You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2017/01/21 00:47:26 UTC
[jira] [Created] (KUDU-1843) Client UUIDs should be
cryptographically random
Todd Lipcon created KUDU-1843:
---------------------------------
Summary: Client UUIDs should be cryptographically random
Key: KUDU-1843
URL: https://issues.apache.org/jira/browse/KUDU-1843
Project: Kudu
Issue Type: Improvement
Components: security
Affects Versions: 1.3.0
Reporter: Todd Lipcon
Priority: Critical
Currently we use boost::uuid's default random generator, which is not cryptographically random. This may increase the ease with which an attacker could guess another client's client ID, which would potentially allow them to perform DoS or try to steal the results of RPCs from the result cache.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)