Patch session_entropy_docs_php_ini_default_off_still for *Encryption and hash functions Bug #51436
Patch version 2010-03-31 02:43 UTC
Return to Bug #51436 |
Download this patch
Patch Revisions:
Developer: philip@php.net
Index: branches/PHP_5_2/php.ini-recommended
===================================================================
--- branches/PHP_5_2/php.ini-recommended (revision 296029)
+++ branches/PHP_5_2/php.ini-recommended (working copy)
@@ -112,6 +112,13 @@
; - short_open_tag = Off [Portability]
; Using short tags is discouraged when developing code meant for redistribution
; since short tags may not be supported on the target server.
+; - session.entropy_file [Security]
+; It's recommended to increase session id entropy in order to decrease the
+; likelihood of repeated session ids.
+; The default value is not changed here, however, using "/dev/urandom" is recommended
+; - session.entropy_length [Security]
+; See session.entropy_file for details.
+; The default value is not changed here, however, using "16" is recommended
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
@@ -1110,14 +1117,10 @@
; considered as valid.
session.referer_check =
-; How many bytes to read from the file.
-session.entropy_length = 0
-
-; Specified here to create the session id.
-session.entropy_file =
-
+; How many bytes to read from the session.entropy_file file.
;session.entropy_length = 16
+; Specify a file here to increase session id entropy.
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
Index: branches/PHP_5_3/php.ini-development
===================================================================
--- branches/PHP_5_3/php.ini-development (revision 297207)
+++ branches/PHP_5_3/php.ini-development (working copy)
@@ -191,6 +191,16 @@
; Development Value: "GPCS"
; Production Value: "GPCS"
+; session.entropy_file
+; Default Value: ""
+; Recommended Value: "/dev/urandom"
+; Reason: Security related
+
+; session.entropy_length
+; Default Value: 0
+; Recommended Value: 16
+; Reason: Security related
+
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
@@ -1580,18 +1590,14 @@
; http://php.net/session.referer-check
session.referer_check =
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
; http://php.net/session.entropy-file
;session.entropy_file = /dev/urandom
-session.entropy_file =
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
Index: branches/PHP_5_3/php.ini-production
===================================================================
--- branches/PHP_5_3/php.ini-production (revision 297207)
+++ branches/PHP_5_3/php.ini-production (working copy)
@@ -191,6 +191,16 @@
; Development Value: "GPCS"
; Production Value: "GPCS"
+; session.entropy_file
+; Default Value: ""
+; Recommended Value: "/dev/urandom"
+; Reason: Security related
+
+; session.entropy_length
+; Default Value: 0
+; Recommended Value: 16
+; Reason: Security related
+
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
@@ -1588,18 +1598,14 @@
; http://php.net/session.referer-check
session.referer_check =
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
; http://php.net/session.entropy-file
;session.entropy_file = /dev/urandom
-session.entropy_file =
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
Index: trunk/php.ini-development
===================================================================
--- trunk/php.ini-development (revision 297207)
+++ trunk/php.ini-development (working copy)
@@ -191,6 +191,16 @@
; Development Value: "GPCS"
; Production Value: "GPCS"
+; session.entropy_file
+; Default Value: ""
+; Recommended Value: "/dev/urandom"
+; Reason: Security related
+
+; session.entropy_length
+; Default Value: 0
+; Recommended Value: 16
+; Reason: Security related
+
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
@@ -1580,18 +1590,14 @@
; http://php.net/session.referer-check
session.referer_check =
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
; http://php.net/session.entropy-file
;session.entropy_file = /dev/urandom
-session.entropy_file =
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
Index: trunk/php.ini-production
===================================================================
--- trunk/php.ini-production (revision 297207)
+++ trunk/php.ini-production (working copy)
@@ -191,6 +191,16 @@
; Development Value: "GPCS"
; Production Value: "GPCS"
+; session.entropy_file
+; Default Value: ""
+; Recommended Value: "/dev/urandom"
+; Reason: Security related
+
+; session.entropy_length
+; Default Value: 0
+; Recommended Value: 16
+; Reason: Security related
+
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
@@ -1588,18 +1598,14 @@
; http://php.net/session.referer-check
session.referer_check =
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
; http://php.net/session.entropy-file
;session.entropy_file = /dev/urandom
-session.entropy_file =
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
|