Warn admins if session.entropy_length is < 16
Bug #888424 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
François Marier |
Bug Description
The session.
http://
OWASP recommends that session keys contain at least 128 bits (16 bytes) of entropy so we should print a warning on the admin page to let admins know that they should set this variable to a larger number (it unfortunately defaults to 0).
tags: | added: bite-sized |
Changed in mahara: | |
assignee: | nobody → François Marier (fmarier) |
Changed in mahara: | |
status: | In Progress → Fix Committed |
tags: | added: newfeature |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
https:/ /reviews. mahara. org/843