[Mono-bugs] [Bug 50009][Wis] New - Session IDs are predicatble
bugzilla-daemon@bugzilla.ximian.com
bugzilla-daemon@bugzilla.ximian.com
Wed, 22 Oct 2003 14:08:16 -0400 (EDT)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by jackson@ximian.com.
http://bugzilla.ximian.com/show_bug.cgi?id=50009
--- shadow/50009 2003-10-22 14:08:16.000000000 -0400
+++ shadow/50009.tmp.15675 2003-10-22 14:08:16.000000000 -0400
@@ -0,0 +1,23 @@
+Bug#: 50009
+Product: Mono/Class Libraries
+Version: unspecified
+OS:
+OS Details:
+Status: NEW
+Resolution:
+Severity:
+Priority: Wishlist
+Component: System.Web
+AssignedTo: jackson@ximian.com
+ReportedBy: jackson@ximian.com
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL:
+Cc:
+Summary: Session IDs are predicatble
+
+We are using GUIDs for our session ids which makes session id values
+predictable. According to this article:
+http://www.informit.com/isapi/product_id~%7BCD436BF0-C418-43C8-9324-7579DA60B795%7D/element_id~%7B368C7EF7-C523-470C-B187-41271A5C52E5%7D/st~%7BD06674E4-4033-4F5E-85D4-5D32A6FD7B71%7D/content/articlex.asp
+we should create 15 byte arrays using RNGCryptoServiceProvider and then
+encode those values into 24 character strings.