Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:102100 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 40380 invoked from network); 11 May 2018 09:00:11 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 May 2018 09:00:11 -0000 Authentication-Results: pb1.pair.com header.from=arvids.godjuks@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=arvids.godjuks@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.177 as permitted sender) X-PHP-List-Original-Sender: arvids.godjuks@gmail.com X-Host-Fingerprint: 209.85.216.177 mail-qt0-f177.google.com Received: from [209.85.216.177] ([209.85.216.177:34104] helo=mail-qt0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 74/FA-47313-89B55FA5 for ; Fri, 11 May 2018 05:00:09 -0400 Received: by mail-qt0-f177.google.com with SMTP id m5-v6so6155370qti.1 for ; Fri, 11 May 2018 02:00:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eI84SUZRzlhHhq9m0+vNqQOO/+NsVYitNjJSwhrAlwc=; b=WIB6c3psmjfVN91YwXcUvk4vGa3eHxHZ3Bghd5bi3OCVwNiUdARqi34F+Tjoz1YZzT ZvOkFBugAvCBRP1+c7/5g4KEDRFNHz6S1oyl6xNxzo0oaE4dW3x45cNsCAFr/M9uFRz5 Ak6GCn6qH1JZR/p++FKyYYsOXQXMTBWQnt1IxF4DQiJpAcN3wn4uVRut0cpH0lhpm9V3 iBK/6+UcEx3HVYWuOH4oGt4PJdUr9p/kfnyobzqU4+FU8l0MbbASTKqoMckA+LFMhSS7 V/iZyjLY/suyDX3yf0asMCS4uDfmVOskyMa4N5nLVNJAxi79j/SJMlLF6fomNmISOOWl xKlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eI84SUZRzlhHhq9m0+vNqQOO/+NsVYitNjJSwhrAlwc=; b=hGI73veve4wABikvhaF/p6tO/LyabUU9nP866M1/1FYEkcv6JlBNTYuordRxTUl+rV pZWLn5TFHtB7/sULAubXkSFVYPpBW5x9g3TqH9BvAxzf4SZubc8sG72/zLKcn9i2dSYt O0MELDigTDhxwKQeKTAWWRhwnA4LGasR242KmnEtsPEWpNsvLAA03+llGDW9wfI90XQV gGQ7p1jRTuxBhjzIWNTZn0yuFYDipyO3wGBTRF55DX8+L3RcERUeSt6dw7/fHsVMPIYO kgDxjcpv1Tj6RQ+zrC76BbiUvNF6QzjQrY7nn1EO06Np6ACUgd6+1vnwA8tfutEIHK9B Uk+w== X-Gm-Message-State: ALKqPwf/uKSTah0y9YOZ4etDeVA49xRm1aG5mxUGV5Pnw78SfVQ660rY e4O0gGIQXCcMCuf3FeYgiWPd9UJPQ+JGHzkfiFVfg1yz X-Google-Smtp-Source: AB8JxZqZenKhcJuOf0c+nlwJM48kklRGASE1dbw6YMShYakGvboJESPuxln0WMvTthn1Ddc3R5j8pGqoK8onfj1ExrQ= X-Received: by 2002:a0c:bc85:: with SMTP id l5-v6mr4368873qvg.242.1526029205803; Fri, 11 May 2018 02:00:05 -0700 (PDT) MIME-Version: 1.0 Received: by 10.12.241.20 with HTTP; Fri, 11 May 2018 01:59:35 -0700 (PDT) In-Reply-To: References: Date: Fri, 11 May 2018 10:59:35 +0200 Message-ID: To: Niklas Keller Cc: PHP Internals Content-Type: multipart/alternative; boundary="000000000000ba97c9056bea5cb5" Subject: Re: [PHP-DEV] [RFC] Deprecation of uniqid() From: arvids.godjuks@gmail.com (Arvids Godjuks) --000000000000ba97c9056bea5cb5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2018-05-10 16:33 GMT+02:00 Niklas Keller : > Hey, > > I hereby propose to deprecate uniqid(). There have been attempts to fix i= t > ( > https://wiki.php.net/rfc/uniqid), but those were rejected during > discussion, because there's no possible fix without breaking BC. Instead = of > a subtle BC break, this RFC favors the deprecation and moving users to > other functions. > > It's to be discussed whether the function should be removed with PHP 8.0 = or > just deprecated to avoid fully breaking things where it's not strictly > necessary. A deprecation will probably avoid most new usages, which is th= e > main goal. > > RFC: https://wiki.php.net/rfc/deprecate-uniqid > > Kind Regards, > Niklas > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > Hello, as a userland user of this function I do disagree with it's outright removal. It has it's uses. What can be done with it is drop the $more_entropy flag and make it generate at least as long strings and use random_bytes under the hood for a better random. It can also adopt a length parameter so you can vary the random part as much as you need it. You don't always need a truly random token - I have a system that uses uniqid to generate tens of thousands tokens per request and it's actually a good thing they are time based at the start of it with a random part at the end (as I said the random part should be improved and get rid of that stupid dot when generating with $more_entropy =3D true). --=20 Arv=C4=ABds Godjuks +371 26 851 664 arvids.godjuks@gmail.com Skype: psihius Telegram: @psihius https://t.me/psihius --000000000000ba97c9056bea5cb5--