use better random for URLs and delete keys
Using a PRNG seeded based on only the time for these is a bad idea as the output is predictable. Instead, use a package that generates random strings using go's crypo/rand package to provide cryptographically secure random URLs and delete keys.
This commit is contained in:
parent
8f7b47f572
commit
98106ec74f
@ -16,6 +16,7 @@ import (
|
||||
"strings"
|
||||
|
||||
"bitbucket.org/taruti/mimemagic"
|
||||
"github.com/dchest/uniuri"
|
||||
"github.com/zenazn/goji/web"
|
||||
)
|
||||
|
||||
@ -219,7 +220,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
|
||||
|
||||
// If no delete key specified, pick a random one.
|
||||
if upReq.deletionKey == "" {
|
||||
upload.DeleteKey = randomString(30)
|
||||
upload.DeleteKey = uniuri.NewLen(30)
|
||||
} else {
|
||||
upload.DeleteKey = upReq.deletionKey
|
||||
}
|
||||
@ -240,7 +241,7 @@ func processUpload(upReq UploadRequest) (upload Upload, err error) {
|
||||
}
|
||||
|
||||
func generateBarename() string {
|
||||
return randomString(8)
|
||||
return uniuri.NewLenChars(8, []byte("abcdefghijklmnopqrstuvwxyz0123456789"))
|
||||
}
|
||||
|
||||
func generateJSONresponse(upload Upload) []byte {
|
||||
|
Loading…
Reference in New Issue
Block a user