[pgpool-committers: 3510] pgpool: Do not use random() while generating MD5 salt.
Tatsuo Ishii
ishii at postgresql.org
Wed Sep 14 14:11:09 JST 2016
Do not use random() while generating MD5 salt.
random() should not be used in security related applications. To
replace random(), import PostmasterRandom() from PostgreSQL. Also
store current time at the start up of Pgpool-II main process for later
use.
Per Coverity CID 1362583.
Branch
------
V3_2_STABLE
Details
-------
http://git.postgresql.org/gitweb?p=pgpool2.git;a=commitdiff;h=d7a9a9878e7f8fd12ede2c9d5e10522cc969a6f5
Modified Files
--------------
main.c | 4 ++++
pool_auth.c | 50 +++++++++++++++++++++++++++++++++++++++++++++-----
2 files changed, 49 insertions(+), 5 deletions(-)
More information about the pgpool-committers
mailing list