Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68616 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 87214 invoked from network); 23 Aug 2013 22:59:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Aug 2013 22:59:42 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.45 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.45 mail-la0-f45.google.com Received: from [209.85.215.45] ([209.85.215.45:60835] helo=mail-la0-f45.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DC/42-04818-D59E7125 for ; Fri, 23 Aug 2013 18:59:41 -0400 Received: by mail-la0-f45.google.com with SMTP id eh20so943285lab.32 for ; Fri, 23 Aug 2013 15:59:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=D0xyO51AEawLEBxJawOYr+TQN+3TRYrtp5d/Z3h2tT8=; b=nfltutGePjrnUGYqeNqXaDdOZMTjK6T24/+0hh+yTCw9q/Aw+fMySO3u53dHv/8iOF mNJJCWzMEh7Go1HDAmtSP8u3m7ZvsuzMi5zkDGWJnZhbjHE9TNW8sJhla8wH0YR4UGF/ 0RKcxMsa/qm1kzyAtla8Die3Va47/wTBHG3fDlFliX0j+TknSLIg4kmTYDO/1Nk7XM5z KJ2TWJ75eVKAau1Mn75plo3Ls2T+AkR1+8Brdtr9kjpotcMn1GpuFrO4TvTISjyxSMRl rDJFXDhz3GPD0BGmGR+AFxeJ9+126aq94Dda1tHXwcmgcUl17/e1pZ1wC4LT1BNtvS5O BERg== X-Received: by 10.112.28.109 with SMTP id a13mr976551lbh.3.1377298778009; Fri, 23 Aug 2013 15:59:38 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.154.201 with HTTP; Fri, 23 Aug 2013 15:58:57 -0700 (PDT) In-Reply-To: References: Date: Sat, 24 Aug 2013 07:58:57 +0900 X-Google-Sender-Auth: 6-H9lqZUvv7Ezj_R0iHLb1PJF5s Message-ID: To: Anthony Ferrara Cc: Leigh , Sebastian Krebs , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a1133f72669b98604e4a55c15 Subject: Re: [PHP-DEV] Request #65501 uniqid(): More entropy parameter should be true by default From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a1133f72669b98604e4a55c15 Content-Type: text/plain; charset=UTF-8 On Sat, Aug 24, 2013 at 7:14 AM, Yasuo Ohgaki wrote: > We shouldn't alter language design for people making bad decisions. >> Instead, we should work on documentation and education to fix those kinds >> of problems. >> > > We definitely should do this. I agree. > I agree with part of documentation and education :) uniqid() is not adequate for payment nor authentication. It is preferred that adopting secure defaults for new release. People do mistakes and don't read documentation. Better security by default is the way to go. IMHO. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a1133f72669b98604e4a55c15--