Closed mashbu closed 4 years ago
What you're referring to is relevant to the case of a traditional server setup where 1 server (or a cluster of servers) handles all requests. In this case, we're using Cloud Function, each execution is independent of all other executions.
ah that makes sense. thank you.
I believe the use of the synchronous version of crypto.randomBytes() in a server context to generate the IV is not recommended. https://nodejs.org/uk/docs/guides/dont-block-the-event-loop/#blocking-the-event-loop-node-js-core-modules
The synchronous version can block the Event Loop and a malicious actor can repeatedly request TempIDs resulting in a possible DOS attack.