Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(mysql): improve random(with LCG) password for mysql user #517

Closed
wants to merge 1 commit into from
Closed

fix(mysql): improve random(with LCG) password for mysql user #517

wants to merge 1 commit into from

Conversation

avinzheng
Copy link

@avinzheng avinzheng commented Nov 2, 2017
edited
Loading

fix: #511

@coveralls
Copy link

Coverage Status

Coverage increased (+0.1%) to 81.702% when pulling c4bc2a1 on imzhengfei:master into 53a3425 on TryGhost:master.

@avinzheng avinzheng changed the title fix(mysql): improve random password for mysql user #511 fix(mysql): improve random(with LCG) password for mysql user Nov 3, 2017
@avinzheng
Copy link
Author

Use Linear Congruential Generator to generate a random number between 0 and 1, in stead of Math.random().

@coveralls
Copy link

Coverage Status

Coverage increased (+0.2%) to 81.747% when pulling 9717fde on imzhengfei:master into 53a3425 on TryGhost:master.

vikaspotluri123
vikaspotluri123 reviewed Nov 6, 2017
View reviewed changes
extensions/mysql/index.js Outdated
const generateRandomPassword = () => {
/**
* LCG Random
* @example cosnt random = (lcgRandom())

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@avinzheng
Copy link
Author

fixed a spelling error

@coveralls
Copy link

Coverage Status

Coverage increased (+0.2%) to 81.747% when pulling f8dcf0d on imzhengfei:master into 53a3425 on TryGhost:master.

acburdine
acburdine requested changes Nov 10, 2017
View reviewed changes
Copy link
Member

@acburdine acburdine left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@imzhengfei sorry for the delay on this! would it be possible to move the generateRandomPassword function to a method on the nginx extension class? keeps things a bit cleaner :)

@vikaspotluri123 vikaspotluri123 mentioned this pull request Nov 14, 2017
Closed
@avinzheng
Copy link
Author

@acburdine I am not sure, do you mean MySQLExtension class ?

@acburdine
Copy link
Member

@imzhengfei my apologies, yes that's what I meant.

However, as I commented here, there's another issue in that the initial create user command is what actually is triggering the insecure password error - so we need to find a way around that as well.

@acburdine
Copy link
Member

Closing in favor of #546 -> ultimately it required other changes than this. @gompa's approach in #534 was a bit better than this I think too - it was less code to maintain + the library used in that PR uses crypto.randomBytes rather than something based off of a technically predictable seed.

@acburdine acburdine closed this Nov 18, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vikaspotluri123 vikaspotluri123 vikaspotluri123 left review comments

@acburdine acburdine acburdine requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@avinzheng @coveralls @acburdine @vikaspotluri123