[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random

Grant Henke (Jira) Tue, 02 Jun 2020 09:34:16 -0700


     [ 
https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Grant Henke updated KUDU-1843:
------------------------------
    Target Version/s: 1.13.0  (was: 1.8.0)

> Client UUIDs should be cryptographically random
> -----------------------------------------------
>
>                 Key: KUDU-1843
>                 URL: https://issues.apache.org/jira/browse/KUDU-1843
>             Project: Kudu
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.3.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Critical
>
> Currently we use boost::uuid's default random generator, which is not 
> cryptographically random. This may increase the ease with which an attacker 
> could guess another client's client ID, which would potentially allow them to 
> perform DoS or try to steal the results of RPCs from the result cache.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KUDU-1843) Client UUIDs should be cryptographically random

Reply via email to