You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Galen O'Sullivan (JIRA)" <ji...@apache.org> on 2017/10/06 16:34:00 UTC

[jira] [Created] (GEODE-3776) ClientUserAuths uses a poor source of randomness

Galen O'Sullivan created GEODE-3776:
---------------------------------------

             Summary: ClientUserAuths uses a poor source of randomness
                 Key: GEODE-3776
                 URL: https://issues.apache.org/jira/browse/GEODE-3776
             Project: Geode
          Issue Type: Bug
          Components: client/server
            Reporter: Galen O'Sullivan


ClientUserAuths uses a {{Random}} to generate numbers. This is an insecure number generator (can be broken with two consecutive outputs?)

We should look into whether it's good enough and likely replace with {{SecureRandom}} (unless there's a better way to do this -- getting rid of the map and saving creds on the {{Connection}}?)



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)