From sabra.crolleton at gmail.com Sun Dec 2 18:19:33 2012 From: sabra.crolleton at gmail.com (Sabra Crolleton) Date: Sun, 2 Dec 2012 10:19:33 -0800 Subject: [hunchentoot-devel] Does anyone use create-random-string? Message-ID: Hello, I am going to propose a patch to create-random-string to increase the randomness. This function has two optional parameters - the number of digits returned and the base. I would like to know whether anyone uses this function and needs to specify the exact number of digits returned. If anyone does need to specify the exact number of digits, then my patch needs to take that into account. Sabra -------------- next part -------------- An HTML attachment was scrubbed... URL: From avodonosov at yandex.ru Sun Dec 2 18:27:16 2012 From: avodonosov at yandex.ru (Anton Vodonosov) Date: Sun, 02 Dec 2012 22:27:16 +0400 Subject: [hunchentoot-devel] Does anyone use create-random-string? In-Reply-To: References: Message-ID: <1023141354472836@web16h.yandex.ru> 02.12.2012, 22:20, "Sabra Crolleton" : > Hello, > > I am going to propose a patch to create-random-string to increase the randomness. This function has two optional parameters - the number of digits returned and the base. I would like to know whether anyone uses this function and needs to specify the exact number of digits returned. If anyone does need to specify the exact number of digits, then my patch needs to take that into account. > > Sabra If sepeak about randominess, I would like to point to this project: https://github.com/avodonosov/secure-random From sabra.crolleton at gmail.com Sun Dec 2 21:15:33 2012 From: sabra.crolleton at gmail.com (Sabra Crolleton) Date: Sun, 2 Dec 2012 13:15:33 -0800 Subject: [hunchentoot-devel] Does anyone use create-random-string? In-Reply-To: <1023141354472836@web16h.yandex.ru> References: <1023141354472836@web16h.yandex.ru> Message-ID: Anton, Yes. That was my plan. Sabra On Sun, Dec 2, 2012 at 10:27 AM, Anton Vodonosov wrote: > > 02.12.2012, 22:20, "Sabra Crolleton" : > > Hello, > > > > I am going to propose a patch to create-random-string to increase the > randomness. This function has two optional parameters - the number of > digits returned and the base. I would like to know whether anyone uses this > function and needs to specify the exact number of digits returned. If > anyone does need to specify the exact number of digits, then my patch needs > to take that into account. > > > > Sabra > > > If sepeak about randominess, I would like to point to this project: > https://github.com/avodonosov/secure-random > > _______________________________________________ > tbnl-devel site list > tbnl-devel at common-lisp.net > http://common-lisp.net/mailman/listinfo/tbnl-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sabra.crolleton at gmail.com Mon Dec 3 04:51:28 2012 From: sabra.crolleton at gmail.com (Sabra Crolleton) Date: Sun, 2 Dec 2012 20:51:28 -0800 Subject: [hunchentoot-devel] Patch submission using secure-random in create-random-string Message-ID: This patch changes the function random-string to use secure-random:number which is a better random number generator. Anton Vodonosov**, since secure-random is your package, I would appreciate your review. Sabra -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: secure-random.diff Type: application/octet-stream Size: 3045 bytes Desc: not available URL: From avodonosov at yandex.ru Wed Dec 5 03:23:40 2012 From: avodonosov at yandex.ru (Anton Vodonosov) Date: Wed, 05 Dec 2012 07:23:40 +0400 Subject: [hunchentoot-devel] Patch submission using secure-random in create-random-string In-Reply-To: References: Message-ID: <408651354677820@web4e.yandex.ru> 03.12.2012, 08:52, "Sabra Crolleton" : > This patch changes the function random-string to use secure-random:number which is a better random number generator. > > Anton Vodonosov, since