[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Cash reward for a secure PHP page!



On Sat, 2004-11-06 at 21:38 -0500, Alan Cox wrote:
> There are a whole pile of session manager libraries for PHP floating around
> and some of them don't suck 8)
> 

Just not acquainted with them, and my mÃtier is servers and networks
(i.e. infrastructure) not content so my learning is going slowly.

> The linux.org.uk portaloo does the following
> 
> 	state = [array of things we need to remember] + timestamp
>         md5sum (state, secret)
> 	cookie = md5result + state
> 
> that gives you rather hard to fake browser kept state very easily
> 

Alan, thanks for the feedback and the comments. Would you mind going
into a little more 1-2-3 detail here? I can understand the *concept* of
what you are saying, but am utterly helpless to move forward with it
given my current level of knowledge.

I've been wanting to do this for *months* and simply don't have anywhere
near the skillset required, which is why I decided to outsource it or
get help with it.

Any comments welcome... but please, do take into account that as far as
PHP and friends go I am still at Level 1. 

Thanks!

-- 
Rodolfo J. Paiz <rpaiz simpaticus com>

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]