changing Math.random to SecureRandom

author: rcaa <rodrigo_cardoso@hotmail.it> 2016-12-11 19:12:27 -0300
committer: rcaa <rodrigo_cardoso@hotmail.it> 2016-12-11 19:12:27 -0300
commit: a1fc7e7228d7b8de05bc2cf074f112af757401d0 (patch)
tree: 9aead9b24509f2b15ceb254262fff6858b49c6f2
parent: 4365c8f0b0410f540118868bbfc30f6974db3008 (diff)
download: gitblit-a1fc7e7228d7b8de05bc2cf074f112af757401d0.tar.gz
gitblit-a1fc7e7228d7b8de05bc2cf074f112af757401d0.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
index d411e504..edbdf028 100644
--- a/src/main/java/com/gitblit/models/UserModel.java
+++ b/src/main/java/com/gitblit/models/UserModel.java
@@ -17,6 +17,7 @@ package com.gitblit.models;
 
 import java.io.Serializable;
 import java.security.Principal;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -662,6 +663,9 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 	}
 	
 	public String createCookie() {
-		return StringUtils.getSHA1(String.valueOf(Math.random()));
+		SecureRandom random = new SecureRandom();
+		byte[] values = new byte[20];
+		random.nextBytes(values);
+		return StringUtils.getSHA1(String.valueOf(values));
 	}
 }
author	rcaa <rodrigo_cardoso@hotmail.it>	2016-12-11 19:12:27 -0300
committer	rcaa <rodrigo_cardoso@hotmail.it>	2016-12-11 19:12:27 -0300
commit	a1fc7e7228d7b8de05bc2cf074f112af757401d0 (patch)
tree	9aead9b24509f2b15ceb254262fff6858b49c6f2
parent	4365c8f0b0410f540118868bbfc30f6974db3008 (diff)
download	gitblit-a1fc7e7228d7b8de05bc2cf074f112af757401d0.tar.gz gitblit-a1fc7e7228d7b8de05bc2cf074f112af757401d0.zip