add two documentation notes on file:/dev/urandom

suggested by jw35
cambridgeuniversity · Jun 2, 2017 · f8bd084 · f8bd084
1 parent 7d2f1c0
commit f8bd084
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/README.Config b/README.Config
@@ -415,7 +415,12 @@ AACookieKey
 
   will request from the kernel's random-byte generator a new cookie
   key each time the server rereads its configuration, and avoids a
-  secret on the file system.
+  secret on the file system. However, this will trigger a round trip
+  to Raven for all currently-authenticated users every time Apache is
+  restarted/reloaded. While not a major issue, this will, for example,
+  result in the loss of POST data. (On the other hand, using
+  "AAHeaderKey file:/dev/urandom" would be pointless: the whole point
+  of AAHeaderKey is to establish a shared secret with other systems.)
 
   The key must not disclosed, since with knowledge of the key an
   attacker can forge authentication. Putting the key directly into