Serialize and deserialize

February 9, 2005

Drupal apparently relies heavily on object serialization and deserialization. Once upon a long ago, I used to be a big fan of this tactic, only later did I realize that it may be more processor intensive than creating a new object and assigning it values.

More recently this subject has been the topic of debate in various mailing lists and message boards. Particularly in view of the fact that possibilities of exploits exists. When an object is serialized it becomes a textual string, which can be modified with out two much difficulty if you can gain access to it. Having said that such a possibility may arise only in a shared hosting enviorenment and shared hosting enviorenments are never safe.

Other Content Management Systems, blogs and message boards are also in the habit of using this technique an the wisdom of doing so needs to be questioned.

Posted by raditha at February 9, 2005 11:41 AM
Your Ad Here

 

Jabber  |  Linux  |  mySQL  |  PHP  |  Java  |  Site Map  |  Wiki

Downloads  |  About  |  Links  |  Contact  |  Home

 

Copyright © Raditha Dissanayake 2003 - 2007

Terms of Use  |  Privacy

 

 

February 2005
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28