[Mono-bugs] [Bug 50009][Wis] New - Session IDs are predicatble

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Wed, 22 Oct 2003 14:08:16 -0400 (EDT)

Previous message: [Mono-bugs] [Bug 49927][Maj] Changed - RangeValidator results in exception
Next message: [Mono-bugs] [Bug 50010][Wis] New - cookieless session managment is not implemented
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by jackson@ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=50009

--- shadow/50009	2003-10-22 14:08:16.000000000 -0400
+++ shadow/50009.tmp.15675	2003-10-22 14:08:16.000000000 -0400
@@ -0,0 +1,23 @@
+Bug#: 50009
+Product: Mono/Class Libraries
+Version: unspecified
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Wishlist
+Component: System.Web
+AssignedTo: jackson@ximian.com                            
+ReportedBy: jackson@ximian.com               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Session IDs are predicatble
+
+We are using GUIDs for our session ids which makes session id values
+predictable. According to this article:
+http://www.informit.com/isapi/product_id~%7BCD436BF0-C418-43C8-9324-7579DA60B795%7D/element_id~%7B368C7EF7-C523-470C-B187-41271A5C52E5%7D/st~%7BD06674E4-4033-4F5E-85D4-5D32A6FD7B71%7D/content/articlex.asp
+we should create 15 byte arrays using RNGCryptoServiceProvider and then
+encode those values into 24 character strings.

Previous message: [Mono-bugs] [Bug 49927][Maj] Changed - RangeValidator results in exception
Next message: [Mono-bugs] [Bug 50010][Wis] New - cookieless session managment is not implemented
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]