| From: | rightfold(at)gmail(dot)com |
|---|---|
| To: | pgsql-docs(at)postgresql(dot)org |
| Subject: | gen_random_uuid security not explicit in documentation |
| Date: | 2017-01-01 23:20:54 |
| Message-ID: | 20170101232054.10135.50528@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/9.6/static/pgcrypto.html
Description:
Hello,
The C source code of gen_random_uuid reads:
/*
* Generate random bits. pg_backend_random() will do here, we don't
* promis UUIDs to be cryptographically random, when built with
* --disable-strong-random.
*/
However, the pgcrypto documentation does not mention
--disable-strong-random
at all. I think the documentation should mention under which conditions
the
function returns secure data.
Radek Slupik
P.S. there is also a typo in the C comment: "promis" should be "promise".
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2017-01-03 12:47:37 | Re: gen_random_uuid security not explicit in documentation |
| Previous Message | Tom Lane | 2016-12-29 23:28:07 | Re: start-up script for OpenBSD |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2017-01-02 02:06:46 | Re: proposal: session server side variables |
| Previous Message | Peter Eisentraut | 2017-01-01 23:04:38 | Re: [HACKERS] French translation encoding |