Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
do not useuniqid() for generating dev tool tokens#57746
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
xabbuh commentedJul 17, 2024
| Q | A |
|---|---|
| Branch? | 7.2 |
| Bug fix? | no |
| New feature? | no |
| Deprecations? | no |
| Issues | part of#57588 |
| License | MIT |
alexandre-daubois left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Nice!
uniqid() for generating dev tool tokenssrc/Symfony/Bundle/FrameworkBundle/EventListener/ConsoleProfilerListener.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
derrabus commentedJul 17, 2024
How important is it to havecollision-free tokens? I mean, the places where we've cut six characters out of a hash were certainly not collision-free, but |
xabbuh commentedJul 17, 2024
We could increase the length of the generated string. What do you think about that? |
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Let's go with 4 bytes then?
xabbuh commentedJul 18, 2024
updated for four random bytes |
nicolas-grekas commentedJul 18, 2024
Thank you@xabbuh. |