Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87881
Return-Path: <inefedor@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 45214 invoked from network); 23 Aug 2015 16:28:05 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Aug 2015 16:28:05 -0000
Authentication-Results: pb1.pair.com smtp.mail=inefedor@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=inefedor@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.46 as permitted sender)
X-PHP-List-Original-Sender: inefedor@gmail.com
X-Host-Fingerprint: 209.85.215.46 mail-la0-f46.google.com  
Received: from [209.85.215.46] ([209.85.215.46:34209] helo=mail-la0-f46.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DA/93-27100-494F9D55 for <internals@lists.php.net>; Sun, 23 Aug 2015 12:28:04 -0400
Received: by laba3 with SMTP id a3so64731403lab.1
        for <internals@lists.php.net>; Sun, 23 Aug 2015 09:28:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=content-type:subject:mime-version:from:in-reply-to:date
         :content-transfer-encoding:message-id:references:to;
        bh=07HHak9xht8pJaCKciC97f2ih2ditsoP1mkSxqE+7f0=;
        b=neSWDShzbn3Couj+E3wM0/rzmRHY+4R5YJxehQky2ok0N5pIvNgLprdufMf/z+IddV
         M3IgktLrRwYKOmjaKZ080NIv9Q13Bc3hTjy41Afip/PkyqJhnPLH1w99gQOY2YPiXzUR
         jfjw2V1Ciq/vMKO0ZsLjHYnznu4DbON8hQv9Ea2Yu54wIup0QTAnSOcsSjAJECleZzx7
         0MUkxWFGZYHR16fz6c8JXzx6jaBoJKD3Bhiq5XWTlVg9MWPdh2+20xudX4uCqrZm6PsZ
         dYUnRt/czdrbJkrDEATim8X8HJSOJPCO+D+okEdrjf34UEt5yuqR/eQ4PwpBDc3rmdE1
         XkMQ==
X-Received: by 10.152.20.228 with SMTP id q4mr15895381lae.74.1440347281530;
        Sun, 23 Aug 2015 09:28:01 -0700 (PDT)
Received: from [10.241.43.191] ([31.173.84.24])
        by smtp.gmail.com with ESMTPSA id w3sm4307141lag.13.2015.08.23.09.28.00
        for <internals@lists.php.net>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Sun, 23 Aug 2015 09:28:00 -0700 (PDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (12H143)
In-Reply-To: <20150823153705.F0BDD26052F@dd15934.kasserver.com>
Date: Sun, 23 Aug 2015 19:27:59 +0300
Content-Transfer-Encoding: quoted-printable
Received: from [10.245.194.221] ([195.16.110.204]) by smtp.gmail.com with ESMTPSA id z1sm4287045lbj.11.2015.08.23.09.25.06 for <mails@thomasbley.de> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sun, 23 Aug 2015 09:25:06 -0700 (PDT)
Message-ID: <092B2991-5D96-48E2-882D-ABF9DAAC3AC3@gmail.com>
References: <20150823153705.F0BDD26052F@dd15934.kasserver.com>
To: internals@lists.php.net
Subject: Re: [PHP-DEV] [RFC] [Discuss] Random Functions Throwing Exceptions in PHP 7.0.0
From: inefedor@gmail.com (Nikita Nefedov)



> On 23 Aug 2015, at 18:37, Thomas Bley <mails@thomasbley.de> wrote:
>=20
>=20
> consider this code:
>=20
> declare(strict_types=3D0);
> ini_set('display_errors', '1');
>=20
> function get_random_int(): int {
> return false;
> }
> echo get_random_int();
>=20
> and then use strict_types=3D1

So you're implying that in case of returning false with strict_types turned o=
n that would just throw a TypeError? That would be a bug in PHP. If you were=
 saying that in this case it should throw a different kind of error (the one=
 that was proposed by Anthony initially) then it wouldn't make sense again b=
ecause then you're creating a straight relation between having strict_types m=
ode turned on and random_int() throwing exception about not getting a reliab=
le source of entropy.


> Even correct return values of random_int() might create bad passwords.
> So I propose to have a function in core which tests the strength of the pa=
ssword:
>=20
> $password =3D '';
> for ($i =3D 0; $i < 10; $i++) {
> $password .=3D $characters[random_int(0, 30)];
> }
> if (password_strength($password) < PHP_PASSWORD_STRONG) {
>   throw new Exception("password not strong enough");
> }

I don't think it's a good idea, a language delivers features that user would=
 have a hard time implementing themselves, a small blocks from which you can=
 build whatever you want. A function that checks if a string contains alpha-=
numeric symbols as well as punctuation is pretty easy to implement in user l=
and.

PS sorry Thomas, I sent it to you personally, not to ML=