> On June 21, 2020, 10:37 p.m., Abhay Kulkarni wrote: > > agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java > > Lines 299 (patched) > > <https://reviews.apache.org/r/72608/diff/1/?file=2234815#file2234815line299> > > > > Although secureRandom object can be slow at times, the black-duck scan > > may flag this as a security issue.
When every audit log needs a new UUID, we shall stick to random() as secureRandom() will be very slow and will block the operation done. - Ramesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/72608/#review221039 ----------------------------------------------------------- On June 22, 2020, 8:38 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/72608/ > ----------------------------------------------------------- > > (Updated June 22, 2020, 8:38 p.m.) > > > Review request for ranger, Abhay Kulkarni and Madhan Neethiraj. > > > Bugs: RANGER-2869 > https://issues.apache.org/jira/browse/RANGER-2869 > > > Repository: ranger > > > Description > ------- > > RANGER-2869: Ranger audit module to provide an option to generate a UUID for > each audit log > > > Diffs > ----- > > agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java > b7315a9 > > agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java > 137fd1f > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java > b82ff29 > > > Diff: https://reviews.apache.org/r/72608/diff/2/ > > > Testing > ------- > > Verified in Local vm - Audit logs has the Strict UUID when > "xasecure.audit.auditid.strict.uuid=true", else exisiting logic of appending > the UUID with sequence is happening. > > > Thanks, > > Ramesh Mani > >
