Reply to Re: Cookie Security - Array Values: Implode or Serialize? — PHP Programming Language

Posted by Justin Koivisto on 12/29/05 16:32

Oli Filth wrote:
> jody.florian@gmail.com said the following on 29/12/2005 00:44:
>
>> http://uk2.php.net/setcookie
>> suggests that for security, implode (correction of explode) should be
>> used instead of serialize. Does anyone know why?
>
> Dunno, but if you have enough data stored in a cookie for
> implode()/serialize() etc. to be necessary, then you're probably better
> off storing it all server-side, either in a DB or a file, and storing
> just a UID in the cookie (like how sessions work).
>
> Storing whole objects/data structures client-side is just asking for
> trouble.

Agreed. There may be times where storing a bit of data in a cookie is
quite tempting, but you should keep as much of the data on the server
rather than on a user's computer. Rule #1 in programming: Never trust
the user.

--
Justin Koivisto, ZCE - justin@koivi.com
http://koivi.com

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация