Re: Request #65501 uniqid(): More entropy parameter should be true by default

From:	Yasuo Ohgaki	Date:	Fri, 23 Aug 2013 22:58:57 +0000
Subject:	Re: Request #65501 uniqid(): More entropy parameter should be true by default
References:	1 2 3 4 5 6	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On Sat, Aug 24, 2013 at 7:14 AM, Yasuo Ohgaki <[email protected]> wrote:

> We shouldn't alter language design for people making bad decisions.
>> Instead, we should work on documentation and education to fix those kinds
>> of problems.
>>
>
> We definitely should do this. I agree.
>

I agree with part of documentation and education :)
uniqid() is not adequate for payment nor authentication.

It is preferred that adopting secure defaults for new release.
People do mistakes and don't read documentation. Better security
by default is the way to go. IMHO.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (19 messages)

• Yasuo OhgakiThu, 22 Aug 2013 10:58:58 +0000
  • Nikita PopovThu, 22 Aug 2013 12:06:27 +0000
  • Tjerk MeestersThu, 22 Aug 2013 12:10:27 +0000
    • Andreas HeiglThu, 22 Aug 2013 12:20:46 +0000
      • Marco PivettaThu, 22 Aug 2013 12:28:06 +0000
    • Adam HarveyThu, 22 Aug 2013 15:56:46 +0000
  • Sebastian KrebsThu, 22 Aug 2013 12:39:28 +0000
    • LeighThu, 22 Aug 2013 13:23:36 +0000
      • Sebastian KrebsThu, 22 Aug 2013 13:44:01 +0000
      • Yasuo OhgakiFri, 23 Aug 2013 00:32:20 +0000
        • Yasuo OhgakiFri, 23 Aug 2013 01:24:09 +0000
          • David MuirFri, 23 Aug 2013 03:03:25 +0000
            • Yasuo OhgakiFri, 23 Aug 2013 21:53:20 +0000
              • Lars StrojnySat, 24 Aug 2013 09:28:47 +0000
                • Nikita PopovSat, 24 Aug 2013 10:08:47 +0000
                  • Lars StrojnySat, 24 Aug 2013 10:30:53 +0000
        • Anthony FerraraFri, 23 Aug 2013 14:12:45 +0000
          • Yasuo OhgakiFri, 23 Aug 2013 22:14:56 +0000
            • Yasuo OhgakiFri, 23 Aug 2013 22:58:57 +0000