Hi all,
I'm running the latest release of MP2 on FreeBSD 5.3 (more details below). One part of my site takes a user's password submitted from a form, encrypts it using MD5, and stores that encrypted value in my database (Postgres 7.4.7). Sometimes it works, sometimes it doesn't. When it doesn't work, the Apache log file reports:
[Sun Feb 13 11:51:52 2005] ...blah blah blah
(in cleanup) Not a reference to a Digest::MD5 object.
[Sun Feb 13 11:51:52 2005] [error] [client 192.168.0.6] \t(in cleanup) Not a ref
erence to a Digest::MD5 object.\n, referer: https://192.168.0.3/CHANGEMYDETAILS
Insecure dependency in open while running setgid.
Does anyone know offhand what is going on here? I think the problem could probably relate to the MD5 hashing perl subroutine that I use, partly because the log mentions a problem with an MD5 object, and partly because when I replace it with a dummy subroutine that just returns a hardcoded string, the errors do not seem to arise. I can't be sure that this is the problem, however, because as I say, even with the real subroutine being called, sometimes it works, sometimes it doesn't. Anyway, the code I use for that subroutine is:
# based loosely on code in the Eagle book, p.217
sub make_db_MAC {
# NB1 '' = the empty string i.e. two single quotes
# NB2 DBSECRET is declared as a constant (i.e. use constant DBSECRET => '...';)
my ($interim) = MD5->hexhash(join('', DBSECRET, @_));
my ($db_mac) = MD5->hexhash(DBSECRET . $interim);
return $db_mac;
}
One last piece of information. When it doesn't work, most browsers do nothing. Safari in OSX, however, reports:
The error was: “bad server response” (NSURLErrorDomain:-1011)
Any suggestions most gratefully received (I've been working on this for hours already.)
Geoff Ferrari
[Further Info]
The list of packages and ports I have installed on FreeBSD 5.3 is:
apache-2.0.53 Version 2 of Apache web server with prefork MPM.
apg-2.3.0b An automated password generator
autoconf-2.59_2 Automatically configure source code on many Un*x platforms
bash-3.0.16_1 The GNU Project's Bourne Again SHell
bsdpan-Apache-AuthCookie-3.06 Apache::AuthCookie - Perl Authentication and Authorization
cvsup-without-gui-16.1h General network file distribution system optimized for CVS
ddclient-3.6.5 Update dynamic DNS entries
expat-1.95.8 XML 1.0 parser written in C
fastest_cvsup-0.2.9 Finds fastest CVSup server
gettext-0.14.1 GNU gettext package
gmake-3.80_2 GNU version of 'make' utility
help2man-1.34.2 Automatically generating simple manual pages from program o
libiconv-1.9.2_1 A character set conversion library
libtool-1.3.5_2 Generic shared library support script (version 1.3)
libtool-1.5.10 Generic shared library support script (version 1.5)
lynx-ssl-2.8.5 A non-graphical, text-based World-Wide Web client with SSL
m4-1.4.1 GNU m4
mod_perl2-2.0.0r3 Embeds a Perl interpreter in the Apache2 server
openssl-0.9.7e_2 SSL and crypto library
p5-Apache-DBI-0.94 DBI persistent connection, authentication and authorization
p5-CGI.pm-3.05,1 Simple Common Gateway Interface Class for Perl
p5-Crypt-CBC-2.12 Perl5 interface to Cipher Block Chaining with DES and IDEA
p5-Crypt-IDEA-1.02 Perl5 interface to IDEA block cipher
p5-DBD-Pg-1.32_1 Provides access to PostgreSQL databases through the DBI
p5-DBI-1.47 The perl5 Database Interface. Required for DBD::* modules
p5-ExtUtils-XSBuilder-0.27 Autogenerating XS-glue Code
p5-HTML-Parser-3.45 Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.04 Some useful data table in parsing HTML
p5-HTML-Template-2.7 Perl module to use HTML Templates from CGI scripts
p5-MD5-2.03 Perl5 interface to MD5 Message-Digest Algorithm
p5-Parse-RecDescent-1.94 A recursive descent parsing framework for Perl
p5-Text-Balanced-1.95 Text::Balanced - extract delimited text sequences from stri
p5-Tie-IxHash-1.21 Perl module implementing ordered in-memory associative arra
p5-URI-1.35 Perl5 interface to Uniform Resource Identifier (URI) refere
p5-gettext-1.03 Message handling functions
p5-libapreq2-2.04r03 Generic Apache2 Request Library
p5-libwww-5.79_1 Perl5 library for WWW access
perl-5.8.6_2 Practical Extraction and Report Language
portupgrade-20041226_1 FreeBSD ports/packages administration and management tool s
postgresql-client-7.4.7 PostgreSQL database (client)
postgresql-docs-7.4.7 The PostgreSQL documentation set
postgresql-server-7.4.7 The most advanced open-source database available anywhere
ruby-1.8.2_2 An object-oriented interpreted scripting language
ruby18-bdb1-0.2.2 Ruby interface to Berkeley DB revision 1.8x with full featu
