Random GUIDs and UUID, and Randomizer.java #737
Assignees
Labels
Comments
|
Unless anyone has some objection, I propose that ESAPI's UUID.randomUUID()where the That returns a Type 4 UUID as defined in RFC4122. The implementation of the |
|
If this method was created to fill a void of the java runtime that has since been provided, then I think it's worth considering deprecating |
|
Oh, I will note it as @deprecated as well.
…-kevin
On Mon, Aug 22, 2022, 6:55 PM jeremiahjstacey ***@***.***> wrote:
If this method was created to fill a void of the java runtime that has
since been provided, then I think it's worth considering deprecating
DefaultRandomizer.getRandomGUID() in favor of the java-supplied UUID
method?
—
Reply to this email directly, view it on GitHub
<#737 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAO6PG2P6FY7NRTR5MIGPGDV2QANVANCNFSM57JE3RKQ>
.
You are receiving this because you were assigned.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[Extracted from a post by @noloader to the ESAPI-Project-Users list on August 22, 2022.]
Describe the bug
It looks like Randomizer.java is providing random UUIDs. The reference
given is dead.[1] I went back to 2007 and the IETF returned 404's.
Nowadays I think you should use RFC 1422 and UUIDv4.[2] From Section
4.1.3 of [2]:
[1] http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt
[2] https://datatracker.ietf.org/doc/html/rfc4122
Specify what ESAPI version(s) you are experiencing this bug in
ESAPI 2.5.0.
Expected behavior
A random Version-4 type UUID, conformant with RFC 4122, should be produced when calling:
The text was updated successfully, but these errors were encountered: