Todd Lipcon created KUDU-1843:
---------------------------------
Summary: Client UUIDs should be cryptographically random
Key: KUDU-1843
URL: https://issues.apache.org/jira/browse/KUDU-1843
Project: Kudu
Issue Type: Improvement
Components: security
Affects Versions: 1.3.0
Reporter: Todd Lipcon
Priority: Critical
Currently we use boost::uuid's default random generator, which is not
cryptographically random. This may increase the ease with which an attacker
could guess another client's client ID, which would potentially allow them to
perform DoS or try to steal the results of RPCs from the result cache.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
