search

OWASP / phpsec

OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS
197 stars 103 forks source link

openssl_random_pseudo_bytes fails if openssl in not available #101

Closed mebjas closed 10 years ago

mebjas commented 10 years ago

I have php 5.4.7 installed in my windows machine which came bundled in XAMPP, and it didn't come precompiled with openssl. so it generates error at: https://github.com/OWASP/phpsec/blob/master/libs/core/random.php#L111

So in Rand::randStr() we shall use openssl_random_pseudo_bytes() only if its available

shivamdixit commented 10 years ago

I think instead we should force the user to have openssl installed.

On Fri, Jun 13, 2014 at 11:56 PM, minhaz notifications@github.com wrote:

I have php 5.4.7 installed in my windows machine which came bundled in XAMPP, and it didn't come precompiled with openssl. so it generates error at: https://github.com/OWASP/phpsec/blob/master/libs/core/random.php#L111

So in Rand::randStr() we shall use openssl_random_pseudo_bytes() only if its available

— Reply to this email directly or view it on GitHub https://github.com/OWASP/phpsec/issues/101.

Cheers Shivam http://shivamdixit.com http://shivamdixit.com

mebjas commented 10 years ago

That's not a good practice, we can recommend them!

sent from HTC ONE S