Edit report at https://bugs.php.net/bug.php?id=47565&edit=1
ID: 47565 Updated by: ahar...@php.net Reported by: martin at itmission dot com Summary: Extend serialize and unserialize with encryption key. -Status: Closed +Status: Wont fix Type: Feature/Change Request Package: *General Issues PHP Version: 5.3.0beta1 -Assigned To: nikic +Assigned To: Block user comment: N Private report: N Previous Comments: ------------------------------------------------------------------------ [2012-04-13 21:05:51] ni...@php.net serialize() and unserialize() are not really the right place to put encryption code into. Instead simply use the encryption functions provided by PHP. That way you can decide for yourself which kind of encryption you need. For various encryption functions look at http://php.net/mcrypt and http://php.net/openssl. ------------------------------------------------------------------------ [2009-03-04 21:23:34] martin at itmission dot com Description: ------------ Request: Add simple encryption support to serialize and unserialize. Rationale: It is useful to be able to serialize an object and hide it in a form variable on a web page. This is vulnerable to tampering by the end user. serialize(mixed $value[, string $key]) unserialize(string $str[, string $key]) This new definition won't break existing code and could be implemented using a TEA variant in a few lines. It would be nice if objects didn't have to be persisted in $_SESSION, because some power users want to use multiple windows to work with different objects simultaneously (editing two "invoice" objects at the same time, but commiting only complete changes of each). ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=47565&edit=1