changing Math.random to SecureRandom

commit: a1fc7e7228d7b8de05bc2cf074f112af757401d0 [log] [tgz]
author: rcaa <rodrigo_cardoso@hotmail.it> Sun Dec 11 19:12:27 2016 -0300
committer: rcaa <rodrigo_cardoso@hotmail.it> Sun Dec 11 19:12:27 2016 -0300
tree: 9aead9b24509f2b15ceb254262fff6858b49c6f2
parent: 4365c8f0b0410f540118868bbfc30f6974db3008 [diff]
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
index d411e50..edbdf02 100644
--- a/src/main/java/com/gitblit/models/UserModel.java
+++ b/src/main/java/com/gitblit/models/UserModel.java

@@ -17,6 +17,7 @@
 

 import java.io.Serializable;

 import java.security.Principal;

+import java.security.SecureRandom;

 import java.util.ArrayList;

 import java.util.Collections;

 import java.util.HashSet;

@@ -662,6 +663,9 @@
 	}

 	

 	public String createCookie() {

-		return StringUtils.getSHA1(String.valueOf(Math.random()));

+		SecureRandom random = new SecureRandom();

+		byte[] values = new byte[20];

+		random.nextBytes(values);

+		return StringUtils.getSHA1(String.valueOf(values));

 	}

 }
commit	a1fc7e7228d7b8de05bc2cf074f112af757401d0	[log] [tgz]
author	rcaa <rodrigo_cardoso@hotmail.it>	Sun Dec 11 19:12:27 2016 -0300
committer	rcaa <rodrigo_cardoso@hotmail.it>	Sun Dec 11 19:12:27 2016 -0300
tree	9aead9b24509f2b15ceb254262fff6858b49c6f2
parent	4365c8f0b0410f540118868bbfc30f6974db3008 [diff]