org.springframework.cache.interceptor.DefaultKeyGenerator has too weak hashing functionality [SPR-9377] #14013
Comments
|
Hans-Peter Störr commented This seems more or less a duplicate of #13675 and is IMHO a very ugly bug, not an improvement. Luckily I saw it during code review. :-) See my suggestion there. |
|
Andrey Karandey commented Anyway, i did not find any strong recommendation not to use this default implementation, so people might use it without any limitations. |
|
Hans-Peter Störr commented md5 would be better, but I'd rather not use any kind of hashing - see my comment on #13675. |
|
Tim Lenz commented Regardless of possible better implementations, I believe there is a bug in the default implementation. If you have a method with only one object parameter, that parameter is never hashed, it's simply returned. I've made my own key generator where I changed this: if (params.length == 1) { to this: if (params.length == 1 && params[0] == null) { Now a single non-null object parameter will still be hashed, as occurred already for methods with more than one parameter. |
Uh oh!
There was an error while loading. Please reload this page.
Andrey Karandey opened SPR-9377 and commented
Key generating has a weak hashing function. Next results are equal:
generate( object1,method1,new Integer( 109 ),new Integer( 434)));
generate( object1,method1,new Integer( 110 ),new Integer( 403)));
It was pity to catch it on production...
Affects: 3.1.1
Issue Links:
3 votes, 4 watchers
The text was updated successfully, but these errors were encountered: