[teiid-issues] [JBoss JIRA] Updated: (TEIID-329) Change sessionid to something non-guessable

Tuesday, 10 February 2009



     [
https://jira.jboss.org/jira/browse/TEIID-329?page=com.atlassian.jira.plug...
]

Steven Hawkins updated TEIID-329:
---------------------------------

    Component/s: Server
        Affects: [Documentation (Ref Guide, User Guide, etc.),
Compatibility/Configuration, Release Notes]
         Labels: security  (was: )


...
 Change sessionid to something non-guessable
 -------------------------------------------

                 Key: TEIID-329
                 URL: https://jira.jboss.org/jira/browse/TEIID-329
             Project: Teiid
          Issue Type: Task
          Components: Server
    Affects Versions: 6.0.0
            Reporter: Steven Hawkins
            Assignee: Steven Hawkins
             Fix For: 6.0.0

   Original Estimate: 1 day
  Remaining Estimate: 1 day

 Currently the sessionid is based upon a long sequence.  It is extremely easy to exploit
and then hijack a session.  Sessionids should instead be based upon something that is hard
to guess (such as a UUID) and should also be encrypted when being returned to the server
or resent from the client. 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[teiid-issues] [JBoss JIRA] Updated: (TEIID-329) Change sessionid to something non-guessable