AlbericByte commented on code in PR #16757:
URL: https://github.com/apache/druid/pull/16757#discussion_r1694520966
##########
server/src/main/java/org/apache/druid/client/cache/MemcachedCache.java:
##########
@@ -641,14 +641,14 @@ public void close()
public static final int MAX_PREFIX_LENGTH =
MemcachedClientIF.MAX_KEY_LENGTH
- - 40 // length of namespace hash
- - 40 // length of key hash
+ - 64 // length of namespace hash
+ - 64 // length of key hash
- 2; // length of separators
private static String computeKeyHash(String memcachedPrefix, NamedKey key)
{
// hash keys to keep things under 250 characters for memcached
- return memcachedPrefix + ":" + DigestUtils.sha1Hex(key.namespace) + ":" +
DigestUtils.sha1Hex(key.key);
+ return memcachedPrefix + ":" + DigestUtils.sha256Hex(key.namespace) + ":"
+ DigestUtils.sha256Hex(key.key);
Review Comment:
@cryptoe @FrankChen021
I will deploy and verify it, seems Tiger-192 is risky from GitHub security
bot. should we go SHA-256 or continue Tiger-192.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For additional commands, e-mail: commits-h...@druid.apache.org
