TWiki WebNTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.This Plugin allows session information to be retained whilst a browser is running. It does this by storing a small session cookie in the browser. This contains an identification string that TWiki users to extract session information on the server. Notes:
ntp-4.2.8p15was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Please see the NTP Security Notice for vulnerability and mitigation details.Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
- The cookie is not persistant
- The session information is stored in files under
data/.sessions/ - Old session files should be deleted by a cron job
- Identification string using for session is:
- time (second resolution) + random number
- If url parameter
stickskinis present, its value sets the session value forSKINi.e. you then stick on this skin. Get back to defalt skin with stickskin=.
- Set SHORTDESCRIPTION = Holds session information on server, session identified from sessionId stored in non-persistant cookie
- Set DEBUG = 0
TWiki Web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding NTP? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.SessionPlugin