hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hiroshi Ikeda (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-5742) pipes.Application should use SecureRandom for security purposes
Date Thu, 03 Apr 2014 00:46:17 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-5742?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13958393#comment-13958393
] 

Hiroshi Ikeda commented on MAPREDUCE-5742:
------------------------------------------

I think it is better to use the default constructor as safety net, such as:

{code}
SecureRandom rand;
try {
  rand = SecureRandom.getInstance(...);
} catch (NoSuchAlgorithmException e) {
  rand = new SecureRandom();
}
{code}


> pipes.Application should use SecureRandom for security purposes
> ---------------------------------------------------------------
>
>                 Key: MAPREDUCE-5742
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-5742
>             Project: Hadoop Map/Reduce
>          Issue Type: Bug
>            Reporter: Hiroshi Ikeda
>            Assignee: Avinash Kujur
>            Priority: Minor
>         Attachments: MapReduce-5742.patch
>
>
> org.apache.hadoop.mapred.pipes.Application calls its private method getSecurityChallenge(),
which uses java.util.Random. It should use java.security.SecureRandom.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message