Chris McDonough writes: > The random element of the token is currently five characters. I may > need to "up" this. The secure cookie requirement is already reflected > in the use cases and in the current implementation. Anybody have any > other bright ideas about how to make session tokens harder to guess? Hash them as GUF does. Dieter _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
- [Zope-dev] CoreSessionTracking proposal Dieter Maurer
- [Zope-dev] Re: CoreSessionTracking proposal Chris McDonough
- [Zope-dev] Re: CoreSessionTracking proposal Dieter Maurer
- Re: [Zope-dev] Re: CoreSessionTracking propos... Chris McDonough
- Re: [Zope-dev] Re: CoreSessionTracking pr... Chris McDonough
- Re: [Zope-dev] CoreSessionTracking proposal Phillip J. Eby
- Re: [Zope-dev] CoreSessionTracking proposal Chris McDonough
- Re: [Zope-dev] CoreSessionTracking proposal Phillip J. Eby
- Re: [Zope-dev] CoreSessionTracking proposal Chris McDonough
- Re: [Zope-dev] CoreSessionTracking proposal Chris McDonough
- Re: [Zope-dev] CoreSessionTracking proposal Dieter Maurer
- Re: [Zope-dev] CoreSessionTracking propos... Chris McDonough
- Re: [Zope-dev] CoreSessionTracking proposal Dieter Maurer
- Re: [Zope-dev] CoreSessionTracking proposal Chris McDonough