harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: [jira] Created: (HARMONY-4663) File.createTempFile() is insecure
Date Thu, 23 Aug 2007 15:02:36 GMT
Please take a look at the comments on:
   https://issues.apache.org/jira/browse/HARMONY-4663

While I don't think it will make much difference to most people, is
there any objection to making the following change so that temp file
names are less predictable?

Regards,
Tim


Index: modules/luni/src/main/java/java/io/File.java
===================================================================
--- modules/luni/src/main/java/java/io/File.java	(revision 568557)
+++ modules/luni/src/main/java/java/io/File.java	(working copy)
@@ -1158,7 +1158,7 @@

     private static File genTempFile(String prefix, String suffix, File
directory) {
         if (counter == 0) {
-            int newInt = new java.util.Random().nextInt();
+            int newInt = new java.security.SecureRandom().nextInt();
             counter = ((newInt / 65535) & 0xFFFF) + 0x2710;
         }
         StringBuilder newName = new StringBuilder();



Mime
View raw message