> > At 04:25 AM 1/21/2006, Jared Williams wrote: > >What are the security implications of doing this? > >Creating objects based on a string from a untrusted source seems not > >good idea, unless can prevent tampering (with an HMAC or something). > > Well I think the right thing to do is pass an array of "allowed" > classes into json_decode() and raise an error/exception if > it's not in the list.
Perhaps just an interface? Like Traversable, means don't have to maintain an array. Jared -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
