>>27
I guess OOP is more about design than security.
I did figure out how to prevent that >>26 from working.
If you declare members of a class static and private and use protected methods to handle them, then you can prevent their visibility (in this case).
<?php
class foo {
private static $key = "password";
protected function show() {
echo( self::$key );
}
}
$obj = new foo();
$a = (array)$obj;
echo $a; // An empty array gets printed
echo foo::$key; // Fatal error
echo $obj->key; // Fatal error
foo::show(); // Fatal error
$obj->show(); // Prints key as expected
?>
So it seems that $key is nicely hidden this way.