Reviewed: https://reviews.mahara.org/843 Committed: http://gitorious.org/mahara/mahara/commit/c7a0ed9a19097fa7154b446a4415d02f34015a42 Submitter: Hugh Davenport (h...@catalyst.net.nz) Branch: master
commit c7a0ed9a19097fa7154b446a4415d02f34015a42 Author: Francois Marier <franc...@catalyst.net.nz> Date: Fri Nov 11 15:03:18 2011 +1300 Add admin warning for entropy_length (bug #888424) This is based on an OWASP recommendation and corresponds to 128 bits of entropy. https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Properties Change-Id: Ie47779d586c39bc339728e4772467407fac90ee4 Signed-off-by: Francois Marier <franc...@catalyst.net.nz> -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. https://bugs.launchpad.net/bugs/888424 Title: Warn admins if session.entropy_length is < 16 Status in Mahara ePortfolio: In Progress Bug description: The session.entropy_length variable in php.ini controls how much entropy is used when generating session keys: http://nz.php.net/manual/en/session.configuration.php#ini.session .entropy-length OWASP recommends that session keys contain at least 128 bits (16 bytes) of entropy so we should print a warning on the admin page to let admins know that they should set this variable to a larger number (it unfortunately defaults to 0). To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/888424/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp