Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98121 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 71339 invoked from network); 2 Feb 2017 14:05:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2017 14:05:56 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.162 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.162 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.162] ([81.169.146.162:27486] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 16/9B-51557-3CC33985 for ; Thu, 02 Feb 2017 09:05:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1486044352; l=2461; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:References:In-Reply-To: MIME-Version; bh=5YfGixm7lMlBTz3gDIRtPxk4YW9uiLtu6OlwrmBmoso=; b=xyPlp88Vd2YqSoUM2rA9Kk0MoO25arIlyXZm4co8eZp8sGh8prg6EtQHPQ8n3l+ENT wnKFJtKz53Vf/oaKHaP/h3MJ2yxVnivs09BT7RJKjkAQF9+rzRg7NrF3KUEeW+76az6G VtPP5+FNRRMQIUOGDzpbizsrwdG3u8JoVN3WA= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuYROBqD/s1A= X-RZG-CLASS-ID: mo00 Received: from mail-yw0-f173.google.com ([209.85.161.173]) by smtp.strato.de (RZmta 39.12 AUTH) with ESMTPSA id Z03dfbt12E5qYuc (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Thu, 2 Feb 2017 15:05:52 +0100 (CET) Received: by mail-yw0-f173.google.com with SMTP id v200so10521452ywc.3 for ; Thu, 02 Feb 2017 06:05:52 -0800 (PST) X-Gm-Message-State: AIkVDXKIJjAxnrgwI6FtSsTojlQOzFW69nSfcdxSGDQWZCo2DnmntfP8oXEjqLHVKLqlftzsXviU2tP7P+5tDQ== X-Received: by 10.233.237.136 with SMTP id c130mr8762617qkg.160.1486044351608; Thu, 02 Feb 2017 06:05:51 -0800 (PST) MIME-Version: 1.0 Received: by 10.12.144.132 with HTTP; Thu, 2 Feb 2017 06:05:50 -0800 (PST) In-Reply-To: <842237fd-7e2d-70b4-5e0b-754bcba1fcf8@gmx.de> References: <0D26A03B-6BEB-4730-8E4B-0F7D6835E683@thefsb.org> <8991137d8dd8ba915bcacd4fbc1fe88f@gmail.com> <1fa97f9f4d4c0866fb4b0f21fc68b068@gmail.com> <842237fd-7e2d-70b4-5e0b-754bcba1fcf8@gmx.de> Date: Thu, 2 Feb 2017 15:05:50 +0100 X-Gmail-Original-Message-ID: Message-ID: To: "Christoph M. Becker" Cc: Yasuo Ohgaki , =?UTF-8?Q?Lauri_Kentt=C3=A4?= , Tom Worster , "internals@lists.php.net" , Leigh , Nikita Popov Content-Type: multipart/alternative; boundary=94eb2c09830eb2ca1b05478ca9e3 Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed From: me@kelunik.com (Niklas Keller) --94eb2c09830eb2ca1b05478ca9e3 Content-Type: text/plain; charset=UTF-8 2017-02-02 14:24 GMT+01:00 Christoph M. Becker : > On 02.02.2017 at 12:51, Yasuo Ohgaki wrote: > > > Although users must never do this, but there are codes that generate > random > > password/access key by mt_rand(). > > There is also code that stores clear text passwords. How would you > prevent that? > > IMHO, if users don't care to read the docs[1], it's their fault, and we > shouldn't waste our time to fix their bugs. While the documentation states that, it can still be improved. I've just submitted a patch, you can find the diff here: https://gist.github.com/kelunik/bb534d4c4ede160d97ef17014052052a (linking patches via edit.php.net doesn't really work, it just links to the newest patch of a file and will break once merged). Regards, Niklas --94eb2c09830eb2ca1b05478ca9e3--