Re: Extending uniqid() or not?
On Sun, 2 Feb 2014, Yasuo Ohgaki wrote:
> Hi all,
>
> uniqid() is producing unique ID for the system which is good for email's
> message ID etc. Many users are using uniqid() as secure unique ID which is
> very bad thing to do for security.
>
> It may be extend to produce safe unique ID
>
> string uniqid(TRUE) - Returns random ID string which is safe to use
> security purposes.
I have always been of the opinion that function's internal workings
should not be affected by an option like this.
> My concern is that uniqid() return both safe and unsafe ID which may
> not be good. We may better to have new function, perhaps
>
> string safe_uniqid([ing $length=64])
Yes, I agree - but we should not make the mistake of calling the
function "safe_" ... firstly because it reminds me of "safe_mode", but
more importantly is that *we* still can't guarantee it's safe. The
underlaying RNG sources are not under out control.
cheers,
Derick
--
http://derickrethans.nl | http://xdebug.org
Like Xdebug? Consider a donation: http://xdebug.org/donate.php
twitter: @derickr and @xdebug
Posted with an email client that doesn't mangle email: alpine
Thread (29 messages)