Gregory Robert R F IT44 wrote:
Hi,
I am running tomcat 4.1.23 and cocoon 2.1.3.
I have a number of web applications that use the cocoon session module,
and as part of a security audit I have been asked the following question :
'... it is absoluteley necessary to generate cryptographically strong
session parameters. This means that the use of cryptographically proven
random number generators with at least 128 bit session-ID is advised'
Could anyone tell me if the above statement is satisfied ?
It is my understanding that Cocoon makes use of the servlet container
(Tomcat) to create session IDs. So, configure Tomcat correctly, and
Cocoon will be conformant.
Hope that helps.
Regards, Upayavira
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
