From 137fd6a08117532a85e0fe6df888c99b3cd496bf Mon Sep 17 00:00:00 2001
From: Artur Signell <artur.signell@itmill.com>
Date: Tue, 1 Jun 2010 16:20:46 +0000
Subject: [PATCH] Use UUID instead of Math.random() for stronger security key

svn changeset:13482/svn branch:6.4
---
 .../terminal/gwt/server/AbstractCommunicationManager.java      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java b/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java
index 55f9d13fea..d8664e216c 100644
--- a/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java
+++ b/src/com/vaadin/terminal/gwt/server/AbstractCommunicationManager.java
@@ -34,6 +34,7 @@ import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.StringTokenizer;
+import java.util.UUID;
 
 import javax.portlet.PortletRequest;
 import javax.portlet.PortletResponse;
@@ -672,7 +673,7 @@ public abstract class AbstractCommunicationManager implements
             String seckey = (String) request.getSession().getAttribute(
                     ApplicationConnection.UIDL_SECURITY_TOKEN_ID);
             if (seckey == null) {
-                seckey = "" + (int) (Math.random() * 1000000);
+                seckey = UUID.randomUUID().toString();
                 request.getSession().setAttribute(
                         ApplicationConnection.UIDL_SECURITY_TOKEN_ID, seckey);
             }
-- 
2.39.5