On Wed, Sep 5, 2012 at 11:57 AM, Jim Jagielski <j...@jagunet.com> wrote: > FWIW, I have time this week to impl this... > > Feedback/Concerns?
I still want to know what the "nonce" is actually for! Are you going to make me read the code and guess? > > On Sep 1, 2012, at 11:47 AM, Jim Jagielski <j...@jagunet.com> wrote: > >> Another alternative would be to have the nonce also possibly >> set at config-time and, if unset, then use the uuid. That way >> it could also be used as a sort of shared-secret ;) >> >> ProxySet nonce="applepie!" >> >> Longer term, I think that's a more "strategic" solution. >> >> On Aug 31, 2012, at 2:14 PM, Stefan Fritsch <s...@sfritsch.de> wrote: >> >>> On Friday 31 August 2012, Eric Covener wrote: >>>> I'm fighting a problem on new releases of AIX where in some >>>> environments, /dev/random seems to run out of entropy way too >>>> quick. >>>> >>>> I'd like a way to suppress the apr_uuid_get-> >>>> apr_generate_random_bytes() in mod_proxy_balancer used for the >>>> balancer-manager nonce in affected environments. >>>> >>>> I was thinking a global "BalancerManager off" could be used for >>>> this and would also have the upside of fixing the SetHandler >>>> htaccess problem. >>>> >>>> Alternatives would be to find a weaker source for the nonce, or >>>> allow tto opt out / use a hard-coded one. >>>> >>>> Any suggestions? >>> >>> For 2.4, you could use ap_random_insecure_bytes(). It should be good >>> enough for a nonce. >>> >>> If you add a "BalancerManager off", it should be per directory, or at >>> least per vhost. Otherwise it would not help that much with the >>> SetHandler htaccess problem. >>> >> >
