[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random

Todd Lipcon (JIRA) Fri, 10 Mar 2017 13:21:57 -0800

     [ 
https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Todd Lipcon updated KUDU-1843:
------------------------------
    Status: In Review  (was: Open)

> Client UUIDs should be cryptographically random
> -----------------------------------------------
>
>                 Key: KUDU-1843
>                 URL: https://issues.apache.org/jira/browse/KUDU-1843
>             Project: Kudu
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.3.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Critical
>
> Currently we use boost::uuid's default random generator, which is not 
> cryptographically random. This may increase the ease with which an attacker 
> could guess another client's client ID, which would potentially allow them to 
> perform DoS or try to steal the results of RPCs from the result cache.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random

Reply via email to