[teiid-issues] [JBoss JIRA] Updated: (TEIID-329) Change sessionid to something non-guessable
Steven Hawkins (JIRA)
jira-events at lists.jboss.org
Wed Feb 11 00:04:44 EST 2009
[ https://jira.jboss.org/jira/browse/TEIID-329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Hawkins updated TEIID-329:
---------------------------------
Component/s: Server
Affects: [Documentation (Ref Guide, User Guide, etc.), Compatibility/Configuration, Release Notes]
Labels: security (was: )
> Change sessionid to something non-guessable
> -------------------------------------------
>
> Key: TEIID-329
> URL: https://jira.jboss.org/jira/browse/TEIID-329
> Project: Teiid
> Issue Type: Task
> Components: Server
> Affects Versions: 6.0.0
> Reporter: Steven Hawkins
> Assignee: Steven Hawkins
> Fix For: 6.0.0
>
> Original Estimate: 1 day
> Remaining Estimate: 1 day
>
> Currently the sessionid is based upon a long sequence. It is extremely easy to exploit and then hijack a session. Sessionids should instead be based upon something that is hard to guess (such as a UUID) and should also be encrypted when being returned to the server or resent from the client.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list