Reply to Re: Cookie Security - Array Values: Implode or Serialize? — PHP Programming Language

Posted by Oli Filth on 12/29/05 03:54

jody.florian@gmail.com said the following on 29/12/2005 00:44:
> Hi there,
>
> http://uk2.php.net/setcookie
>
> suggests that for security, implode (correction of explode) should be
> used instead of serialize. Does anyone know why?
>
> I don't need to implement this, I just feel I need to know, for a
> course I'm studying.
>

Dunno, but if you have enough data stored in a cookie for
implode()/serialize() etc. to be necessary, then you're probably better
off storing it all server-side, either in a DB or a file, and storing
just a UID in the cookie (like how sessions work).

Storing whole objects/data structures client-side is just asking for
trouble.

--
Oli

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация