Gena01.com Forum

General => Gena01 Blog => Topic started by: Gena01 on November 28, 2007, 11:36:12 pm



Title: NYPHP group meeting - Security and tamper proof URLs
Post by: Gena01 on November 28, 2007, 11:36:12 pm
So yesterday was my first time attending NYPHP group meeting in the IBM building. They were not kidding when they said that people should be there 6:30pm sharp. I came in like 5 minutes late and already missed a bunch of slides.

Some summary items:
* HMAC is used to tamper proof URLs.
* Don't use PEAR Crypt_HMAC it's bad/buggy.
* PHP5.1.2 has new "hash" extension that has hash_hmac() function written in C. For older versions they claim you can grab and compile extension from PECL.
* To use HMAC you need to pass at least 2 parameters in your URL: your message (or normal parameter) and then the hmac verification code. If you passing in >1 parameter then you need to HMAC ALL of the parameters.
* I was really curious about single sign-on stuff which I guess could be a topic for the next meeting.

I am really starting to enjoy these little get togethers. It's also a great way to meet people in the community. Looking towards the other meetings.

Update: The slides have been posted by the presenter here: http://modp.com/slides/securestring/

P.S.  There's a tech party coming up in like two weeks.

Gena01