Skip site navigation (1) Skip section navigation (2)

gen_random_uuid security not explicit in documentation

From: rightfold(at)gmail(dot)com
To: pgsql-docs(at)postgresql(dot)org
Subject: gen_random_uuid security not explicit in documentation
Date: 2017-01-01 23:20:54
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-docspgsql-hackers
The following documentation comment has been logged on the website:



The C source code of gen_random_uuid reads:

    * Generate random bits. pg_backend_random() will do here, we don't
    * promis UUIDs to be cryptographically random, when built with
    * --disable-strong-random.

However, the pgcrypto documentation does not mention
at all. I think the documentation should mention under which conditions
function returns secure data.

Radek Slupik

P.S. there is also a typo in the C comment: "promis" should be "promise".


pgsql-docs by date

Next:From: Michael PaquierDate: 2017-01-03 12:47:37
Subject: Re: gen_random_uuid security not explicit in documentation
Previous:From: Tom LaneDate: 2016-12-29 23:28:07
Subject: Re: start-up script for OpenBSD

pgsql-hackers by date

Next:From: Craig RingerDate: 2017-01-02 02:06:46
Subject: Re: proposal: session server side variables
Previous:From: Peter EisentrautDate: 2017-01-01 23:04:38
Subject: Re: [HACKERS] French translation encoding

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group