I assumed it would - but just wanted to check. Didn't fancy digging through the source - just a novice with Java.
Thanks, Rob. -----Original Message----- From: Upayavira [mailto:[EMAIL PROTECTED] Sent: 13 September 2005 14:25 To: [email protected] Subject: Re: Security Question Gregory Robert R F IT44 wrote: > Hi, > > I am running tomcat 4.1.23 and cocoon 2.1.3. > I have a number of web applications that use the cocoon session module, > and as part of a security audit I have been asked the following question : > > '... it is absoluteley necessary to generate cryptographically strong > session parameters. This means that the use of cryptographically proven > random number generators with at least 128 bit session-ID is advised' > > Could anyone tell me if the above statement is satisfied ? It is my understanding that Cocoon makes use of the servlet container (Tomcat) to create session IDs. So, configure Tomcat correctly, and Cocoon will be conformant. Hope that helps. Regards, Upayavira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Registered office: Ruston House, Waterside South, Lincoln LN5 7FD, England Registered no: 4729734 This email contains confidential information and is for the exclusive use of the addressee. If you are not the addressee, then any distribution, copying or use of this email is prohibited. If received in error, please advise the sender and delete immediately. We accept no liability for any loss or damage suffered by any person arising from use of this email. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
