You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by ji...@apache.org on 2023/05/08 16:51:38 UTC
[shardingsphere] branch master updated: Use SecureRandom instead of ThreadLocalRandom (#25526)
This is an automated email from the ASF dual-hosted git repository.
jianglongtao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 81eb3fe1512 Use SecureRandom instead of ThreadLocalRandom (#25526)
81eb3fe1512 is described below
commit 81eb3fe151211b0005ac1a9419aefbb3a2993b7d
Author: Liang Zhang <zh...@apache.org>
AuthorDate: Tue May 9 00:51:21 2023 +0800
Use SecureRandom instead of ThreadLocalRandom (#25526)
---
.../db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java | 6 +++---
.../packet/authentication/OpenGaussAuthenticationHexData.java | 5 +++--
.../postgresql/packet/handshake/PostgreSQLRandomGenerator.java | 7 +++++--
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java b/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java
index 929a87a1874..6db5a6ab867 100644
--- a/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java
+++ b/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java
@@ -21,8 +21,8 @@ import lombok.AccessLevel;
import lombok.Getter;
import lombok.NoArgsConstructor;
+import java.security.SecureRandom;
import java.util.Random;
-import java.util.concurrent.ThreadLocalRandom;
/**
* Random generator for MySQL.
@@ -38,12 +38,12 @@ public final class MySQLRandomGenerator {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
- private final Random random = ThreadLocalRandom.current();
+ private final Random random = new SecureRandom();
/**
* Generate random bytes.
*
- * @param length length for generated bytes.
+ * @param length length for generated bytes
* @return generated bytes
*/
public byte[] generateRandomBytes(final int length) {
diff --git a/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java b/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java
index 0f2fa7bf28c..7eacf5a3552 100644
--- a/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java
+++ b/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java
@@ -19,7 +19,8 @@ package org.apache.shardingsphere.db.protocol.opengauss.packet.authentication;
import lombok.Getter;
-import java.util.concurrent.ThreadLocalRandom;
+import java.security.SecureRandom;
+import java.util.Random;
/**
* Authentication hex data for openGauss.
@@ -37,7 +38,7 @@ public final class OpenGaussAuthenticationHexData {
}
private String generate(final int length) {
- ThreadLocalRandom random = ThreadLocalRandom.current();
+ Random random = new SecureRandom();
StringBuilder result = new StringBuilder(length);
for (int i = 0; i < result.capacity(); i++) {
result.append(Integer.toString(random.nextInt(0x10), 0x10));
diff --git a/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java b/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java
index f17759b6e14..507746361c8 100644
--- a/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java
+++ b/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java
@@ -20,7 +20,8 @@ package org.apache.shardingsphere.db.protocol.postgresql.packet.handshake;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
-import java.util.concurrent.ThreadLocalRandom;
+import java.security.SecureRandom;
+import java.util.Random;
/**
* Random generator for PostgreSQL.
@@ -30,6 +31,8 @@ public final class PostgreSQLRandomGenerator {
private static final PostgreSQLRandomGenerator INSTANCE = new PostgreSQLRandomGenerator();
+ private final Random random = new SecureRandom();
+
/**
* Get instance.
*
@@ -47,7 +50,7 @@ public final class PostgreSQLRandomGenerator {
*/
public byte[] generateRandomBytes(final int length) {
byte[] result = new byte[length];
- ThreadLocalRandom.current().nextBytes(result);
+ random.nextBytes(result);
return result;
}
}