[gatein-issues] [JBoss JIRA] (GTNPORTAL-2771) Ensure that generated rememberme token is really unique
RH Bugzilla Integration (JIRA)
jira-events at lists.jboss.org
Tue Jan 29 07:46:47 EST 2013
[ https://issues.jboss.org/browse/GTNPORTAL-2771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12751011#comment-12751011 ]
RH Bugzilla Integration commented on GTNPORTAL-2771:
----------------------------------------------------
vramik at redhat.com made a comment on [bug 887972|https://bugzilla.redhat.com/show_bug.cgi?id=887972]
I've verified that changes from https://github.com/gatein/gatein-portal/pull/296 are applied in git://git.app.eng.bos.redhat.com/gatein/gatein-portal.git tag 3.5.1.Final-redhat-1, which is tag for er05
> Ensure that generated rememberme token is really unique
> -------------------------------------------------------
>
> Key: GTNPORTAL-2771
> URL: https://issues.jboss.org/browse/GTNPORTAL-2771
> Project: GateIn Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: Marek Posolda
> Assignee: Marek Posolda
> Labels: EPP6.0-Test-Dev
> Fix For: 3.6.0.Final
>
>
> Currently we are generating random rememberme tokens based on random int number (random.nextInt()). In systems with millions or many thousands login, this discriminator is not enough.
> We should improve it and fix it either by:
> 1) Ensure that generated token is really unique. In system with many logins the random number may not be unique enough, so we need to add other info (like System.currentTimeMillis() or counter or both...)
> 2) In case that token already exists, we should generate other one instead of refresh the current one.
> Maybe combination of both approaches would be best :-)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the gatein-issues
mailing list