- Adding note about how uniqid() isn't a way to generate cryptographically secure tokens, and pointing users towards the openssl stuff.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@325524 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-16 00:48:54 +00:00 · 2012-05-03 21:59:33 +00:00 · 2012-05-03 21:59:33 +00:00 · 5ce6eb403f
commit 5ce6eb403f
parent 0d7e2a3615
1 changed files with 10 additions and 0 deletions
--- a/reference/misc/functions/uniqid.xml
+++ b/reference/misc/functions/uniqid.xml
@ -124,12 +124,22 @@ printf("uniqid('', true): %s\r\n", uniqid('', true));

 <refsect1 role="notes">
  &reftitle.notes;
+  <caution>
+   <para>
+    This function does not generate cryptographically secure tokens, 
+    in fact without being passed any additional parameters the return 
+    value is little different from <function>microtime</function>. If 
+    you need to generate cryptographically secure tokens use 
+    <function>openssl_random_psuedo_bytes</function>.
+   </para>
+  </caution>
  <note>
   <para>
    Under Cygwin, the <parameter>more_entropy</parameter> must be set 
    to &true; for this function to work.
   </para>
  </note>
+
 </refsect1>

 </refentry>