You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by rj...@apache.org on 2014/03/10 23:02:10 UTC

svn commit: r1576104 - in /tomcat/trunk: java/org/apache/catalina/session/package.html java/org/apache/catalina/storeconfig/server-registry.xml webapps/docs/funcspecs/fs-admin-objects.xml webapps/docs/security-howto.xml

Author: rjung
Date: Mon Mar 10 22:02:09 2014
New Revision: 1576104

URL: http://svn.apache.org/r1576104
Log:
Entropy attribute for Manager gone since TC 7.

Modified:
    tomcat/trunk/java/org/apache/catalina/session/package.html
    tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
    tomcat/trunk/webapps/docs/funcspecs/fs-admin-objects.xml
    tomcat/trunk/webapps/docs/security-howto.xml

Modified: tomcat/trunk/java/org/apache/catalina/session/package.html
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/package.html?rev=1576104&r1=1576103&r2=1576104&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/package.html (original)
+++ tomcat/trunk/java/org/apache/catalina/session/package.html Mon Mar 10 22:02:09 2014
@@ -39,9 +39,6 @@ setting the following properties:</p>
     a session attribute object that does not implement the
     <code>java.io.Serializable</code> interface will be rejected.
     [false]</li>
-<li><b>entropy</b> - A string initialization parameter that is used to
-    increase the entropy of the seeding of the random number generator
-    used in creation of session identifiers.  [NONE]</li>
 <li><b>maxInactiveInterval</b> - The default maximum inactive interval,
     in minutes, for sessions created by this Manager.  The standard
     implementation automatically updates this value based on the configuration

Modified: tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml?rev=1576104&r1=1576103&r2=1576104&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml (original)
+++ tomcat/trunk/java/org/apache/catalina/storeconfig/server-registry.xml Mon Mar 10 22:02:09 2014
@@ -118,7 +118,6 @@
         default="false"
         tagClass="org.apache.catalina.Manager"
         storeFactoryClass="org.apache.catalina.storeconfig.ManagerSF">
-        <TransientAttribute>entropy</TransientAttribute>
         <TransientAttribute>distributable</TransientAttribute>
     </Description>
     <Description
@@ -128,7 +127,6 @@
         children="true"
         tagClass="org.apache.catalina.session.PersistentManager"
         storeFactoryClass="org.apache.catalina.storeconfig.PersistentManagerSF">
-        <TransientAttribute>entropy</TransientAttribute>
         <TransientAttribute>distributable</TransientAttribute>
      </Description>
      <Description

Modified: tomcat/trunk/webapps/docs/funcspecs/fs-admin-objects.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/funcspecs/fs-admin-objects.xml?rev=1576104&r1=1576103&r2=1576104&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/funcspecs/fs-admin-objects.xml (original)
+++ tomcat/trunk/webapps/docs/funcspecs/fs-admin-objects.xml Mon Mar 10 22:02:09 2014
@@ -397,10 +397,6 @@ Operations</a> that can be performed whe
   <li><code>checkInterval</code> - Number of seconds between checks for
       expired sessions.  [60]</li>
   <li><code>debug</code> - Debugging detail level.  [0]</li>
-  <li><code>entropy</code> - String initialization parameter used to increase
-      the entropy (initial randomness) of the random number generator used to
-      create session identifiers.  [Inferred from engine, host, and context]
-      </li>
   <li><code>maxActiveSessions</code> - The maximum number of active sessions
       that are allowed, or -1 for no limit.  [-1]</li>
   </ul>

Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1576104&r1=1576103&r2=1576104&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Mon Mar 10 22:02:09 2014
@@ -386,12 +386,6 @@
     <subsection name="Manager">
       <p>The manager component is used to generate session IDs.</p>
 
-      <p>The default <strong>entropy</strong> value has been shown to generate predictable values
-      under certain conditions. For more secure session generation, this should
-      be set to a long string. This is done automatically if the APR/native
-      library is installed; a random value will be obtained from the APR/native
-      library.</p>
-
       <p>The class used to generate random session IDs may be changed with
       the <strong>randomClass</strong> attribute.</p>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org