News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Etienne Kneuss' Blog:
SplObjectStorage for a fast and secure object dictionary
January 08, 2009 @ 10:28:39

Etienne Kneuss has posted a look at using the SplObjectStorage functionality of the Standard PHP Library as a safe place to tuck away and protect your objects.

In PHP, you basically need two things to safely identify an object: a object index, the handle, and the class handlers which is how the object will react internally. This set of handlers is actually a pointer, and since disclosing valid pointers is not something that should be done, spl_object_hash is simply providing a MD5 hash of those two values concatenated.

Since arrays are hashed when they are created as well, your script is doubling the amount of work it has to do behind the scenes. Instead, Etienne suggests that you use a SplObjectStorage object instead of an array to keep objects inside. The unique identifier for it is then used directly (instead of rehashed, leaving it open for possible referencing collisions) to reference the object.

0 comments voice your opinion now!
splobjectstorage secure object store hash array


blog comments powered by Disqus

Similar Posts

Jani Hartikainen's Blog: Decoupling models from the database: Data Access Object pattern in PHP

PHPBuilder.com: Introduction to Arrays and Hashes in PHP - The ABC's of PHP Part 7

Stefan Mischook's Blog: Object Oriented PHP Tutorial in PDF

NetTuts.com: Best Practices When Working With Sensitive Data: Securing Your Application

Andi Gutmans' Blog: PHP represented at SIGMOD 2006


Community Events





Don't see your event here?
Let us know!


voicesoftheelephpant introduction framework tool community version library install security update release opinion laravel package podcast symfony language series composer interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework