Re: Request #65501 uniqid(): More entropy parameter should be true by default
Yasuo,
> It's absolutely not wise to use it for anything security related, the
> > purpose of the function is simply to provide a unique value within a
> > system, not a random value, not an unpredictable value.
> >
>
> I agree.
>
> However, I suppose there are many applications that rely on uniqid() for
> critical features like payment or authentication.
>
Sure, and people use eval() for conditionals and goto for code
structure.
We shouldn't alter language design for people making bad decisions.
Instead, we should work on documentation and education to fix those kinds
of problems.
> We need better function as basic feature of PHP. unique_hash() or
> hash_unique() might be good. UUID works and is much better but generating
> unique hash just like session ID is trivial to implement.
>
What would this do? How would it work? Would it just be a statistically
unique hash? At which point why have it named on hash instead of just
being a large random number (and hence belongs as a random number
generator, not a unique hash thingy)...
My $0.02.
Anthony
Thread (19 messages)