Reviewed: https://reviews.mahara.org/843
Committed:
http://gitorious.org/mahara/mahara/commit/c7a0ed9a19097fa7154b446a4415d02f34015a42
Submitter: Hugh Davenport (h...@catalyst.net.nz)
Branch: master
commit c7a0ed9a19097fa7154b446a4415d02f34015a42
Author: Francois Marier <franc...@catalyst.net.nz>
Date: Fri Nov 11 15:03:18 2011 +1300
Add admin warning for entropy_length (bug #888424)
This is based on an OWASP recommendation and corresponds to 128
bits of entropy.
https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Properties
Change-Id: Ie47779d586c39bc339728e4772467407fac90ee4
Signed-off-by: Francois Marier <franc...@catalyst.net.nz>
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/888424
Title:
Warn admins if session.entropy_length is < 16
Status in Mahara ePortfolio:
In Progress
Bug description:
The session.entropy_length variable in php.ini controls how much
entropy is used when generating session keys:
http://nz.php.net/manual/en/session.configuration.php#ini.session
.entropy-length
OWASP recommends that session keys contain at least 128 bits (16
bytes) of entropy so we should print a warning on the admin page to
let admins know that they should set this variable to a larger number
(it unfortunately defaults to 0).
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/888424/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : mahara-contributors@lists.launchpad.net
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
