| Subject: | Before anyone installs this package,... |
|---|
| Summary: | Package rating comment |
|---|
| Messages: | 1 |
|---|
| Author: | Scott Arciszewski |
|---|
| Date: | 2015-12-11 00:37:17 |
|---|
| |
|
|
Scott Arciszewski rated this package as follows:
| Utility: | Bad |
|---|
| Consistency: | Not sure |
|---|
| Documentation: | Not sure |
|---|
| Examples: | Not sure |
|---|
|
|
 Scott Arciszewski - 2015-12-11 00:37:17 Before anyone installs this package, please read this first:
paragonie.com/blog/2015/09/comprehe ...
Encryption is NOT the right tool for this job. Even if it were implemented securely, it would be a huge design flaw to depend on this library.
But the actual implementation is little more than base64 encoding. Only much worse: It allows anyone to overwrite any global variables they want, by passing it as a GET or POST parameter.
The security implications of this can be devastating, but this is application specific. |
