httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: how to avoid balancer manager nonce?
Date Sat, 01 Sep 2012 15:47:44 GMT
Another alternative would be to have the nonce also possibly
set at config-time and, if unset, then use the uuid. That way
it could also be used as a sort of shared-secret ;)

	ProxySet nonce="applepie!"

Longer term, I think that's a more "strategic" solution.

On Aug 31, 2012, at 2:14 PM, Stefan Fritsch <sf@sfritsch.de> wrote:

> On Friday 31 August 2012, Eric Covener wrote:
>> I'm fighting a problem on new releases of AIX where in some
>> environments, /dev/random seems to run out of entropy way too
>> quick.
>> 
>> I'd like a way to suppress the apr_uuid_get->
>> apr_generate_random_bytes() in mod_proxy_balancer used for the
>> balancer-manager nonce in affected environments.
>> 
>> I was thinking a global "BalancerManager off" could be used for
>> this and would also have the upside of fixing the SetHandler
>> htaccess problem.
>> 
>> Alternatives would be to find a weaker source for the nonce, or
>> allow tto opt out / use a hard-coded one.
>> 
>> Any suggestions?
> 
> For 2.4, you could use ap_random_insecure_bytes(). It should be good 
> enough for a nonce.
> 
> If you add a "BalancerManager off", it should be per directory, or at 
> least per vhost. Otherwise it would not help that much with the 
> SetHandler htaccess problem.
> 


Mime
View raw message