Cliff Woolley wrote:
On Sun, 16 Jun 2002 [email protected] wrote:
on unix platforms, apr shipped with httpd 2.0.36 asks for truely-
random number (/dev/random) instead of so-so random number
(/dev/urandom). question: is it really necessary to require
/dev/random instead of /dev/urandom? if not, does the following patch
make sense?
We already had a big debate about this. We decided it's best not to pick
the least secure option by default, so the patch below (which I already
wrote :), isn't the way to go. Instead, I overhauled that whole system so
you can specify with a ./configure argument which one you want. It will
be part of 2.0.38.
I still say it should be runtime configurable.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
