You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2014/03/10 23:11:19 UTC
svn commit: r1576107 - in /tomcat/tc7.0.x/trunk: ./
java/org/apache/catalina/session/package.html
webapps/docs/funcspecs/fs-admin-objects.xml webapps/docs/security-howto.xml
Author: rjung
Date: Mon Mar 10 22:11:19 2014
New Revision: 1576107
URL: http://svn.apache.org/r1576107
Log:
Entropy attribute for Manager gone since TC 7.
Backport of r1576104 from trunk.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/package.html
tomcat/tc7.0.x/trunk/webapps/docs/funcspecs/fs-admin-objects.xml
tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1576104
Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/package.html
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/package.html?rev=1576107&r1=1576106&r2=1576107&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/package.html (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/session/package.html Mon Mar 10 22:11:19 2014
@@ -39,9 +39,6 @@ setting the following properties:</p>
a session attribute object that does not implement the
<code>java.io.Serializable</code> interface will be rejected.
[false]</li>
-<li><b>entropy</b> - A string initialization parameter that is used to
- increase the entropy of the seeding of the random number generator
- used in creation of session identifiers. [NONE]</li>
<li><b>maxInactiveInterval</b> - The default maximum inactive interval,
in minutes, for sessions created by this Manager. The standard
implementation automatically updates this value based on the configuration
Modified: tomcat/tc7.0.x/trunk/webapps/docs/funcspecs/fs-admin-objects.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/funcspecs/fs-admin-objects.xml?rev=1576107&r1=1576106&r2=1576107&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/funcspecs/fs-admin-objects.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/funcspecs/fs-admin-objects.xml Mon Mar 10 22:11:19 2014
@@ -397,10 +397,6 @@ Operations</a> that can be performed whe
<li><code>checkInterval</code> - Number of seconds between checks for
expired sessions. [60]</li>
<li><code>debug</code> - Debugging detail level. [0]</li>
- <li><code>entropy</code> - String initialization parameter used to increase
- the entropy (initial randomness) of the random number generator used to
- create session identifiers. [Inferred from engine, host, and context]
- </li>
<li><code>maxActiveSessions</code> - The maximum number of active sessions
that are allowed, or -1 for no limit. [-1]</li>
</ul>
Modified: tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml?rev=1576107&r1=1576106&r2=1576107&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Mon Mar 10 22:11:19 2014
@@ -389,12 +389,6 @@ server.info=Apache Tomcat/7.0.x
<subsection name="Manager">
<p>The manager component is used to generate session IDs.</p>
- <p>The default <strong>entropy</strong> value has been shown to generate predictable values
- under certain conditions. For more secure session generation, this should
- be set to a long string. This is done automatically if the APR/native
- library is installed; a random value will be obtained from the APR/native
- library.</p>
-
<p>The class used to generate random session IDs may be changed with
the <strong>randomClass</strong> attribute.</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org