1

I am trying to build an application in php and I have an encrypt/decrypt method that I am deploying, to enhance the security I declared these two methods as protected and I plan to have any class that needs them inherit from them. Are there any drawbacks to this? aka can malicious users take advantage of the fact that they are declared protected?

Improve this question
5
  • 9
    protected and private have nothing at all to do with security. Commented Jan 19, 2011 at 20:41
  • See stackoverflow.com/questions/1020749/… Commented Jan 19, 2011 at 20:42
  • ken: right innately they don't but as a convention of the language they limit the scope. So say somehow someone did gain access to the site would they be able to inject code into my php scripts? or are code injection attacks limited to db, browser code, and client side code? Commented Jan 19, 2011 at 21:14
  • Brad: thanks for the link, I think that my comment to ken gets to the heart of the question though. Commented Jan 19, 2011 at 21:18
  • @xenador - see the 2nd part of Nanne's answer; if someone gets to the point that they can run arbitrary code on your server, them having access to those class members will be the least of your problems. e.g. sample code of what might be done: file_put_contents(__FILE__, str_replace(array('private', 'protected'), 'public', file_get_contents(__FILE__))); ...also: php.net/manual/en/reflectionclass.getproperties.php Commented Jan 19, 2011 at 23:44

2 Answers 2

Reset to default
6

The concept of private/protected/public (i.e. visibility) has nothing to do with security at all. It's related to concept of encapsulation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

5

I don't think that protected, private or public should be used for that kind of security. It's more a tool for correct Object Oriented programming, not for security.

If an attacker can actually insert code that might exploit something like that, it would not be your worry if it's private or protected.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.