Re: [PHP] Securing Forms???

Wed, 18 Aug 2004 15:09:36 -0700 

Peter Brodersen wrote:

http://shiflett.org/talks/oscon2004/php-security/36 

$token = md5(uniqid(rand(), true));

.. is a pretty bad idea, since the output could include quotes,
newlines, low-ascii-characters, thereby messing up the form.


How do you figure that? md5() only returns 0-9 and a-f characters.

$token = md5(uniqid(rand() ));
ought to be sufficient - and works with PHP4 :)

Using entropy with uniqid() simply returns a more unique value to md5(), so what's the difference.

--

---John Holmes...

Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to