Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(peer): use secure lazy random uuid #64

Merged
merged 1 commit into from
Aug 7, 2024
Merged

feat(peer): use secure lazy random uuid #64

merged 1 commit into from
Aug 7, 2024

Conversation

pi0
Copy link
Member

@pi0 pi0 commented Aug 7, 2024

Peer ids used to be derived from a global counter. This can lead to security issues if relying on id to identify clients and also expose server info.

Using randomUUID crypto utility, we lazily assign them random ids.

Uncrypto dep is added since sadly Node.js 18 is still a thing until mid next year it is EOL... (bundle overhead is almost zero for other runtimes)

@pi0 pi0 self-assigned this Aug 7, 2024
@pi0 pi0 merged commit b665048 into main Aug 7, 2024
3 checks passed
@pi0 pi0 deleted the feat/secure-id branch August 7, 2024 10:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant