Author: veithen
Date: Thu Oct 20 18:38:24 2011
New Revision: 1186988
URL: http://svn.apache.org/viewvc?rev=1186988&view=rev
Log:
Added a note to the Javadoc of UIDGenerator#generateUID() explaining the
implications of the fact that the method ensures uniqueness, but not randomness.
Modified:
webservices/commons/trunk/modules/axiom/modules/axiom-api/src/main/java/org/apache/axiom/util/UIDGenerator.java
Modified:
webservices/commons/trunk/modules/axiom/modules/axiom-api/src/main/java/org/apache/axiom/util/UIDGenerator.java
URL:
http://svn.apache.org/viewvc/webservices/commons/trunk/modules/axiom/modules/axiom-api/src/main/java/org/apache/axiom/util/UIDGenerator.java?rev=1186988&r1=1186987&r2=1186988&view=diff
==============================================================================
---
webservices/commons/trunk/modules/axiom/modules/axiom-api/src/main/java/org/apache/axiom/util/UIDGenerator.java
(original)
+++
webservices/commons/trunk/modules/axiom/modules/axiom-api/src/main/java/org/apache/axiom/util/UIDGenerator.java
Thu Oct 20 18:38:24 2011
@@ -185,6 +185,14 @@ public final class UIDGenerator {
* a 192 bit value, i.e. it is 48 characters long. The implementation
guarantees a high level of
* uniqueness, but makes no provisions to guarantee randomness. It is
thread safe, but doesn't
* use synchronization.
+ * <p>
+ * The fact that this method doesn't guarantee randomness implies that the
generated IDs are
+ * predictable and must not be used in contexts where this would cause a
security vulnerability.
+ * In particular, this method should <b>not</b> be used to generate the
following kind of IDs:
+ * <ul>
+ * <li>Session IDs.
+ * <li>Message IDs used in WS-Addressing.
+ * </ul>
*
* @return the generated unique ID
*/
