PHP Classes

Before anyone installs this package, please read this first: ...

Recommend this page to a friend!

      PHPSecureURL  >  All threads  >  Before anyone installs this package,...  >  (Un) Subscribe thread alerts  
Subject:Before anyone installs this package,...
Summary:Package rating comment
Messages:1
Author:Scott Arciszewski
Date:2015-12-11 00:37:17
 

Scott Arciszewski rated this package as follows:

Utility: Bad
Consistency: Not sure
Documentation: Not sure
Examples: Not sure

  1. Before anyone installs this package,...   Reply   Report abuse  
Picture of Scott Arciszewski Scott Arciszewski - 2015-12-11 00:37:17
Before anyone installs this package, please read this first:

paragonie.com/blog/2015/09/comprehe ...

Encryption is NOT the right tool for this job. Even if it were implemented securely, it would be a huge design flaw to depend on this library.

But the actual implementation is little more than base64 encoding. Only much worse: It allows anyone to overwrite any global variables they want, by passing it as a GET or POST parameter.

The security implications of this can be devastating, but this is application specific.