[Tickets #7447] Re: Audit for inappropriate use of mt_rand()
bugs at horde.org
bugs at horde.org
Fri Apr 1 19:54:06 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7447
------------------------------------------------------------------------------
Ticket | 7447
Updated By | Jan Schneider <jan at horde.org>
Summary | Audit for inappropriate use of mt_rand()
Queue | Horde Base
Version | Git master
Type | Bug
State | Assigned
Priority | 2. Medium
Milestone | 4.0
Patch |
Owners | Horde Developers, Chuck Hagenbuch
------------------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2011-04-01 19:54) wrote:
>> Horde_Util::createTempDir()
>> Gollem_Api::setSelectlist()
>
> These have nothing to do with security AFAIK - they are simply
> intended to create non-colliding identifiers.
It could theoretically be used for information leakage if another
application or host is using the same temp directory. But like I said,
this is really picky.
More information about the bugs
mailing list