From 5ce6eb403fb6e71d3eb1860c4d53dd5c869d4108 Mon Sep 17 00:00:00 2001
From: Paul Reinheimer <preinheimer@php.net>
Date: Thu, 3 May 2012 21:59:33 +0000
Subject: [PATCH] - Adding note about how uniqid() isn't a way to generate
 cryptographically secure tokens, and pointing users towards the openssl
 stuff.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@325524 c90b9560-bf6c-de11-be94-00142212c4b1
---
 reference/misc/functions/uniqid.xml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/reference/misc/functions/uniqid.xml b/reference/misc/functions/uniqid.xml
index cf1e1067b1..51c608a45a 100644
--- a/reference/misc/functions/uniqid.xml
+++ b/reference/misc/functions/uniqid.xml
@@ -124,12 +124,22 @@ printf("uniqid('', true): %s\r\n", uniqid('', true));
 
  <refsect1 role="notes">
   &reftitle.notes;
+  <caution>
+   <para>
+    This function does not generate cryptographically secure tokens, 
+    in fact without being passed any additional parameters the return 
+    value is little different from <function>microtime</function>. If 
+    you need to generate cryptographically secure tokens use 
+    <function>openssl_random_psuedo_bytes</function>.
+   </para>
+  </caution>
   <note>
    <para>
     Under Cygwin, the <parameter>more_entropy</parameter> must be set 
     to &true; for this function to work.
    </para>
   </note>
+
  </refsect1>
 
 </refentry>