8933941b31
From Erlyaws-list: "Use crypto:rand_bytes() instead of the cryptographically weak random module. Swedish security consultant and cryptographer Kalle Zetterlund discovered a way to - given a sequence of cookies produced by yaws_session_server - predict the next session id. Thus providing a gaping security hole into yaws servers that use the yaws_session_server to maintain cookie based HTTP sessions (klacke/kallez)" PR: ports/169363 Submitted by: Kenji Rikitake <kenji.rikitake@acm.org>
13 lines
357 B
Groff
13 lines
357 B
Groff
Modified by Kenji Rikitake
|
|
$FreeBSD$
|
|
|
|
--- man/yaws.conf.5.orig
|
|
+++ man/yaws.conf.5
|
|
@@ -1,6 +1,6 @@
|
|
.TH YAWS.CONF "5" "" "" "User Commands"
|
|
.SH NAME
|
|
-/etc/yaws/yaws.conf \- Configuration file for the Yaws web server
|
|
+!!PREFIX!!/etc/yaws/yaws.conf \- Configuration file for the Yaws web server
|
|
.SH DESCRIPTION
|
|
.\" Add any additional description here
|
|
.PP
|