mindlesscloud opened a new issue, #5129: URL: https://github.com/apache/incubator-devlake/issues/5129
## What and why to refactor Currently, the `math/rand` package is used for generating random numbers in our application. However, this package is not intended for handling secure information such as passwords and secret keys. ## Describe the solution you'd like To ensure the security of our application, we should consider using a package specifically designed for handling such sensitive information. There are several well-known packages available in Go, such as `crypto/rand` and `golang.org/x/crypto/rand`, which are designed to generate cryptographically secure random numbers suitable for use in password and secret key generation. Therefore, I suggest we consider using a secure package for password and secret key handling instead of relying on `math/rand`. ## Related issues No ## Additional context No -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
