On Jun 6, 2008, at 10:47 AM, Joe Orton wrote:
On Sat, May 31, 2008 at 12:00:55AM +0200, Ruediger Pluem wrote:
On 05/30/2008 01:49 PM, [EMAIL PROTECTED] wrote:
URL: http://svn.apache.org/viewvc?rev=661666&view=rev
Log:
Prevent CSRF attacks against the balancer-manager (CVE-2007-6420)
...
@@ -619,6 +622,27 @@
}
}
+/* post_config hook: */
+static int balancer_init(apr_pool_t *p, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *s)
+{
...
+
+ apr_uuid_get(&balancer_nonce);
Why don't we do apr_uuid_format already here and store the string
directly?
Sorry I didn't get to this sooner! No reason at all - I've changed
the
code as you suggested in r663967; thanks for the review. (Since
this is
not performance critical code I think the 2.2.x backport is fine as-
is)
I'll propose after some testing, so if we have time before
the T&R, we could possibly get it in.
