Patch session_entropy_docs_php_ini_default_off_still for *Encryption and hash functions Bug #51436

Patch version 2010-03-31 02:43 UTC

• 2010-03-31 02:43 UTC [diff to current]

Developer: philip@php.net

Index: branches/PHP_5_2/php.ini-recommended
===================================================================
--- branches/PHP_5_2/php.ini-recommended	(revision 296029)
+++ branches/PHP_5_2/php.ini-recommended	(working copy)
@@ -112,6 +112,13 @@
 ; - short_open_tag = Off           [Portability]
 ;     Using short tags is discouraged when developing code meant for redistribution
 ;     since short tags may not be supported on the target server.
+; - session.entropy_file           [Security]
+;     It's recommended to increase session id entropy in order to decrease the 
+;     likelihood of repeated session ids.
+;     The default value is not changed here, however, using "/dev/urandom" is recommended
+; - session.entropy_length         [Security]
+;     See session.entropy_file for details.
+;     The default value is not changed here, however, using "16" is recommended
 
 ;;;;;;;;;;;;;;;;;;;;
 ; Language Options ;
@@ -1110,14 +1117,10 @@
 ; considered as valid.
 session.referer_check =
 
-; How many bytes to read from the file.
-session.entropy_length = 0
-
-; Specified here to create the session id.
-session.entropy_file =
-
+; How many bytes to read from the session.entropy_file file.
 ;session.entropy_length = 16
 
+; Specify a file here to increase session id entropy.
 ;session.entropy_file = /dev/urandom
 
 ; Set to {nocache,private,public,} to determine HTTP caching aspects
Index: branches/PHP_5_3/php.ini-development
===================================================================
--- branches/PHP_5_3/php.ini-development	(revision 297207)
+++ branches/PHP_5_3/php.ini-development	(working copy)
@@ -191,6 +191,16 @@
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
+; session.entropy_file
+;   Default Value: ""
+;   Recommended Value: "/dev/urandom"
+;   Reason: Security related
+
+; session.entropy_length
+;   Default Value: 0
+;   Recommended Value: 16
+;   Reason: Security related
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -1580,18 +1590,14 @@
 ; http://php.net/session.referer-check
 session.referer_check =
 
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
 ; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
 
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
 ; http://php.net/session.entropy-file
 ;session.entropy_file = /dev/urandom
-session.entropy_file =
 
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
 ; Set to {nocache,private,public,} to determine HTTP caching aspects
 ; or leave this empty to avoid sending anti-caching headers.
 ; http://php.net/session.cache-limiter
Index: branches/PHP_5_3/php.ini-production
===================================================================
--- branches/PHP_5_3/php.ini-production	(revision 297207)
+++ branches/PHP_5_3/php.ini-production	(working copy)
@@ -191,6 +191,16 @@
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
+; session.entropy_file
+;   Default Value: ""
+;   Recommended Value: "/dev/urandom"
+;   Reason: Security related
+
+; session.entropy_length
+;   Default Value: 0
+;   Recommended Value: 16
+;   Reason: Security related
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -1588,18 +1598,14 @@
 ; http://php.net/session.referer-check
 session.referer_check =
 
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
 ; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
 
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
 ; http://php.net/session.entropy-file
 ;session.entropy_file = /dev/urandom
-session.entropy_file =
 
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
 ; Set to {nocache,private,public,} to determine HTTP caching aspects
 ; or leave this empty to avoid sending anti-caching headers.
 ; http://php.net/session.cache-limiter
Index: trunk/php.ini-development
===================================================================
--- trunk/php.ini-development	(revision 297207)
+++ trunk/php.ini-development	(working copy)
@@ -191,6 +191,16 @@
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
+; session.entropy_file
+;   Default Value: ""
+;   Recommended Value: "/dev/urandom"
+;   Reason: Security related
+
+; session.entropy_length
+;   Default Value: 0
+;   Recommended Value: 16
+;   Reason: Security related
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -1580,18 +1590,14 @@
 ; http://php.net/session.referer-check
 session.referer_check =
 
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
 ; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
 
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
 ; http://php.net/session.entropy-file
 ;session.entropy_file = /dev/urandom
-session.entropy_file =
 
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
 ; Set to {nocache,private,public,} to determine HTTP caching aspects
 ; or leave this empty to avoid sending anti-caching headers.
 ; http://php.net/session.cache-limiter
Index: trunk/php.ini-production
===================================================================
--- trunk/php.ini-production	(revision 297207)
+++ trunk/php.ini-production	(working copy)
@@ -191,6 +191,16 @@
 ;   Development Value: "GPCS"
 ;   Production Value: "GPCS"
 
+; session.entropy_file
+;   Default Value: ""
+;   Recommended Value: "/dev/urandom"
+;   Reason: Security related
+
+; session.entropy_length
+;   Default Value: 0
+;   Recommended Value: 16
+;   Reason: Security related
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -1588,18 +1598,14 @@
 ; http://php.net/session.referer-check
 session.referer_check =
 
-; How many bytes to read from the file.
+; How many bytes to read from the session.entropy_file file.
 ; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 16
 
-; Specified here to create the session id.
+; Specify a file here to increase session id entropy.
 ; http://php.net/session.entropy-file
 ;session.entropy_file = /dev/urandom
-session.entropy_file =
 
-; http://php.net/session.entropy-length
-;session.entropy_length = 16
-
 ; Set to {nocache,private,public,} to determine HTTP caching aspects
 ; or leave this empty to avoid sending anti-caching headers.
 ; http://php.net/session.cache-limiter