Hi Kazuo, On Mon, Sep 12, 2016 at 1:41 PM, Kazuo Oishi <ka...@o-ishi.jp> wrote: > >> This is RFC for improving uniqid() uniqueness. >> https://wiki.php.net/rfc/uniqid >> >> PR >> https://github.com/php/php-src/pull/2123 >> >> If there is anything left to discuss, please comment. > > I think uniqid() should not be changed in BC break way, it should be > left as is. > > You said, > >>> Almost all uniqid() usages do not care about return value chars nor >>> length. Therefore, BC will be minimum. >>> >>> https://searchcode.com/?q=uniqid&loc=0&loc2=10000&lan=24 > > but you may be underestimating. > > I found that some code saved output of uniqid() without more_entropy to > DB, in the search results. Output length change may cause problem in > such case. And you are not supposed to forget that most of php codes > are not open source and not opened to the public. > > In addition, you shoud hear "I expect the numbers to grow" about output > of uniqid(), as reply to you.
I know some code breaks, but it's not many. It's not fatal BC also. IMHO, uniqid() should try to generate uniqid() possible. uniqid() does produce non unique ID because it is system time based. This change mitigates impact of misuse also which is common in both open and close codes. Which is important? - Fix known issues and generate unique ID (as much as possible) - Let it generate non unique ID and ignore for some code may complain. Fixing is my priority. Smart developers uses mt_rand() to improve uniqueness, but such tweak shouldn't be needed in the first place as uniqid() should generate unique ID. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
