tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Rees <dr...@runt.ebetinc.com>
Subject Re: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util SessionIdGenerator.java
Date Wed, 05 Sep 2001 04:51:14 GMT
On Wed, Sep 05, 2001 at 02:42:14AM -0000, marcsaeg@apache.org wrote:
> marcsaeg    01/09/04 19:42:14
> 
>   Modified:    src/share/org/apache/tomcat/startup Tag: tomcat_32
>                         Tomcat.java
>                src/share/org/apache/tomcat/util Tag: tomcat_32
>                         SessionIdGenerator.java
>   Log:
>   Switch back to the default PRNG seed generator to avoid security weakness
>   in the manual seed generator.  The PRNG is now initialized when the container
>   starts so that we don't take the hit on the first request.
>   
>   Submitted by:	Kevin E. Fu (fubob@cisco.com)

Does this prevent Tomcat from accepting requests until after the PRNG is
initialized?  If so, IMHO Tomcat should accept requests ASAP, even if it can't
completely serve them until the PRNG is accepted.  Isn't that better than
rejecting requests?

-Dave

Mime
View raw message