You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/01/21 00:47:26 UTC

[jira] [Created] (KUDU-1843) Client UUIDs should be cryptographically random

Todd Lipcon created KUDU-1843:
---------------------------------

             Summary: Client UUIDs should be cryptographically random
                 Key: KUDU-1843
                 URL: https://issues.apache.org/jira/browse/KUDU-1843
             Project: Kudu
          Issue Type: Improvement
          Components: security
    Affects Versions: 1.3.0
            Reporter: Todd Lipcon
            Priority: Critical


Currently we use boost::uuid's default random generator, which is not cryptographically random. This may increase the ease with which an attacker could guess another client's client ID, which would potentially allow them to perform DoS or try to steal the results of RPCs from the result cache.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)