Reliability of Apache::Htpasswd

George_Sherston has asked for the wisdom of the Perl Monks concerning the following question:

I'm using this module for security purposes. BUT - I wanted to do a little benchmarking on htpasswd to see how much it slows down with a *lot* of users, so I wanted to set up 100,000 user / pwd combinations. So I wrote a wee script with Apache::Htpasswd that does

my $htp = new Apache::Htpasswd;("/home/httpd/conf/.htptestaccess")
my $User = 1;
while ($User <= 100000) {
    my $pass = new String::Random;
    my $PassWord = $pass->randpattern("Cccccnn");
    $htp->htpasswd("User_" . $User, $PassWord);
    $User ++;
}
[download]

... which works fine for a couple of thousand user / pass combos, but then falls over for no readily-apparent reason.

Then I replaced the $htp->htpasswd call with

    system 'htpasswd', '-b', '-m', '/home/httpd/conf/.htptestaccess', 
+$User, $PassWord;
[download]

... and now it's sweet as a nut, still chuntering away as I write this (it's up to 18,214 users, going strong).

Now, I recognise that these are not circumstances that are ever going to arise in real life: but still, this doesn't inspire confidence. I wonder if anyone else has had similar experience of Apache::Htpasswd and can either confirm or deny my uneasiness about it.

Perhaps I'm doing the module an injustice, and it's something else I'm doing wrong that's causing it to fail. But I'd like to have some reason to believe that it's not going to fall over in normal use, one time in two or three thousand calls, as it seems to do in this unusual situation.

§ George Sherston

Comment on Reliability of Apache::Htpasswd Select or Download Code

Replies are listed 'Best First'.
Re (tilly) 1: Reliability of Apache::Htpasswd by tilly (Archbishop) on Mar 02, 2002 at 22:13 UTC
Please define "falls over". As for handling a large number of users, please note that the htpasswd/htgroup files scale linearly with the number of users. If you think you will have a lot of users, you are strongly advised to use an alternate method of storing users. Such as dbmauth. Furthermore there are bugs in Apache when the group file gets to have lines that are too long. (I saw problems at 2048 bytes.) If you are using Apache with that many users in a group, you may need to split individual groups across lines.	[reply]
Re: Re (tilly) 1: Reliability of Apache::Htpasswd by George_Sherston (Vicar) on Mar 02, 2002 at 22:22 UTC
'falls over' ... I just had this conversation with Kanji - he rightly asked the same q. And to my shame, I don't know. I came to Perl as a CGI language and am only just starting to use it for anything else, so (a) my default is always to write my scripts as CGIs and (b) I get all my error info from CGI::Carp. Just now was the first time since I rented my current server that I tried to look up my error logs... and I don't have any! So all I know is that I get a Server Error page in mid-flight - and when I check, I find my script wrote a thousand or so entries in the pwd file. Sorry not to be more informational. I'll fix up the logs and run it again. § George Sherston	[reply]
Re: Re: Re (tilly) 1: Reliability of Apache::Htpasswd by virtualsue (Vicar) on Mar 03, 2002 at 20:30 UTC
Your script is taking too long to complete and triggering a timeout from the webserver. I recommend that you not run this load test as a CGI. :)	[reply]