[
https://issues.apache.org/jira/browse/OFBIZ-12386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17465360#comment-17465360
]
ASF subversion and git services commented on OFBIZ-12386:
---------------------------------------------------------
Commit ac6acf03a362804b12e6958b31b05661ba36a0b9 in ofbiz-plugins's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=ac6acf0 ]
Improved: Fix some bugs Spotbugs reports (OFBIZ-12386)
Random object created and used only once in
OFBizCasAuthenticationHandler.rand(int, int)
SampleHtmlThread.run()
This code creates a java.util.Random object, uses it to generate one random
number, and then discards the Random object. This produces mediocre quality
random numbers and is inefficient. If possible, rewrite the code so that the
Random object is created once and saved, and each time a new random number is
required invoke a method on the existing Random object to obtain it.
If it is important that the generated Random numbers not be guessable, you must
not create a new Random for each random number; the values are too easily
guessable. You should strongly consider using a java.security.SecureRandom
instead (and avoid allocating a new SecureRandom for each random number needed).
Rank: Troubling (14), confidence: High
Pattern: DMI_RANDOM_USED_ONLY_ONCE
Type: DMI, Category: BAD_PRACTICE (Bad practice)
> Fix some bugs Spotbugs reports
> ------------------------------
>
> Key: OFBIZ-12386
> URL: https://issues.apache.org/jira/browse/OFBIZ-12386
> Project: OFBiz
> Issue Type: Bug
> Components: ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
