[hunchentoot-devel] Sessions not secure?
Edi Weitz
edi at agharta.de
Wed Dec 26 21:21:44 UTC 2007
On Wed, 26 Dec 2007 21:09:37 +0000 (UTC), Sohail Somani <sohail at taggedtype.net> wrote:
> In reality, it looks like this:
>
> * (concatenate 'string *session-secret*
> id user-agent ip-address time-of-session-start)
And don't forget MD5. Even if the random number generator were weak,
you'd have a hard time to figure out where in the random sequence you
are, right?
> but I don't know enough about the Lisp random number generators to
> say.
This is obviously implementation-dependent. Some Lisp implementations
also offer more choices for random number generators, for example:
http://www.lispworks.com/documentation/lw50/LWRM/html/lwref-326.htm
> By the way, since you read the post, do you think it is use or abuse
> of the dispatch table?
I think it's a valid use. I've been doing things like that as well.
Edi.
More information about the Tbnl-devel
mailing list