Jump to content

php5-uuid


werty37

Recommended Posts

Hi everyone,

Recently i saw a package "php5-uuid" in my synaptic manager. I m using ubuntu
dapper drake distribution. The Description says:
*********************************************************************
OSSP uuid module for php5
OSSP uuid is an ISO-C and Perl application programming interface (API)
and corresponding command line interface (CLI) for the generation of
DCE 1.1 and ISO/IEC 11578:1996 compliant Universally Unique Identifier
(UUID). It supports DCE 1.1 variant UUIDs of version 1 (time and node
based), version 3 (name based) and version 4 (random number based).

UUIDs are 128 bit numbers which are intended to have a high likelihood
of uniqueness over space and time and are computationally difficult
to guess. They are globally unique identifiers which can be locally
generated without contacting a global registration authority. UUIDs
are intended as unique identifiers for both mass tagging objects
with an extremely short lifetime and to reliably identifying very
persistent objects across a network.

This package provides a module for OSSP uuid functions support in PHP
scripts.
*********************************************************************

Does anyone know how to use this in php5 scripts?
Sorry for the long text..

Thanks in advance
werty
Link to comment
Share on other sites

PHPSESSID is a identifier of a current session.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--] The session module cannot guarantee that the information you store in a session is only viewed by the user who created the session. You need to take additional measures to actively protect the integrity of the session, depending on the value associated with it.

Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable session.use_only_cookies. In that case, cookies must be enabled unconditionally on the user side, or sessions will not work.

There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users. [/quote]

If you use it as a 'uuid' is up to you.
If you stick it in a DB is also up to you ( the database doesn't care)
Link to comment
Share on other sites

[!--quoteo(post=378095:date=May 29 2006, 09:22 PM:name=Ferenc)--][div class=\'quotetop\']QUOTE(Ferenc @ May 29 2006, 09:22 PM) [snapback]378095[/snapback][/div][div class=\'quotemain\'][!--quotec--]
PHPSESSID is a identifier of a current session.
If you use it as a 'uuid' is up to you.
If you stick it in a DB is also up to you ( the database doesn't care)
[/quote]


I hope the above reply is for the topic "PHPSESSID". But i just want to know
that the PHPSESSID generated by php is a uuid. does php generate same
session id's over time?

Thanks for the reply.
werty
Link to comment
Share on other sites

I will assume a session id can be repeated over a period of time, I never looked into them that far.
odds are not likely, but possible ( I haven't won the lottery yet either).

So yes it could be a uuid, but not a secure one.

The session id can also be assigned.

So, using [a href=\"http://us2.php.net/uniqid\" target=\"_blank\"]uniqid()[/a] would get session id closer to meeting the uuid requiremnts you posted
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.