[nycphp-talk] session variables: seven deadly sins
Adrian Noland
anoland at yahoo.com
Thu Dec 28 11:09:14 EST 2006
Paul,
I just signed up on this list and I'm really enjoying your discourse.
> When I develop my own applications, I use cookies for
> personalization and caching. I use the authentication system described in
>
> http://cookies.lcs.mit.edu/pubs/webauth:sec10-slides.ps.gz
>
> this mechanism can carry a "session id", which in turn can be used
> a key against application state stored in a relational database.
In regards to slides 29 and 30, can you elaborate and give a more detailed
example what they are trying to say? Are they saying that the session key
should contain a hash of the data? Or does the hash become the "salt" in
crypting the data? Finally, how does doing that make it easier to prevent
circumvention and forgeability.
Thank you.
--
Overheard at work: "The way is was implemented here is not the same way as it was implemented at places it works"
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the talk
mailing list