[jira] [Commented] (SOLR-10338) Configure SecureRandom non blocking

Thu, 23 Mar 2017 10:43:11 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15938874#comment-15938874
 ] 

Hoss Man commented on SOLR-10338:
---------------------------------

bq. I have attached a patch that does this for all unit tests executed from 
ant. 

Is there a similar change we can make to help people running tests from maven? 
(and the IDEs that we have project starter files for in dev-tools?)

bq. In addition it checks if the default algorithm is SHA1PRNG. This may be a 
questionable assert but for the time being we could set it up to make sure all 
the executions are made non-blocking.

For testing purposes asserting that "SHA1PRNG" is always used by the JVM (for 
example: in a SolrTestCaseJ4 \@BeforeClass method) seems like an idea worth 
considering ... if for no other reason then it should help improve randomized 
seed reproducibility across diff JVMs ... we could always have support for 
something like a {{test.solr.allow.any.securerandom=true}} sys prop that users 
could set to override this assert.

bq. Should we change the usage of UUID.randomUUID() to StringHelper.randomId() 
(and possibly add UUID.randomUUID() to forbidden API)? 

forbidding the use of {{UUID.randomUUID()}} in _test_ code might be worth 
considering for the reasons outlined in {{StringHelper.randomId()}} javadocs -- 
but i don't think it should be forbidden in *all* solr code ... in production 
you want things like {{UUIDField}} and {{UUIDUpdateProcessorFactory}} to 
actaully produce "good" {{UUID}} values.

> Configure SecureRandom non blocking
> -----------------------------------
>
>                 Key: SOLR-10338
>                 URL: https://issues.apache.org/jira/browse/SOLR-10338
>             Project: Solr
>          Issue Type: Sub-task
>            Reporter: Mihaly Toth
>            Assignee: Mark Miller
>             Fix For: 4.9, 6.0
>
>         Attachments: SOLR-10338.patch
>
>
> It would be best if SecureRandom could be made non blocking. In that case we 
> could get rid of random entropy exhaustion issue related to all usages of 
> SecureRandom.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to