You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2021/09/02 12:10:48 UTC

[Bug 65159] mod_unique_id generates non-unique ids

https://bz.apache.org/bugzilla/show_bug.cgi?id=65159

--- Comment #28 from Joe Orton <jo...@redhat.com> ---
(In reply to Michael Kaufmann from comment #27)
> If you want to replace the implementation of mod_unique_id, a simple
> approach would be to generate the whole ID with pseudo-random bytes, like
> other web servers do. Unfortunately there is no fast APR function available
> to generate pseudo-random bytes (e.g. reading from /dev/urandom on Linux),
> just like there is no APR function available for real thread local storage.

Yes, I wondered about this too. But there is apr_generate_random_bytes(), also
httpd has an RNG exposed via ap_random_*, plus we even have access to a UUID
generator via apr_uuid_ which (should) be plugged through to getrandom() etc. 
Having mod_ssl generate UNIQUE_ID via RAND_bytes() would also be a simpler
alternative.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org