harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Imran Ghory (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-4663) File.createTempFile() is insecure
Date Tue, 21 Aug 2007 22:16:30 GMT
File.createTempFile() is insecure
---------------------------------

                 Key: HARMONY-4663
                 URL: https://issues.apache.org/jira/browse/HARMONY-4663
             Project: Harmony
          Issue Type: Bug
          Components: Classlib
            Reporter: Imran Ghory


createTempFile() generates  a random file name by calling   genTempFile(prefix, newSuffix,
tmpDirFile), however that function generates it's randomness by calling new java.util.Random().nextInt();
which creates a Random() object seeded with the current time. This makes it predictable and
thus insecure[1].


[1] See section "7.10.1.2. Temporary Files" at  http://www.faqs.org/docs/Linux-HOWTO/Secure-Programs-HOWTO.html


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message