Jim Jagielski
Fri, 06 Jun 2008 09:32:26 -0700
On Jun 6, 2008, at 10:47 AM, Joe Orton wrote:
On Sat, May 31, 2008 at 12:00:55AM +0200, Ruediger Pluem wrote:On 05/30/2008 01:49 PM, [EMAIL PROTECTED] wrote:URL: http://svn.apache.org/viewvc?rev=661666&view=rev Log: Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)...@@ -619,6 +622,27 @@ } } +/* post_config hook: */ +static int balancer_init(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) +{...+ + apr_uuid_get(&balancer_nonce);Why don't we do apr_uuid_format already here and store the string directly?Sorry I didn't get to this sooner! No reason at all - I've changed the code as you suggested in r663967; thanks for the review. (Since this is not performance critical code I think the 2.2.x backport is fine as- is)
I'll propose after some testing, so if we have time before the T&R, we could possibly get it in.