class - PHP: is it safe to deserialize a file directly into an object? -


In my PHP code, I create a 'session' object that stores the user type, audio and so on. (Although no password is the form). Then I serialize this object to $ _SESSION var: 

  $ _ session ['sess_data'] = carii ($ session);

When I need to authenticate the user, I do this: 

  $ session = unserialize ($ _ session ['sess_data'] );

Although it looks very insecure to me. How Can I Improve It? Are some get_class () sufficient as a method? Thanks


Comments

Post a Comment

Popular posts from this blog

c# - Reactive Extensions ControlScheduler -

Well, I'm using Reactive Extension Event Handler to handle my app events, I run the headlines on the Yuri thread. I also use ControlSubular for However, recently I am getting cross thread exception despite using control scheduler and I do not know what the problem is. Code: Observable.FromEventPattern & Lt; String & gt; (CC, "UiAlertMessage", New Control Session ()) Subscribe (_ = & gt; {Alert Control. (Show this language, title, _.EventArgs.UppercaseFirst ());}); The new control scheduler (this) is not to run the code on the UI control thread, so I do not get cross threading exceptions? you should do Observable.FromEventPattern & lt; String & gt; (CC, "UiAlertMessage"). AboveOption (this). Subscribe (_ = & gt; {Alert Control. (Show this language, Titles, _.EventArgs.UppercaseFirst ());}); This is the standard way of sending a scheduler related to specific controls. Passing control scheduler as you have got subsc...
Read more

multithreading - Reorderings in java memory model -

Read again, find out I do not understand a sentence: We consider only the variables here that are readable and writeable as a nuclear unit - That is, there is no bit field, unrecognized access , or larger than the word sizes available on any platform. is. Anyone can explain the above cases on which the words are bold. On some architectures, the processor can access multiple storage in one command: BIT FIELD: Setting up some pieces of memory; It is usually implemented with different access to reading and writing, using read-write-write. Unwritten Access: On some CPU architectures, the processor impedes the barriers to the addresses you can use, when you access multibeat values, especially if you exceed the word limitations. Most modern processors Does not have this problem because they can perform multiple readsets to cover the required address range; If you read from 0x01 to 0x05, then it is read 0x01-0x04 and a 0x05. If you have to write there, then it is complicated;...
Read more

java - Add color code support to a Bukkit plugin -

I would like to add color code support in my config.yml . How do I add translateAlternateColorCode to my code correctly? Public boolean on command (CommandSender sender, command CMD, string label, string [] args) {player player = (player) sender; If (cmd.getName () .all ignored cas ("member") {player.sendMessage (getConfig (). GetString ("member text")); } You can simply use translateAltranateColorCodes . Here's an example: string nonColoredText = getConfig (). GetString ("member text"); // "member text" string get colored text = raw string. Translate Altinetic Color Code ('& amp;', nonColoredText); // Edit the colors code Any of the above text which is & amp; starts with the correct color code, for example, if & amp; A was in config, it would convert it to green color or ChatColor.GREEN , which will show the message in green, it also works with other characters such as you color If you want to use...
Read more