curl-library
Re: Calls to srand() in Curl_FormBoundary()
Date: Thu, 11 Jun 2009 15:54:10 +0200 (CEST)
On Wed, 10 Jun 2009, Michael Wood wrote:
>> But removing it all together, now, could make it totally unseeded for
>> current apps. Wouldn't it be good enough to move the srand() call to the
>> curl_global_init() function?
>
> That would be better than the current situation, but if the app also calls
> srand() itself then curl's call to srand might interfere with it. I suppose
> the workaround would be to call srand() after curl_global_init().
Is that really a way to interfere less with the app?
I mean, the primary reason for the srand() in there in the first place is to
make sure there is some (basic) seeding done. So currently we already
interfere big-time.
If we'd do the seeding in the curl_global_init() function we'd get the benefit
of only doing it once no matter how many handles or threads the app decides to
use/run. And applications that for some reason must have their own seeding can
reseed it after curl_global_init() is called.
If we'd do it after curl_global_init(), it would basically have to be done
in the *perform() functions and then we can't just do it once for the entire
app and it would be harder for apps to insist on their own seeding since we'd
override that exactly at the moment we're about to transfer data!
Thinking about it. We can in fact introduced a new "flag" to
curl_global_init() that inhibits the seeding completely, for those apps that
would consider it bad.
-- / daniel.haxx.seReceived on 2009-06-11