[Gena01 Logo]
November 21, 2024, 09:05:29 am *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Search Tags Login Register  
Pages: [1]
  Print  
Author Topic: NYPHP group meeting - Security and tamper proof URLs  (Read 51149 times)
0 Members and 2 Guests are viewing this topic.
Gena01
Administrator
Sr. Member
*****
Posts: 423



WWW
« on: November 28, 2007, 11:36:12 pm »

So yesterday was my first time attending NYPHP group meeting in the IBM building. They were not kidding when they said that people should be there 6:30pm sharp. I came in like 5 minutes late and already missed a bunch of slides.

Some summary items:
* HMAC is used to tamper proof URLs.
* Don't use PEAR Crypt_HMAC it's bad/buggy.
* PHP5.1.2 has new "hash" extension that has hash_hmac() function written in C. For older versions they claim you can grab and compile extension from PECL.
* To use HMAC you need to pass at least 2 parameters in your URL: your message (or normal parameter) and then the hmac verification code. If you passing in >1 parameter then you need to HMAC ALL of the parameters.
* I was really curious about single sign-on stuff which I guess could be a topic for the next meeting.

I am really starting to enjoy these little get togethers. It's also a great way to meet people in the community. Looking towards the other meetings.

Update: The slides have been posted by the presenter here: http://modp.com/slides/securestring/

P.S.  There's a tech party coming up in like two weeks.

Gena01
« Last Edit: December 18, 2007, 09:01:01 pm by Gena01 » Logged
Tags: NyPHP PHP 
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines | Sitemap Valid XHTML 1.0! Valid CSS!