Bumpy Booby

#46Another encoding of the database

Hello Pierre, I see everyone writes in English here, so will do I. However I do speak French and we can continue the conversation in this language, if you would like :).
Actually, I would like to discuss another database encoding for Bumpy-Booby. You use base64(gzdeflate()) which is misinterpreted as suspicious code by lots of hosters (today I was suspended from a free hosting account where I tested Bumpy-Booby for this particular reason, and now they require me to show the code that produced this).
Maybe is it worth to either encrypt the database using Mcrypt or OpenSSL or simple use base64(json_encode())? I would be glad to help as the system seems good and useful to me.
Oh, and maybe is it worth to add true database support (SQLite, maybe?) at least as an alternative?
Thanks/Merci bien!

Nouveau

Ouvert par Menelion il y a 2 années.

    Commenté par piero-la-lune il y a 2 années.

    Hi,

    I did not know that base64(gzdeflate()) could cause issues. I guess it is for "security" reasons, but a good hosting service should not prevent its usage.

    The goal of this code if NOT security. If someone gets the content of the file, he can easily reverse the process (gzinflate(base64_decode())), no need for a key or password.

    Instead, gzdeflate is used to reduce the size of the "database". I did some basic tests.base64_encode(gzdeflate(serialize())) seems to divide by 2 the file size when compared to a simple serialize(). On the other hand, base64_encode(json_encode()) increases the file size.

    In the end, I do not think there is an easy alternative to what is used. I could add an option to use onlyserialize instead of base64_encode(gzdeflate(serialize())). You can make the change manually in the meantime, but I would recommend that you switch to a "real" hosting service.

    If you are really concerned about security and wants an encrypted database, then Bumpy Booby is probably not for you. The database files are not supposed to be accessible to web users, I consider this to be a sufficient protection.

    Having SQLite as an alternative is a good idea. However, it would require a lot of changes in the code. Unfortunately, I do not have time to do this right now (but I accept pull requests on GitHub so if anyone wants to do it...).

    Thanks for your ideas.

    Poster un commentaire :

    Connectez-vous pour poster un commentaire. Pas encore inscrit ? Créez un compte : c'est gratuit et ultra rapide !