secure-random is your package, I would appreciate your review. > > Sabra Hello. This fix would be good if secure-random didn't depended on cl+ssl. Currently secure-random uses cl+ssl random number generator, so applying this patch will make hunchentoot always unconditionally depend on cl+ssl, but hunchentoot is supposed to be workable without cl+ssl (if :hunchentoot-no-ssl is present in *features*). If application wants to prevent cl:random from session-secret initialization, than the application can initialize hunchentoot:*session-secret* variable. That is why the variable is exported and why hunchentoot emits a warning in case the variable is not initialized. So I suggest that applications use secure-random to initialize hunchentoot:*session-secret*. Or maybe secure-random should be enabled if cl+ssl is enabled with hunchentoot? Opinions? Best regards, - Anton From hans.huebner at gmail.com Wed Dec 5 05:34:21 2012 From: hans.huebner at gmail.com (=?ISO-8859-1?Q?Hans_H=FCbner?=) Date: Wed, 5 Dec 2012 06:34:21 +0100 Subject: [hunchentoot-devel] Patch submission using secure-random in create-random-string In-Reply-To: <408651354677820@web4e.yandex.ru> References: <408651354677820@web4e.yandex.ru> Message-ID: On Wed, Dec 5, 2012 at 4:23 AM, Anton Vodonosov wrote: > This fix would be good if secure-random didn't depended on cl+ssl. [...] > Or maybe secure-random should be enabled if cl+ssl is enabled > with hunchentoot? Opinions? That. The idea is to make the default more secure if possible. The reason why we want to be able to compile without SSL is that this would make compiling Hunchentoot harder on platforms where SSL is not standard. -Hans From avodonosov at yandex.ru Tue Dec 11 01:53:56 2012 From: avodonosov at yandex.ru (Anton Vodonosov) Date: Tue, 11 Dec 2012 05:53:56 +0400 Subject: [hunchentoot-devel] Patch submission using secure-random in create-random-string In-Reply-To: References: <408651354677820@web4e.yandex.ru> Message-ID: <304051355190836@web30g.yandex.ru> I've just found that ironclad today also offers functions for secure pseudo random numbers (this functionality was absent in ironclad when I created secure-random). See functions strong-random and related in the ironclad manual http://method-combination.net/lisp/ironclad/ From edi at agharta.de Sat Dec 29 14:24:02 2012 From: edi at agharta.de (Edi Weitz) Date: Sat, 29 Dec 2012 15:24:02 +0100 Subject: [hunchentoot-devel] Fwd: Ich kann Ihre Homepaga nicht mehr lesen In-Reply-To: References: Message-ID: Forwarding this to the mailing list. I see the same error message with Firefox on Windows. Guten Rutsch, Edi. ---------- Forwarded message ---------- From: Patrick Date: 2012/12/29 Subject: Ich kann Ihre Homepaga nicht mehr lesen To: edi at weitz.de Lieber Herr Weitz, ich arbeite gerade an einem Internetprojekt mit sbcl/hunchentoot/cl-who. Als ich gerade versucht habe, die Handhabung von get-Parametern auf Ihrer Website nachzusehen, konnte ich die Seite http://weitz.de/hunchentoot nicht mehr anschauen. Ich bekomme "Fehler w?hrend der XSLT-Transformation: Ein unbekannter Fehler ist aufgetreten ()" (Und zwar mit Firefox 17.01 auf ubuntu 12.04; Mit Chrome bekomme ich nur ein Fragment der Seite). W?nsche Ihnen einen guten Rutsch ins neue Jahr! Patrick Krusenotto -- Patrick Krusenotto Ellig 20 D-53359 Rheinbach Act from reason, and failure makes you rethink and study harder. Act from faith, and failure makes you blame someone and push harder. -- George Bernard Shaw Meine Internet-Projekte: http://algorithmenwerk.de http://digital-werbedesign.de http://cantica-nova.com http://www.krusenotto.de/Felix http://mfc-rheinbach.de Mein Arbeitgeber: http://www.dw.de Vertrauensw?rdige, multimediale Berichterstattung in 30 Sprachen. From hans.huebner at gmail.com Sat Dec 29 20:10:36 2012 From: hans.huebner at gmail.com (=?ISO-8859-1?Q?Hans_H=FCbner?