Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^4: Debugging cgi-bin script

by Anonymous Monk
on Jan 06, 2013 at 09:10 UTC ( #1011856=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Debugging cgi-bin script
in thread Debugging cgi-bin script

Designing your own random number generator in a high-level language is a terrible, terrible idea.

:) FWIW, merlyn didn't design it, he copied from the fallback Apache::Session::Generate::MD5

I don't know from entrophy and randomness, but this isn't encryption we're dealing with, no authentication or authorization, no financial transactions -- if the attacker has access to the application, guessing doesn't get him anything he didn't already have access to

You might like Re^3: Randomness encountered with CGI Session where afoken talks bits

FYI/FMI Session::Token - Portable, secure, efficient, simple random session token generation that satisfies those OWASP recommendations


Comment on Re^4: Debugging cgi-bin script

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1011856]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (6)
As of 2015-07-28 02:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (251 votes), past polls