[pgpool-committers: 3464] pgpool: Do not use random() while generating MD5 salt.
Tatsuo Ishii
ishii at postgresql.org
Fri Sep 9 12:01:48 JST 2016
Do not use random() while generating MD5 salt.
random() should not be used in security related applications. To
replace random(), import PostmasterRandom() from PostgreSQL. Also
store current time at the start up of Pgpool-II main process for later
use.
Per Coverity CID 1362583.
Branch
------
master
Details
-------
http://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=650c660a89df7ca4f5247dbc61e6a65ea63fc78b
Modified Files
--------------
src/auth/pool_auth.c | 49 ++++++++++++++++++++++++++++++++++++----
src/main/pgpool_main.c | 4 ++++
src/main/pool_globals.c | 1 +
src/query_cache/pool_memqcache.c | 2 +-
4 files changed, 50 insertions(+), 6 deletions(-)
More information about the pgpool-committers
mailing list