On Thu, Aug 22, 2013 at 10:23 PM, Leigh <lei...@gmail.com> wrote: > On 22 August 2013 13:39, Sebastian Krebs <krebs....@gmail.com> wrote: > >> Tbh I don't get the real problem with the _current_ behaviour. Who need >> the >> entropy, can set it as second parameter and I am not sure, if it is wise >> to >> use uniqid() for _security purposes_. >> > > It's absolutely not wise to use it for anything security related, the > purpose of the function is simply to provide a unique value within a > system, not a random value, not an unpredictable value. >
I agree. However, I suppose there are many applications that rely on uniqid() for critical features like payment or authentication. We need better function as basic feature of PHP. unique_hash() or hash_unique() might be good. UUID works and is much better but generating unique hash just like session ID is trivial to implement. Any comments on this? -- Yasuo Ohgaki yohg...@ohgaki.net
