harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject Re: [jira] Created: (HARMONY-4663) File.createTempFile() is insecure
Date Fri, 24 Aug 2007 03:39:42 GMT
On 8/23/07, Tim Ellison <t.p.ellison@gmail.com> wrote:
>
> Please take a look at the comments on:
>   https://issues.apache.org/jira/browse/HARMONY-4663
>
> While I don't think it will make much difference to most people, is
> there any objection to making the following change so that temp file
> names are less predictable?


   Agree, although I am also not sure there is urgent demand for adopting
SecureRandom.

Regards,
> Tim
>
>
> Index: modules/luni/src/main/java/java/io/File.java
> ===================================================================
> --- modules/luni/src/main/java/java/io/File.java        (revision 568557)
> +++ modules/luni/src/main/java/java/io/File.java        (working copy)
> @@ -1158,7 +1158,7 @@
>
>     private static File genTempFile(String prefix, String suffix, File
> directory) {
>         if (counter == 0) {
> -            int newInt = new java.util.Random().nextInt();
> +            int newInt = new java.security.SecureRandom().nextInt();
>             counter = ((newInt / 65535) & 0xFFFF) + 0x2710;
>         }
>         StringBuilder newName = new StringBuilder();
>
>
>


-- 
Leo Li
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message