php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #47565 Extend serialize and unserialize with encryption key.
Submitted: 2009-03-04 21:23 UTC Modified: 2012-04-14 03:00 UTC
From: martin at itmission dot com Assigned:
Status: Wont fix Package: *General Issues
PHP Version: 5.3.0beta1 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: martin at itmission dot com
New email:
PHP Version: OS:

 

 [2009-03-04 21:23 UTC] martin at itmission dot com 
Description:
------------
Request: Add simple encryption support to serialize and unserialize.

Rationale: It is useful to be able to serialize an object and hide it in a form variable on a web page.  This is vulnerable to tampering by the end user.

serialize(mixed $value[, string $key])
unserialize(string $str[, string $key])

This new definition won't break existing code and could be implemented using a TEA variant in a few lines.  It would be nice if objects didn't have to be persisted in $_SESSION, because some power users want to use multiple windows to work with different objects simultaneously (editing two "invoice" objects at the same time, but commiting only complete changes of each).

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-04-13 21:05 UTC] nikic@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: nikic
 [2012-04-13 21:05 UTC] nikic@php.net 
serialize() and unserialize() are not really the right place to put encryption code into. Instead simply use the encryption functions provided by PHP. That way you can decide for yourself which kind of encryption you need.

For various encryption functions look at http://php.net/mcrypt and http://php.net/openssl.
 [2012-04-14 03:00 UTC] aharvey@php.net
-Status: Closed +Status: Wont fix -Assigned To: nikic +Assigned To:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Apr 25 03:01:29 2024 UTC