zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Colm O hEigeartaigh (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-3197) Improve documentation in ZooKeeperServer.superSecret
Date Thu, 22 Nov 2018 16:20:00 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-3197?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Colm O hEigeartaigh updated ZOOKEEPER-3197:
-------------------------------------------
    Description: 
A security scan flagged the use of a hard-coded secret (ZooKeeperServer.superSecret) in conjunction
with a java Random instance to generate a password:

byte[] generatePasswd(long id)

{        

    Random r = new Random(id ^ superSecret);        

    byte p[] = new byte[16];        

    r.nextBytes(p);        

    return p;    

}

superSecret has the following javadoc:

 /**
    * This is the secret that we use to generate passwords, for the moment it
    * is more of a sanity check.
    */

It is unclear from this comment and looking at the code why it is not a security risk. It
would be good to update the javadoc along the lines of "Using a hard-coded secret with Random
to generate is not a security risk because the resulting passwords are used for X and not
for authentication" or something would be very helpful for anyone else looking at the code.

  was:
A security scan flagged the use of a hard-coded secret (ZooKeeperServer.superSecret) in conjunction
with a java Random instance to generate a password:

byte[] generatePasswd(long id) {
        Random r = new Random(id ^ superSecret);
        byte p[] = new byte[16];
        r.nextBytes(p);
        return p;
    }

superSecret has the following javadoc:

 /**
   * This is the secret that we use to generate passwords, for the moment it
   * is more of a sanity check.
   */

It is unclear from this comment and looking at the code why it is not a security risk. It
would be good to update the javadoc along the lines of "Using a hard-coded secret with Random
to generate is not a security risk because the resulting passwords are used for X and not
for authentication" or something would be very helpful for anyone else looking at the code.


> Improve documentation in ZooKeeperServer.superSecret
> ----------------------------------------------------
>
>                 Key: ZOOKEEPER-3197
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3197
>             Project: ZooKeeper
>          Issue Type: Task
>            Reporter: Colm O hEigeartaigh
>            Priority: Trivial
>
> A security scan flagged the use of a hard-coded secret (ZooKeeperServer.superSecret)
in conjunction with a java Random instance to generate a password:
> byte[] generatePasswd(long id)
> {        
>     Random r = new Random(id ^ superSecret);        
>     byte p[] = new byte[16];        
>     r.nextBytes(p);        
>     return p;    
> }
> superSecret has the following javadoc:
>  /**
>     * This is the secret that we use to generate passwords, for the moment it
>     * is more of a sanity check.
>     */
> It is unclear from this comment and looking at the code why it is not a security risk.
It would be good to update the javadoc along the lines of "Using a hard-coded secret with
Random to generate is not a security risk because the resulting passwords are used for X and
not for authentication" or something would be very helpful for anyone else looking at the
code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message