Hi all,
On Thu, Feb 6, 2014 at 3:15 PM, Yasuo Ohgaki <[email protected]> wrote:
> On Sun, Feb 2, 2014 at 7:33 AM, Yasuo Ohgaki <[email protected]> wrote:
>
>> Secure Session Module Options by Default
>> https://wiki.php.net/rfc/secure-session-options-by-default
>>
>> Session is core of web security. Therefore, default should be
>> as secure as possible by default.
>>
>> I'll open vote next week, please send comments now.
>>
>
> I've added new INI option for security reason. (Timing attack mitigation)
>
> **session_id_length** minimum session ID length to mitigate timing attack.
> 26 for PHP 5.3/5.4/5.5. 52 for 5.6.
>
I need information about PHP distributions.
Does anyone know if there is PHP distributions that provide hash module as
*.(so|dll)?
If there is, I have to change this INI value.
Thank you!
--
Yasuo Ohgaki
[email protected]