So yesterday was my first time attending NYPHP group meeting in the IBM building. They were not kidding when they said that people should be there 6:30pm sharp. I came in like 5 minutes late and already missed a bunch of slides.
Some summary items:
* HMAC is used to tamper proof URLs.
* Don't use PEAR Crypt_HMAC it's bad/buggy.
* PHP5.1.2 has new "hash" extension that has hash_hmac() function written in C. For older versions they claim you can grab and compile extension from PECL.
* To use HMAC you need to pass at least 2 parameters in your URL: your message (or normal parameter) and then the hmac verification code. If you passing in >1 parameter then you need to HMAC ALL of the parameters.
* I was really curious about single sign-on stuff which I guess could be a topic for the next meeting.
I am really starting to enjoy these little get togethers. It's also a great way to meet people in the community. Looking towards the other meetings.
Update: The slides have been posted by the presenter here:
http://modp.com/slides/securestring/P.S. There's a tech party coming up in like two weeks.
Gena01
![[Gena01 Logo]](/images/gena01_logo1.gif){kind=logo}
Author
