Re: decrypt the posted content -- shell processes

[Randolf Richardson <ra...@modperl.pl>]

	You may want to consider using $r->spawn_proc_prog() instead of the 
system() function to spawn external processes -- I've had really good 
success with this in my projects:

		Apache2::SubProcess -- Executing SubProcesses under mod_perl
		https://perl.apache.org/docs/2.0/api/Apache2/SubProcess.html

	This will essentially do the same thing as system() for you, but 
it's part of mod_perl2.  It also conveniently returns a set of file 
handles that are immediately useful:

		my ($in_fh, $out_fh, $err_fh) = $r->spawn_proc_prog($command);

	Please also check the documentation (linked above) for variations on 
what can be returned, and details for adding command-line arguments.

	I hope this helps.

> On 20.11.2019 10:26, Tillman Peng wrote:
> > hello
> >
> > My client post the data body which is encrypted with public-key.
> > the private key is deployed in web server,powered by mp2.
> > How can I correctly decrypt the data with private key from within modperl handler?
> >
> 
> Hi.
> Do you have a separate command-line program on the server which can decrypt that content ?
> If yes : if you do not find an appropriate perl module to do this decryption, your 
> mod_perl handler can always execute that external program using the system() function.
> (See : https://perldoc.perl.org/5.30.0/functions/system.html)
> 
> General idea :
> - get the encrypted content from the request
> - write this encrypted content to a file in some appropriate work directory on the server
> - compose the external command that reads the encrypted data, and writes the decrypted 
> content to a file
> - execute that command with system()
> - check for errors
> - read the decrypted results file
> - clean up
> 
> If you end up using this method, and you are doing this from within an Apache/mod_perl 
> handler, you have to be extra careful about many aspects, such as :
> - catching any errors which may happen in the external program, and interpret them 
> correctly in the calling module.
> - logging the errors properly, so that if "it doesn't work", you can find out why
> - taking into account that your webserver may receive several simultaneous requests for 
> such content, and thus that there may be several instances of that external command 
> running at the same time (think about the temporary files that you may need, and make sure 
> that each instance uses its own unique files)
> - cleaning up after succesfully running the command
> - maybe selectively "not cleaning up" if there were any problems, so that you can inspect 
> what happened
> - check permissions (the external program will run under the same user-id as the 
> webserver, so whatever it writes, must be in a directory writeable by the webserver)
> - verify that the external command cannot be running for too long, causing the client to 
> time-out waiting for a response, and closing the connection to the webserver
> - make extra sure that the client cannot, through some malicious use of the parameters 
> that it sends to the server (e.g. filenames), result in damage on your server
> (e.g. system("program > /etc/passwd"))
> - etc.
> 
> If you prefer to use a perl module to do the decryption, you will have to look at what is 
> available on CPAN.  Most modules that relate to encryption/decryption are in the "Crypt" 
> namespace, such as : https://metacpan.org/search?q=crypt%3A%3A
> 
> 
> 


Randolf Richardson - randolf@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/