gen_random_uuid security not explicit in documentation

rightfold@gmail.com

From: rightfold@gmail.com
To: pgsql-docs@postgresql.org
Date: 2017-01-01T23:20:54Z
Lists: pgsql-hackers, pgsql-docs
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.6/static/pgcrypto.html
Description:

Hello,

The C source code of gen_random_uuid reads:

    /*
    * Generate random bits. pg_backend_random() will do here, we don't
    * promis UUIDs to be cryptographically random, when built with
    * --disable-strong-random.
    */

However, the pgcrypto documentation does not mention
--disable-strong-random
at all. I think the documentation should mention under which conditions
the
function returns secure data.

Radek Slupik

P.S. there is also a typo in the C comment: "promis" should be "promise".


Commits

  1. Forbid gen_random_uuid() with --disable-strong-random