Uploaded image for project: 'translate5'
  1. translate5
  2. TRANSLATE-337

uniqid should not be used for security relevant issues

    XMLWordPrintable

Details

    Description

      On setting the hash of the workers we use the uniqid method of PHP. I found the following hint in PHP manual:
      Warning
      This function does not create random nor unpredictable strings. This function must not be used for security purposes. Use a cryptographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure IDs.

      see http://php.net/manual/en/function.uniqid.php

      Discuss also our UUID Generation, since this is similar insecure.

      Since PHP 7 bin2hex(random_bytes(32)) can be used therefore.

      Attachments

        Issue Links

          Activity

            People

              tlauria Thomas Lauria
              tlauria Thomas Lauria
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: