[ https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Grant Henke updated KUDU-1843: ------------------------------ Target Version/s: 1.8.0 (was: 1.7.0) > Client UUIDs should be cryptographically random > ----------------------------------------------- > > Key: KUDU-1843 > URL: https://issues.apache.org/jira/browse/KUDU-1843 > Project: Kudu > Issue Type: Improvement > Components: security > Affects Versions: 1.3.0 > Reporter: Todd Lipcon > Assignee: Todd Lipcon > Priority: Critical > > Currently we use boost::uuid's default random generator, which is not > cryptographically random. This may increase the ease with which an attacker > could guess another client's client ID, which would potentially allow them to > perform DoS or try to steal the results of RPCs from the result cache. -- This message was sent by Atlassian JIRA (v7.6.3#76005)