server (e.g. filenames), result in damage on your server > (e.g. system("program > /etc/passwd")) > - etc. > > If you prefer to use a perl module to do the decryption, you will have to > look at what is > available on CPAN. Most modules that relate to encryption/decryption are in > the "Crypt" > namespace, such as : https://metacpan.org/search?q=crypt%3A%3A > > > Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Beautiful British Columbia, Canada https://www.inter-corporate.com/