-
Type:
Bug
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Main back-end mechanisms (Worker, Logging, etc.)
-
Emptyshow more show less
On setting the hash of the workers we use the uniqid method of PHP. I found the following hint in PHP manual:
Warning
This function does not create random nor unpredictable strings. This function must not be used for security purposes. Use a cryptographically secure random function/generator and cryptographically secure hash functions to create unpredictable secure IDs.
see http://php.net/manual/en/function.uniqid.php
Discuss also our UUID Generation, since this is similar insecure.
Since PHP 7 bin2hex(random_bytes(32)) can be used therefore.
- is blocked by
-
TRANSLATE-702 Migrate translate5 to be using PHP 7.3
- Done