Cash reward for a secure PHP page!
Rodolfo J. Paiz
rpaiz at simpaticus.com
Sun Nov 7 05:59:37 UTC 2004
On Sat, 2004-11-06 at 21:38 -0500, Alan Cox wrote:
> There are a whole pile of session manager libraries for PHP floating around
> and some of them don't suck 8)
>
Just not acquainted with them, and my métier is servers and networks
(i.e. infrastructure) not content so my learning is going slowly.
> The linux.org.uk portaloo does the following
>
> state = [array of things we need to remember] + timestamp
> md5sum (state, secret)
> cookie = md5result + state
>
> that gives you rather hard to fake browser kept state very easily
>
Alan, thanks for the feedback and the comments. Would you mind going
into a little more 1-2-3 detail here? I can understand the *concept* of
what you are saying, but am utterly helpless to move forward with it
given my current level of knowledge.
I've been wanting to do this for *months* and simply don't have anywhere
near the skillset required, which is why I decided to outsource it or
get help with it.
Any comments welcome... but please, do take into account that as far as
PHP and friends go I am still at Level 1.
Thanks!
--
Rodolfo J. Paiz <rpaiz at simpaticus.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20041106/9223a7da/attachment.sig>
More information about the fedora-test-list
mailing list