----- Original Message -----
From: "Peter Huber" <[EMAIL PROTECTED]>
> If one uses java.secure.SecureRandom to generate Session IDs then
> the very first creation of a such a secure random requires a hugh
> amount of time! But then it's quite fast! (I think tomcat does use
> this approach!)
You are correct. It does use it.
The server.xml of Tomcat says this
You can also specify a "randomClass" attribute,
which determines a subclass of java.util.Random
will be used for generating session IDs.
By default this is "java.security.SecureRandom".
Specifying "java.util.Random" will speed up
Tomcat startup, but it will cause sessions to be
less secure.
Regds,
Gokul
>
> Peter
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
