[MONGOSH-988] java-shell package should use proper crypto.randomBytes() polyfill - MongoDB Jira

XML

Word

Printable

Details

Type: Task
Status: Needs Triage
Priority: Minor - P4
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- tech-debt

Description

The JS BSON package wants a cryptographically secure randomness source. We use Math.random() here, but that’s not a proper long-term solution:

https://github.com/mongodb-js/mongosh/blob/9e5c1c2184554b6fe2eab8662669a52da219ab88/packages/java-shell/src/main/js/all.js#L1-L3

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Anna Henningsen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: Sep 15 2021 12:23:34 PM UTC

Updated:: Sep 15 2021 02:37:57 PM UTC