Edit report at https://bugs.php.net/bug.php?id=47565&edit=1
ID: 47565
Updated by: ni...@php.net
Reported by: martin at itmission dot com
Summary: Extend serialize and unserialize with encryption
key.
-Status: Open
+Status: Closed
Type: Feature/Change Request
-Package: Feature/Change Request
+Package: *General Issues
PHP Version: 5.3.0beta1
-Assigned To:
+Assigned To: nikic
Block user comment: N
Private report: N
New Comment:
serialize() and unserialize() are not really the right place to put encryption
code into. Instead simply use the encryption functions provided by PHP. That
way you can decide for yourself which kind of encryption you need.
For various encryption functions look at http://php.net/mcrypt and
http://php.net/openssl.
Previous Comments:
------------------------------------------------------------------------
[2009-03-04 21:23:34] martin at itmission dot com
Description:
------------
Request: Add simple encryption support to serialize and unserialize.
Rationale: It is useful to be able to serialize an object and hide it in a form
variable on a web page. This is vulnerable to tampering by the end user.
serialize(mixed $value[, string $key])
unserialize(string $str[, string $key])
This new definition won't break existing code and could be implemented using a
TEA variant in a few lines. It would be nice if objects didn't have to be
persisted in $_SESSION, because some power users want to use multiple windows
to work with different objects simultaneously (editing two "invoice" objects at
the same time, but commiting only complete changes of each).
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=47565&edit=1
