Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:109972
Return-Path: <php.lists@allenjb.me.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66631 invoked from network); 2 May 2020 20:23:23 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 2 May 2020 20:23:23 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 70BA9180088
	for <internals@lists.php.net>; Sat,  2 May 2020 11:57:37 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS8943 85.119.80.0/21
X-Spam-Virus: No
X-Envelope-From: <php.lists@allenjb.me.uk>
Received: from mail.apserver.co.uk (server2.alteredperspective.co.uk [85.119.82.103])
	by php-smtp4.php.net (Postfix) with ESMTP
	for <internals@lists.php.net>; Sat,  2 May 2020 11:57:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by mail.apserver.co.uk (Postfix) with ESMTP id AB57C4F4064
	for <internals@lists.php.net>; Sat,  2 May 2020 19:56:23 +0100 (BST)
Received: from mail.apserver.co.uk ([127.0.0.1])
	by localhost (server2.alteredperspective.co.uk [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id TqprrwYGo9rg for <internals@lists.php.net>;
	Sat,  2 May 2020 19:56:21 +0100 (BST)
Received: from [192.168.0.4] (cpc113420-maid7-2-0-cust1808.20-1.cable.virginm.net [86.18.119.17])
	by mail.apserver.co.uk (Postfix) with ESMTPA id C56DA4F4061
	for <internals@lists.php.net>; Sat,  2 May 2020 19:56:21 +0100 (BST)
To: PHP Internals <internals@lists.php.net>
Message-ID: <9e3b1604-8d0a-9db4-aab6-e5f2198252f4@allenjb.me.uk>
Date: Sat, 2 May 2020 19:57:32 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101
 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB
Subject: Deprecating uniqid()
From: php.lists@allenjb.me.uk (AllenJB)

Hi all,

I'd like to discuss deprecating uniqid()

I believe it's dangerously bad a doing "what it says on the tin". New 
developers still reach for it and do not read the warnings on the manual 
page (or if they do, don't fully understand how bad it is).

For older codebases that still rely on it, a userland replacement can be 
easily implemented (and could be published on Packagist).

I noticed there was an RFC [0][1] brought up 2 years ago, but was never 
voted on. Does anyone know why this was?

[0] https://externals.io/message/102097
[1] https://wiki.php.net/rfc/deprecate-uniqid

Is there interest in deprecating this function?

If not deprecation, how could it be (further) "improved"? My first 
thought is to make the "more entropy" option enabled by default (the 
argument could remain so that it can be disabled by codebases that rely 
on the lower length and can take the tradeoffs).

AllenJB