Robert Muir created LUCENE-6292:
-----------------------------------
Summary: seed StringHelper better
Key: LUCENE-6292
URL: https://issues.apache.org/jira/browse/LUCENE-6292
Project: Lucene - Core
Issue Type: Bug
Reporter: Robert Muir
The current code is good, it avoids SecureRandom/blocking when we don't need
real security (just used for safety checks).
On the other hand it has some downsides:
* the sources of randomness here aren't the best, e.g. sysprops will be the
same when using automated deployment tools if the jvm is the same version,
installed in the same place, same user, etc.
* asking for a Properties of all the sysprops needs blanket read-write access
to all of them, which is inconvenient if you want to lock this down in tests
(which I do). Today this means you can't ban write access or lucene won't work.
I think we should use /dev/urandom when its available, its just practical and
exactly what we need. If its not available (e.g. windows) we can use the
current logic. If sysprops arent available we can just use another hashcode
instead and lucene can still be used.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
