Skip site navigation (1) Skip section navigation (2)

gen_random_uuid security not explicit in documentation

From: rightfold(at)gmail(dot)com
To: pgsql-docs(at)postgresql(dot)org
Subject: gen_random_uuid security not explicit in documentation
Date: 2017-01-01 23:20:54
Message-ID: 20170101232054.10135.50528@wrigleys.postgresql.org (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-docspgsql-hackers
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.6/static/pgcrypto.html
Description:

Hello,

The C source code of gen_random_uuid reads:

    /*
    * Generate random bits. pg_backend_random() will do here, we don't
    * promis UUIDs to be cryptographically random, when built with
    * --disable-strong-random.
    */

However, the pgcrypto documentation does not mention
--disable-strong-random
at all. I think the documentation should mention under which conditions
the
function returns secure data.

Radek Slupik

P.S. there is also a typo in the C comment: "promis" should be "promise".


Responses

pgsql-docs by date

Next:From: Michael PaquierDate: 2017-01-03 12:47:37
Subject: Re: gen_random_uuid security not explicit in documentation
Previous:From: Tom LaneDate: 2016-12-29 23:28:07
Subject: Re: start-up script for OpenBSD

pgsql-hackers by date

Next:From: Craig RingerDate: 2017-01-02 02:06:46
Subject: Re: proposal: session server side variables
Previous:From: Peter EisentrautDate: 2017-01-01 23:04:38
Subject: Re: [HACKERS] French translation encoding

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group