=) Date: Sat, 29 Dec 2012 21:10:36 +0100 Subject: [hunchentoot-devel] Fwd: Ich kann Ihre Homepaga nicht mehr lesen In-Reply-To: References: Message-ID: It would be better to use doc/hunchentoot-doc.html as the home page for weitz.de/hunchentoot/ to circumvent client-side XSLT problems. Doable? -Hans 2012/12/29 Edi Weitz : > Forwarding this to the mailing list. I see the same error message > with Firefox on Windows. > > Guten Rutsch, > Edi. > > > ---------- Forwarded message ---------- > From: Patrick > Date: 2012/12/29 > Subject: Ich kann Ihre Homepaga nicht mehr lesen > To: edi at weitz.de > > > Lieber Herr Weitz, > > ich arbeite gerade an einem Internetprojekt mit sbcl/hunchentoot/cl-who. > > Als ich gerade versucht habe, die Handhabung von get-Parametern auf > Ihrer Website nachzusehen, konnte ich die Seite > http://weitz.de/hunchentoot nicht mehr anschauen. Ich bekomme > > "Fehler w?hrend der XSLT-Transformation: Ein unbekannter Fehler ist > aufgetreten ()" > > (Und zwar mit Firefox 17.01 auf ubuntu 12.04; Mit Chrome bekomme ich > nur ein Fragment der Seite). > > W?nsche Ihnen einen guten Rutsch ins neue Jahr! > > Patrick Krusenotto > > -- > Patrick Krusenotto > Ellig 20 > D-53359 Rheinbach > > Act from reason, and failure makes you rethink and study harder. > Act from faith, and failure makes you blame someone and push harder. > -- George Bernard Shaw > > Meine Internet-Projekte: > http://algorithmenwerk.de > http://digital-werbedesign.de > http://cantica-nova.com > http://www.krusenotto.de/Felix > http://mfc-rheinbach.de > > > Mein Arbeitgeber: > http://www.dw.de > Vertrauensw?rdige, multimediale Berichterstattung in 30 Sprachen. > > _______________________________________________ > tbnl-devel site list > tbnl-devel at common-lisp.net > http://common-lisp.net/mailman/listinfo/tbnl-devel From edi at agharta.de Sat Dec 29 20:24:09 2012 From: edi at agharta.de (Edi Weitz) Date: Sat, 29 Dec 2012 21:24:09 +0100 Subject: [hunchentoot-devel] Fwd: Ich kann Ihre Homepaga nicht mehr lesen In-Reply-To: References: Message-ID: Yep. I've changed the cron job. 2012/12/29 Hans H?bner : > It would be better to use doc/hunchentoot-doc.html as the home page > for weitz.de/hunchentoot/ to circumvent client-side XSLT problems. > Doable? > > -Hans > > 2012/12/29 Edi Weitz : >> Forwarding this to the mailing list. I see the same error message >> with Firefox on Windows. >> >> Guten Rutsch, >> Edi. >> >> >> ---------- Forwarded message ---------- >> From: Patrick >> Date: 2012/12/29 >> Subject: Ich kann Ihre Homepaga nicht mehr lesen >> To: edi at weitz.de >> >> >> Lieber Herr Weitz, >> >> ich arbeite gerade an einem Internetprojekt mit sbcl/hunchentoot/cl-who. >> >> Als ich gerade versucht habe, die Handhabung von get-Parametern auf >> Ihrer Website nachzusehen, konnte ich die Seite >> http://weitz.de/hunchentoot nicht mehr anschauen. Ich bekomme >> >> "Fehler w?hrend der XSLT-Transformation: Ein unbekannter Fehler ist >> aufgetreten ()" >> >> (Und zwar mit Firefox 17.01 auf ubuntu 12.04; Mit Chrome bekomme ich >> nur ein Fragment der Seite). >> >> W?nsche Ihnen einen guten Rutsch ins neue Jahr! >> >> Patrick Krusenotto >> >> -- >> Patrick Krusenotto >> Ellig 20 >> D-53359 Rheinbach >> >> Act from reason, and failure makes you rethink and study harder. >> Act from faith, and failure makes you blame someone and push harder. >> -- George Bernard Shaw >> >> Meine Internet-Projekte: >> http://algorithmenwerk.de >> http://digital-werbedesign.de >> http://cantica-nova.com >> http://www.krusenotto.de/Felix >> http://mfc-rheinbach.de >> >> >> Mein Arbeitgeber: >> http://www.dw.de >> Vertrauensw?rdige, multimediale Berichterstattung in 30 Sprachen. >> >> _______________________________________________ >> tbnl-devel site list >> tbnl-devel at common-lisp.net >> http://common-lisp.net/mailman/listinfo/tbnl-devel >