Does nginx use unique session identifiers
Lemons, Terry
Terry.Lemons at dell.com
Tue Jul 9 18:40:06 UTC 2019
Hi
Our product uses nginx to front-end inbound web access. To enhance our product's security posture, we have been examining the rules in the DISA Web Server Security Requirements Guide<https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Web_Server_V2R3_SRG.zip>. One of the rules (https://www.stigviewer.com/stig/web_server_security_requirements_guide/2014-11-17/finding/V-41807) states, "The web server must generate unique session identifiers that cannot be reliably reproduced." I searched the nginx documentation, but wasn't able to confirm that unique session identifiers are used.
Are they?
Thanks
tl
Terry Lemons
[DellEMC_Logo_Hz_Blue_rgb_10percent]
Data Protection Division
176 South Street, MS 2/B-34
Hopkinton MA 01748
terry.lemons at dell.com<mailto:terry.lemons at dell.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190709/7124f7cb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2117 bytes
Desc: image001.png
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190709/7124f7cb/attachment.png>
More information about the nginx
mailing list