diff options
author | Thiago Macieira <thiago.macieira@intel.com> | 2017-06-12 16:12:30 -0700 |
---|---|---|
committer | Timur Pocheptsov <timur.pocheptsov@qt.io> | 2017-06-30 07:34:19 +0000 |
commit | 191dd6e89fdca2108cfaf405e968a980ec6728ee (patch) | |
tree | 79125085ae7ab7bf1aa0fe5876b3d51a9af1b5ff /src/websockets/qmaskgenerator.cpp | |
parent | 26e56e18eb234df4a782737cd3c8d8d11daead2c (diff) | |
download | qtwebsockets-191dd6e89fdca2108cfaf405e968a980ec6728ee.tar.gz |
Change the mask generator to use QRandomGenerator instead of qs?rand
This makes it secure, instead of insecure, and requires no seeding.
Task-number: QTBUG-61694
Change-Id: Ia53158e207a94bf49489fffd14c782bd4ec24946
Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io>
Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
Diffstat (limited to 'src/websockets/qmaskgenerator.cpp')
-rw-r--r-- | src/websockets/qmaskgenerator.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp index 064ada2..56d1223 100644 --- a/src/websockets/qmaskgenerator.cpp +++ b/src/websockets/qmaskgenerator.cpp @@ -50,7 +50,7 @@ malicious scripts from attacking badly behaving proxies. For more information about the importance of good masking, see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}. - By default QWebSocket uses the cryptographically insecure qrand() function. + By default QWebSocket uses the reasonably secure QRandomGenerator::get32() function. The best measure against attacks mentioned in the document above, is to use QWebSocket over a secure connection (\e wss://). In general, always be careful to not have 3rd party script access to |