Guest Posted February 20, 2007 Share Posted February 20, 2007 Hey all, I have a security question for you OOP whizzes out there. I have a User class, which pretty much is a content object for User information, with in-built sessid verification, and with that: a static UserSystem class (a singleton) which works with and on User objects (login, logout, register, fetch, etc.) and so on. Now when a user is logged in, the user's information is stored in the User object. This includes the username, accesslevel, and email address. Now what I'm wondering is if it's fine to set a $password property. Private of course, and md5 encrypted. I haven't enough experience with OOP in PHP to really tell if this is safe, but as I see it, it's no different to temporarily storing the md5ed password in a local $password variable. To summarize: security wise, is keeping the password in an object prudent? Are there utilities available to see private object properties besides looking at the source code? Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/39373-security-oop-and-a-user-object/ Share on other sites More sharing options...
hvle Posted February 20, 2007 Share Posted February 20, 2007 I think the safety level is acceptable. It is as safe as if you stored the encrypted password in database. Link to comment https://forums.phpfreaks.com/topic/39373-security-oop-and-a-user-object/#findComment-189915 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.