Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re^4: Debugging cgi-bin script

by Anonymous Monk
on Jan 06, 2013 at 09:10 UTC ( #1011856=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Debugging cgi-bin script
in thread Debugging cgi-bin script

Designing your own random number generator in a high-level language is a terrible, terrible idea.

:) FWIW, merlyn didn't design it, he copied from the fallback Apache::Session::Generate::MD5

I don't know from entrophy and randomness, but this isn't encryption we're dealing with, no authentication or authorization, no financial transactions -- if the attacker has access to the application, guessing doesn't get him anything he didn't already have access to

You might like Re^3: Randomness encountered with CGI Session where afoken talks bits

FYI/FMI Session::Token - Portable, secure, efficient, simple random session token generation that satisfies those OWASP recommendations


Comment on Re^4: Debugging cgi-bin script

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1011856]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (8)
As of 2014-12-25 00:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (159 votes), past polls