psy Posted September 29, 2018 Share Posted September 29, 2018 This week I was lured to the dark side (my client's own words) to work on a CMS that's not PW or WP. I didn't stay long and it reconfirmed by love of PW but that's beside the point. A problem I encountered was not directly related to the CMS but to PHP itself and how it handles Json serialize/unserialize. Everything functioned for a while then crashed monumentally without any discernible reason. A Google search turned up the following article: https://davidwalsh.name/php-serialize-unserialize-issues Seems to me not only does this solve the problem, base64 encoding data stored in the database would add an extra level of security/privacy. Just sharing... 2 Link to comment Share on other sites More sharing options...
horst Posted September 29, 2018 Share Posted September 29, 2018 (edited) @psy thanks for the link and info. As I use(d) (un)serialize a lot, I never encountered that problem myself. Maybe I simply had luck that the processed data mainly were key/value pairs and no long strings or texts. But I don't get the context with JSON in the title? Only thing that directly comes to my mind is to use json_encode and json_decode instead of the (un)serialize functions. JSON_encode/_decode seems to be free of workarounds with extra steps of base64 encoding or others. (And I don't think base64-encoding is a plus in regard of privacy/security.) Until now, I mainly preferred the (un)serialze functions. But now, with this information, I will switch to only use json_encode / _decode. So, thanks again for sharing! ? Edited September 29, 2018 by horst 1 Link to comment Share on other sites More sharing options...
LostKobrakai Posted September 30, 2018 Share Posted September 30, 2018 On 9/29/2018 at 11:48 AM, psy said: base64 encoding data stored in the database would add an extra level of security/privacy Except base64 doesn't do that at all, as it's not encryption, but encoding. It's like changing a .doc file to a .docx file (same content, but vastly different representation in how it's stored) and not like putting it e.g. into some encryted folder (same content, but it's stored in a secure manner). 1 Link to comment Share on other sites More sharing options...
psy Posted September 30, 2018 Author Share Posted September 30, 2018 @LostKobrakai OK, thanks for enlightening me. Was just thinking that if some scumbag got into the db, seeing stuff Base64 encoded would be one more step, rather than having the json string in an immediately readable human language. Main point of the post was warning of the flakiness of PHP serialize/unserialize Link to comment Share on other sites More sharing options...
LostKobrakai Posted September 30, 2018 Share Posted September 30, 2018 Sure. There are just quite a few less experienced programmers here on the forums, so I wanted to point out that base64 does not secure data. Link to comment Share on other sites More sharing options...
Recommended Posts