Details
-
Bug
-
Resolution: Fixed
-
None
-
Empty show more show less
Description
On setting the hash of the workers we use the uniqid method of PHP. I found the following hint in PHP manual:
Warning
This function does not create random nor unpredictable strings. This function must not be used for security purposes. Use a cryptographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure IDs.
see http://php.net/manual/en/function.uniqid.php
Discuss also our UUID Generation, since this is similar insecure.
Since PHP 7 bin2hex(random_bytes(32)) can be used therefore.
Attachments
Issue Links
- is blocked by
-
TRANSLATE-702 Migrate translate5 to be using PHP 7.3
- Done