Jeff Watkins wrote: > In addition, I've take Jorge's advise and moved to using datatime.now > () rather than time(), because it resolves down to the microsecond. > Good luck guessing the exact microsecond the user's secret token was > generated.
Actually when I posted my message I thought that time() was giving microseconds. But if you know approximately the time, say with a few (tens of) milliseconds of accuracy, you could do a script to test all the microseconds in your range... or am I wrong ? (I could be totally wrong I am no security expert neither professionnal programmer....) Evan
