[
https://issues.apache.org/jira/browse/KUDU-1843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17124020#comment-17124020
]
Grant Henke commented on KUDU-1843:
-----------------------------------
This patch needs to be rebased, but it seems like using a cryptographically
random UUID (even if there is a small risk of leak) is still an improvement on
the existing risks. Additionally the Java client is already doing this.
> Client UUIDs should be cryptographically random
> -----------------------------------------------
>
> Key: KUDU-1843
> URL: https://issues.apache.org/jira/browse/KUDU-1843
> Project: Kudu
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Assignee: Todd Lipcon
> Priority: Critical
>
> Currently we use boost::uuid's default random generator, which is not
> cryptographically random. This may increase the ease with which an attacker
> could guess another client's client ID, which would potentially allow them to
> perform DoS or try to steal the results of RPCs from the result cache.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
