On Wed, Sep 05, 2001 at 02:42:14AM -0000, [EMAIL PROTECTED] wrote:
> marcsaeg 01/09/04 19:42:14
>
> Modified: src/share/org/apache/tomcat/startup Tag: tomcat_32
> Tomcat.java
> src/share/org/apache/tomcat/util Tag: tomcat_32
> SessionIdGenerator.java
> Log:
> Switch back to the default PRNG seed generator to avoid security weakness
> in the manual seed generator. The PRNG is now initialized when the container
> starts so that we don't take the hit on the first request.
>
> Submitted by: Kevin E. Fu ([EMAIL PROTECTED])
Does this prevent Tomcat from accepting requests until after the PRNG is
initialized? If so, IMHO Tomcat should accept requests ASAP, even if it can't
completely serve them until the PRNG is accepted. Isn't that better than
rejecting requests?
-Dave
